Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database

Mon, 17 Jun 2024 23:38:11 -0700 

On Tue, 18 Jun 2024, Mikhail Soumar via clamav-users wrote:


We are a team from Microsoft Azure running ClamAV on small Linux
VMs, and due to business and cost reasons we cannot use larger
VMs. Peak memory usage of ClamAV is between 1.2GB and 1.5GB, which
is unsustainable on our VMs, and we are looking for ways to reduce
this. There are some tips to reduce memory usage in the Docker
section of the documentation (Docker - ClamAV
Documentation<https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements>)
although if I understand correctly the 1.2GB load is unavoidable
even with the suggestions listed on this page.

We have been told that one possibility is to remove all virus
signatures that are Windows-specific, which would reduce the memory
footprint to about 300 MB. Elsewhere on the ClamAV FAQ I see a few
different ways to add signatures to the database but none about
taking a subset. Would this be something you support or recommend
for our use case? If not, are there alternatives we can consider to
reduce the memory footprint of ClamAV well below 1.2GB?


ClamAV has never caught a Linux virus for me, so I don't know whether
it makes sense to run ClamAV without the Windows data.
Do you have the resources to curate a custom database,
bearing in mind that the standard dbs are updated daily ?
(freshclam and cvdupdate do work with the cdiff incremental updates,
so at least you would not have to remove the same signatures from the
database every day.)

I don't know how viable this is, but you do not have to run the ClamAV
daemon on every VM; you can use a remote daemon and pass files to be
scanned with clamdscan. This would also save you more than 10 seconds
at startup.

How much memory does Microsoft Defender use on Linux ?

--
Andrew C. Aitchison                      Kendal, UK
                   and...@aitchison.me.uk
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Reply via email to