[clamav-users] About clamav's requirements for system resources

Graeme Fowler G.E.Fowler at lboro.ac.uk
Mon Nov 5 17:12:00 UTC 2018


Not milter, but Exim calls ClamAV using the SCAN command when using a UNIX socket, or zINSTREAM for TCP sockets.

I've got 3 'clusters' (loosely coupled groups, more accurately) VMs of differing roles with slightly differing setups here at Loughborough Uni.


  *   CentOS 6 MX servers with a small number of custom sig files - consuming around 2GB RAM per clamd instance, scanning around 25-100k messages each per day. ClamAV MaxThreads set to greater than the max permitted number of inbound simultaneous SMTP connections, with a short pending queue.



  *   CentOS 7 MX servers with stock ClamAV sigs - consuming around 1.5GB RAM per clamd instance, scanning around 15-75k messages each per day. ClamAV MaxThreads set to greater than the max permitted number of inbound connections with a small, but a short pending queue.


  *   CentOS 6 MTA (outbound) servers with stock ClamAV sigs - consuming around 2GB RAM per clamd instance, scanning around 25-100k messages each per day. ClamAV MaxThreads set to less than the max permitted number of inbound simultaneous SMTP connections, with a long pending queue where (pending + active) = max inbound SMTP connections.

Each of these groups are the same in 'hardware' terms - 4 cores, 8GB RAM. They normally don't break a sweat.

From memory, we had a single instance in the last 12 months where the kernel OOM killer was invoked and killed off clamd after an external 3rd party attempted to exploit a web form on one of our websites; the form sent several hundred thousand messages via one of the MTA servers which got a touch upset. We never did work out why.

Is that helpful in any way?

Graeme



From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of "Micah Snyder (micasnyd)" <micasnyd at cisco.com>
Reply-To: ClamAV users ML <clamav-users at lists.clamav.net>
Date: Monday, 5 November 2018 at 15:14
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] About clamav's requirements for system resources

At this time, we don't have recommendations for those using clamav-milter in conjunction with a mail server under any amount of load.  I'd be interested to hear from the community what your experience has been with real-world milter applications.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181105/5041fc15/attachment.htm>


More information about the clamav-users mailing list