Hi,

 

We observed performance issues using clamd docker image (https://hub.docker.com/r/mkodockx/docker-clamav/dockerfile) for virus scanning.

 

Our application and clamd (side car deployment) resides on the same pod. The application sends .zip files (200 KB - 300 KB) to clamd over tcp to scan using INSTREAM command. The client library that is used is https://github.com/cdarras/clamav-client library. The .zip file usually contains multiple xml files and txt files.

 

We were able to achieve around 4 request per second with 10 vcpu limit for clamd docker image.

 

By turning off ScanArchive (false) , the request per second increases to 25. When the scanarchive is true, there are too many requests waiting in the queue (QUEUEDSINCE) , as observed in clamdtop. But it doesn’t detect the virus file inside the zip. Is it possible to detect virus inside the zip with ScanArchive turned off?

 

Attached is the strace, clamd.conf, pidstat, iostat, htop data during performance testing.

We are suspecting some issues while writing to the temp directory and scanning the individual files inside the zip file. We are not able to root cause the same.

 

Please let me know your thoughts. Your help is highly appreciated.

 

Thanks

Zayan