Re: [clamav-users] About clamav's requirements for system resources

[Micah Snyder (micasnyd)]

Thanks Graeme,

That is helpful.  I'm definitely not familiar with how to use Exim with ClamAV. 
 I had been hoping to set up a page on how to integrate ClamAV with other 
applications.  Putting details from this at the top of a guide for Exim would 
be useful.  If you have the time to do a short write-up on the setup for Exim 
that'd be pretty sweet.

The same applies to anyone else using ClamAV with other applications.  We'd 
really love your help documenting how to get new users started.

-Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Nov 5, 2018, at 12:12 PM, Graeme Fowler 
mailto:g.e.fow...@lboro.ac.uk>> wrote:

Not milter, but Exim calls ClamAV using the SCAN command when using a UNIX 
socket, or zINSTREAM for TCP sockets.

I've got 3 'clusters' (loosely coupled groups, more accurately) VMs of 
differing roles with slightly differing setups here at Loughborough Uni.


  *   CentOS 6 MX servers with a small number of custom sig files - consuming 
around 2GB RAM per clamd instance, scanning around 25-100k messages each per 
day. ClamAV MaxThreads set to greater than the max permitted number of inbound 
simultaneous SMTP connections, with a short pending queue.



  *   CentOS 7 MX servers with stock ClamAV sigs - consuming around 1.5GB RAM 
per clamd instance, scanning around 15-75k messages each per day. ClamAV 
MaxThreads set to greater than the max permitted number of inbound connections 
with a small, but a short pending queue.



  *   CentOS 6 MTA (outbound) servers with stock ClamAV sigs - consuming around 
2GB RAM per clamd instance, scanning around 25-100k messages each per day. 
ClamAV MaxThreads set to less than the max permitted number of inbound 
simultaneous SMTP connections, with a long pending queue where (pending + 
active) = max inbound SMTP connections.


Each of these groups are the same in 'hardware' terms - 4 cores, 8GB RAM. They 
normally don't break a sweat.

>From memory, we had a single instance in the last 12 months where the kernel 
>OOM killer was invoked and killed off clamd after an external 3rd party 
>attempted to exploit a web form on one of our websites; the form sent several 
>hundred thousand messages via one of the MTA servers which got a touch upset. 
>We never did work out why.

Is that helpful in any way?

Graeme



From: clamav-users 
mailto:clamav-users-boun...@lists.clamav.net>>
 on behalf of "Micah Snyder (micasnyd)" 
mailto:micas...@cisco.com>>
Reply-To: ClamAV users ML 
mailto:clamav-users@lists.clamav.net>>
Date: Monday, 5 November 2018 at 15:14
To: ClamAV users ML 
mailto:clamav-users@lists.clamav.net>>
Subject: Re: [clamav-users] About clamav's requirements for system resources

At this time, we don't have recommendations for those using clamav-milter in 
conjunction with a mail server under any amount of load.  I'd be interested to 
hear from the community what your experience has been with real-world milter 
applications.


___
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] About clamav's requirements for system resources

[Graeme Fowler]

Not milter, but Exim calls ClamAV using the SCAN command when using a UNIX 
socket, or zINSTREAM for TCP sockets.

I've got 3 'clusters' (loosely coupled groups, more accurately) VMs of 
differing roles with slightly differing setups here at Loughborough Uni.


  *   CentOS 6 MX servers with a small number of custom sig files - consuming 
around 2GB RAM per clamd instance, scanning around 25-100k messages each per 
day. ClamAV MaxThreads set to greater than the max permitted number of inbound 
simultaneous SMTP connections, with a short pending queue.



  *   CentOS 7 MX servers with stock ClamAV sigs - consuming around 1.5GB RAM 
per clamd instance, scanning around 15-75k messages each per day. ClamAV 
MaxThreads set to greater than the max permitted number of inbound connections 
with a small, but a short pending queue.


  *   CentOS 6 MTA (outbound) servers with stock ClamAV sigs - consuming around 
2GB RAM per clamd instance, scanning around 25-100k messages each per day. 
ClamAV MaxThreads set to less than the max permitted number of inbound 
simultaneous SMTP connections, with a long pending queue where (pending + 
active) = max inbound SMTP connections.

