[clamav-users] clamd RAM issue?

[G.W. Haywood]

Hi there,

On Sun, 31 Oct 2021, Mark G Thomas wrote:

> I'm running sendmail+mimedefang+clamav on a bunch of MX servers.
> This morning over a period of several hours each of my instances
> appear to have caused clamd to consume all RAM and swap. Normally
> swap is empty and 10GB of the 16GB per host is free. This happened
> immediately following db updates, but hours apart, and all the
> systems have matching db updates centrally distributed here ...

We find it less trouble to run a single clamd server which the mail
servers use via the network.  We also run Sendmail, but we don't use
MIMEDefang any more - the MTAs talk to the clamd server via a milter.
The server is more or less dedicated to clamd, and if it does go OOM
there's less colateral damage.  It generally uses around 2G of RAM and
almost no swap.  It's been that way for at least a year (the RAM, swap
and a bunch of other stuff are graphed using Nagios which sends email
alerts if things get dicey).  I really recommend it.  In a case like
this you'd probably be able to see to within a few minutes the times
when the memory usage started to climb and that might help to identify
the culprit.

> I suspect some e-mail message payload was the commonality.

Seems plausible.  Do you have any idea what that might have been?

> Has anyone else had similar experiences recently?

Nothing to report here I'm afraid, but I'll be very interested if you
can provide a sample message which demonstrates the issue.  Which was
the update you mentioned?  We saw daily bumped to 26338 yesterday at
about 15:06 BST and to 26339 at about 14:07 GMT today.  Of course it's
just a coincidence that the clocks changed this morning.  Or is it?

-- 

73,
Ged.