On 8/14/2013 7:58 AM, G.W. Haywood wrote:
Hi there,
On Wed, 14 Aug 2013, Vincent Fox wrote:
Re: clamd taking too long to restart?
Previously I was using a short list of signatures and startup time of 30
seconds which was acceptable. Well it didn't get noticed much.
However recently I added a kitchen sink of extra databases like
winnow etc.
Now startup time is 2.5 minutes, which becomes noticeable.
The kitchen sink of databases is very useful, I see more trash being
caught by them than I see viruses being caught by main and daily.
Actually the vast bulk of the problem seems to come from bofhland
Cracked URL.
Removing that database on my SMTP servers, cut restart time to 34 seconds.
Any way to ameliorate this?
Are you using separate processes on each VM? If so you might want to
consider using only one of them to run a clamd daemon, and have the
others contact it for the service. You could conceivably arrange the
clamd daemon to be able to run on any one of the VMs, and then one of
them could be providing the service while another was restarted when
necessary. When the newly started clamd is ready, switching from one
network connection to another will be very quick.
You could instead do something similar, but set up another two VMs to
provide the clamd service. Then you could stop the whole VM when it
isn't being used to provide the clamd service, saving resources. The
VMs which provide clamd could be stripped down so that they're small
and use minimal resources. I would guess that 200M-300M of RAM and a
gigabyte of disc space would be plenty for one of the VMs, all it will
ever really do is run a few regex matches.
Hmmm yes.
We originally had a pool of mail routers, talking to a pool of ClamAV
machines.
Hardware load balancer made things resilient.
However for simplicity of management we collapsed things down so each mail
router talked to it's localhost copy of ClamAV. It also allows
differentiation, you can
easily have differing ClamAV databases for MX, SMTP, MSA hosts. I see
now how this
led to this particular problem, as the moment sendmail can't contact
it's one&only
ClamAV it starts throwing errors. Stupid of me to overlook this
deficiency before.
With LDAP clients I can define a failover list on a host, so if it can't
contact it's
primary server it goes to next one. Perhaps something like that here?
Thanks for pointing this out.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