Each of these groups are the same in 'hardware' terms - 4 cores, 8GB RAM. They 
normally don't break a sweat.

From memory, we had a single instance in the last 12 months where the kernel 
OOM killer was invoked and killed off clamd after an external 3rd party 
attempted to exploit a web form on one of our websites; the form sent several 
hundred thousand messages via one of the MTA servers which got a touch upset. 
We never did work out why.

Is that helpful in any way?

Graeme



From: clamav-users  on behalf of "Micah 
Snyder (micasnyd)" 
Reply-To: ClamAV users ML 
Date: Monday, 5 November 2018 at 15:14
To: ClamAV users ML 
Subject: Re: [clamav-users] About clamav's requirements for system resources

At this time, we don't have recommendations for those using clamav-milter in 
conjunction with a mail server under any amount of load.  I'd be interested to 
hear from the community what your experience has been with real-world milter 
applications.


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] About clamav's requirements for system resources

[Micah Snyder (micasnyd)]

Our QA engineer Joe did some testing a couple of months ago to come up with 
some basic minimum system requirements for ClamAV.  He passed these along to 
the thread author already in a private message, but I wanted to share these 
here as well.

The following minimum recommended system requirements are for using `clamscan` 
or `clamd` and `clamdscan` binaries with the standard ClamAV signature database 
provided by Cisco.

Minimum recommended RAM:

- FreeBSD and Linux server edition: 1 GiB+
- Linux non-server edition: 2 GiB+
- Windows 7 & 10 32-bit: 2 GiB+
- Windows 7 & 10 64-bit: 3 GiB+
- macOS: 3 GiB+

Minimum recommended CPU:

- FreeBSD and Linux systems: 1 CPU 2.0 Ghz+
- Windows 7 & 10: 1 CPU 2.0 Ghz+
- OSX: 2 CPUs at 2.0 Ghz+

Minimum available hard disk space required:

For the ClamAV application we recommend having 5 GB of free space available. 
This recommendation is in addition to the recommended disk space for each OS.

_Please note_: The tests to determine these minimum requirements were performed 
on systems that were not running other applications. If other applications are 
being run on the system, additional resources will be required in addition to 
our recommended minimums.

We'll add the above recommendations to the documentation before 0.101 release.

At this time, we don't have recommendations for those using clamav-milter in 
conjunction with a mail server under any amount of load.  I'd be interested to 
hear from the community what your experience has been with real-world milter 
applications.

If you have any additional recommendations you think we should add to the user 
manual - we would like to hear from you.

Cheers,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Nov 5, 2018, at 8:38 AM, Vladislav Kurz 
mailto:vladislav.k...@webstep.net>> wrote:

On 11/3/18 5:23 PM, Matus UHLAR - fantomas wrote:
zhuangxiaohui wrote:
I have some servers(Centos6/7). Most of them have 1GB memory, 600M
available.
But also servers with low memory. For example 512M memory, 200M
available.
When I install the "clamav" on server which have 600M available
memory and
start the "clamd" service,
I find that clamd's resident memory is about 500M. But on servers
that have
only 200M of available memory,
the resident memory is about 100M. So I doubt if clamd will work
properly on
these servers, although both
scan and database's updates are normally.

Would you please tell me the lowest clamav's requirements for system
resources especially the memory?
I've searched on your website but got nothing about this :(

On 02.11.18 15:43, Kris Deugau wrote:
I wouldn't run ClamAV with stock signatures on anything less than 1G,
and I wouldn't run much else on that machine.  If you're running a
very light workload with a dedicated machine, you might get away with
512M.

I run clamav with 3rd party signatures from Debian package
clamav-unofficial-sigs everywhere.  In this case, clamav eats nearly 1G of
RAM.

I can't tell you how much of it eats clamav without those signatures, but I
wouldn't run clamav on machines with less than 1GB either.


The unofficial signatures do not eat much extra memory. I think it is
not more than 10% extra, virtually for free. I agree that 1 GB is
minimum, and as you would most probably have a mail server as well, I
recommend 2 GB.

--
Best regards
   Vladislav Kurz

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] About clamav's requirements for system resources

[Vladislav Kurz]

On 11/3/18 5:23 PM, Matus UHLAR - fantomas wrote:
>> zhuangxiaohui wrote:
>>> I have some servers(Centos6/7). Most of them have 1GB memory, 600M
>>> available.
>>> But also servers with low memory. For example 512M memory, 200M
>>> available.
>>> When I install the "clamav" on server which have 600M available
>>> memory and
>>> start the "clamd" service,
>>> I find that clamd's resident memory is about 500M. But on servers
>>> that have
>>> only 200M of available memory,
>>> the resident memory is about 100M. So I doubt if clamd will work
>>> properly on
>>> these servers, although both
>>> scan and database's updates are normally.
>>>
>>> Would you please tell me the lowest clamav's requirements for system
>>> resources especially the memory?
>>> I've searched on your website but got nothing about this :(
> 
> On 02.11.18 15:43, Kris Deugau wrote:
>> I wouldn't run ClamAV with stock signatures on anything less than 1G,
>> and I wouldn't run much else on that machine.  If you're running a
>> very light workload with a dedicated machine, you might get away with
>> 512M.
> 
> I run clamav with 3rd party signatures from Debian package
> clamav-unofficial-sigs everywhere.  In this case, clamav eats nearly 1G of
> RAM.
> 
> I can't tell you how much of it eats clamav without those signatures, but I
> wouldn't run clamav on machines with less than 1GB either.
> 

The unofficial signatures do not eat much extra memory. I think it is
not more than 10% extra, virtually for free. I agree that 1 GB is
minimum, and as you would most probably have a mail server as well, I
recommend 2 GB.

-- 
Best regards
Vladislav Kurz

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] About clamav's requirements for system resources

[Matus UHLAR - fantomas]

zhuangxiaohui wrote:

I have some servers(Centos6/7). Most of them have 1GB memory, 600M
available.
But also servers with low memory. For example 512M memory, 200M available.
When I install the "clamav" on server which have 600M available memory and
start the "clamd" service,
I find that clamd's resident memory is about 500M. But on servers that have
only 200M of available memory,
the resident memory is about 100M. So I doubt if clamd will work properly on
these servers, although both
scan and database's updates are normally.

Would you please tell me the lowest clamav's requirements for system
resources especially the memory?
I've searched on your website but got nothing about this :(


On 02.11.18 15:43, Kris Deugau wrote:
I wouldn't run ClamAV with stock signatures on anything less than 1G, 
and I wouldn't run much else on that machine.  If you're running a 
very light workload with a dedicated machine, you might get away with 
512M.


I run clamav with 3rd party signatures from Debian package
clamav-unofficial-sigs everywhere.  In this case, clamav eats nearly 1G of
RAM.

I can't tell you how much of it eats clamav without those signatures, but I
wouldn't run clamav on machines with less than 1GB either.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe. 
___

clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] About clamav's requirements for system resources

[Kris Deugau]

zhuangxiaohui wrote:

Dear guys,

Thanks to your team for providing us a such wonderful anti-virus soft.

But, I got some problems there.

I have some servers(Centos6/7). Most of them have 1GB memory, 600M
available.
But also servers with low memory. For example 512M memory, 200M available.
When I install the "clamav" on server which have 600M available memory and
start the "clamd" service,
I find that clamd's resident memory is about 500M. But on servers that have
only 200M of available memory,
the resident memory is about 100M. So I doubt if clamd will work properly on
these servers, although both
scan and database's updates are normally.

Would you please tell me the lowest clamav's requirements for system
resources especially the memory?
I've searched on your website but got nothing about this :(


I wouldn't run ClamAV with stock signatures on anything less than 1G, 
and I wouldn't run much else on that machine.  If you're running a very 
light workload with a dedicated machine, you might get away with 512M.


The total file size for the stock signatures totals about 450M between 
daily.cld and main.cld (the other files are under 1M), so you'd need at 
least that just to load the signatures.


My lightly-loaded personal server with just stock signatures looks to be 
using about 590M for clamd, and the much more active machines at work, 
with a couple hundred extra local signatures, look to be using about 
700M each.


I've recently been working with a legacy system that has multiple nodes, 
most with 1G of RAM, and they're running quite a few other things 
besides Clam.  Before moving a chunk of mail flow off these machines, 
they were regularly hitting swap, causing performance to drop pretty badly.


-kgd
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml