rowebca
Verified User
Everything is Ok.
Regards,
George B.
Regards,
George B.
Last edited:
Solved Clamd (ClamAV) high load !!!
- Thread starter rowebca
- Start date
Max Kelada
Verified User
Maybe you can share the solution? I have the same problem
rowebca
Verified User
I didn't finish really testing why, but to be honest I tested everything with cPanel and there is no issues with clamAV. I am installing and testing other ways to control this, just to tell you that I am using a VPS (2 cores / 4 GB memory), I have one 4 accounts (only one is active) and on DA every morning server is overloading (is down from my checking points outside of the network where my VPS is). I installed so many servers both DA and cPanel and lately this year I am facing this, clamd is loading complete database of virus definitions into memory (this is the reason why clamd is so fast and require at least 1GB memory), and I didn't find any way to control this is server is not over 4GB memory. Any limitation (memory, cpu) will kill it (service will automatically restart) creating another loop to overload the server. I am still looking (I have more way to try to control this) and I'll post my results here). I read documentation, solutions but still not find yet something that will really control this.
Clamd will loading the new database first and then drop the old one. This concurrent database reload will allow scanning files while loading the new database. The drawback is that clamd requires twice memory as during normal operations making clamd process to overload the server, if there is no restriction or with restriction to crazy restart clamd.service.
Hope this will help you.
Regards,
George B.
Clamd will loading the new database first and then drop the old one. This concurrent database reload will allow scanning files while loading the new database. The drawback is that clamd requires twice memory as during normal operations making clamd process to overload the server, if there is no restriction or with restriction to crazy restart clamd.service.
Hope this will help you.
Regards,
George B.
This link will help you to fix the problem:
Fix high server load and memory/cpu consumption of clamd ( ClamAV ) » www.geekytuts.net
When executing top command, clamd was always top on the list. As I researched, there is no way you can limit ClamAV's memory and CPU consumption via its configuration itself. This is how you do it.
www.geekytuts.net
rowebca
Verified User
No. Is not working, is restricting and after the system will restart clamd and will spike again the server. I already test that information from that page, before to post here.
Regards,
George B.
ikkeben
Verified User
Can't help
But did read somewhere that clamd virusscan mails could be problem more and more memmory is used for programms so maybe the 4GB not enough?
Do you use on that clamd mail virusscans?
rowebca
Verified User
I am using clamd for all, mail and scanning files. There is only one active account (I mean with files and databases), should be any issues.
I ran it on cPanel and I had no issues (I want to use DA not Cpanel) and I ran it before with directAdmin (4GB memory) had no issues before.
I am testing right now another approach and I post here the results.
Regards,
George B.
I ran it on cPanel and I had no issues (I want to use DA not Cpanel) and I ran it before with directAdmin (4GB memory) had no issues before.
I am testing right now another approach and I post here the results.
Regards,
George B.
ikkeben
Verified User
Ok we to before but with only 4GB we don't do it with scanning mail now anymore it did raise through time , other panel. we where warned there , and don't need for mail on those server , anyway for mail it is hmm but i am no experienced admin. Here we do mailscan virus on local mailservers , and ofcourse even the clients, so makes those less mem server (4-5GB) a lot faster.
Depends also ofcourse on the rest the server has todo.
|
Started with enough was 3GB , now is 4GB a kind of minimum for lot, i guess that is even if you do clamav on mail and have also WP sites to low.
Also there is with the latest Apache .52 or so a problem look here in forum , not that you are on the false track for the overload. If your problem started after that apache update look here https://forum.directadmin.com/threa...after-pass-few-hours.64559/page-2#post-340475
Do you test CP and DA same OS and same hardware and hoster/ network , same config / settings and and?
I hope you find a solution that fits.
Happy Christmas ?
Last edited:
rowebca
Verified User
Hi,
So, after days of testing how to control clamd to not overload server I found my solution. My server went down every morning and I founded that was affected by the fact that during a database reload clamd will load the new database (freshclam) first and then drop the old one. This database reloading strategy allows to keep scanning files while loading the new database, and clamd at this time requires twice or more much memory as during normal scanning/operations. So I have changed << ConcurrentDatabaseReload >> to << no> in << /etc/clamd.conf >> and after that I had no issues.
Maybe somebody will use this to avoid server to go down.
Regards,
George B.
So, after days of testing how to control clamd to not overload server I found my solution. My server went down every morning and I founded that was affected by the fact that during a database reload clamd will load the new database (freshclam) first and then drop the old one. This database reloading strategy allows to keep scanning files while loading the new database, and clamd at this time requires twice or more much memory as during normal scanning/operations. So I have changed << ConcurrentDatabaseReload >> to << no> in << /etc/clamd.conf >> and after that I had no issues.
Maybe somebody will use this to avoid server to go down.
Regards,
George B.
Last edited:
Richard G
Verified User
Out of curiosity, how did you install Clamav? I have clamav=yes and clamav_exim=yes in my options.conf but I let my system being scanned by Maldetect, which makes use of Clamav.
However, I don't have this line in either clamd.conf nore freshclam.conf and my clamd.conf is in /etc/ not in the /etc/clamav/ directory which makes me think you did not install it via custombuild or are you using a distro other than Centos maybe?
Did you add that "ConcurrentDatabaseReload" manually at any time?
rowebca
Verified User
I installed via custombuild (hate this way), and yes I added after manually in /etc/clamd.conf, I just see it that I wrote the wrong pattern
. And after I did that I had no issues.Regards,
George B.
Richard G
Verified User
Please don't quote full posts. we know what we have written and keeps things a bit more clear.
Oke if you added that setting it's fine. Since you wrote you changed it, I thought for some reason it might be present in there by default and I've missed some update.
Thanks.
I don't mean the custombuild script, just custombuild. I don't know why you hate that way, works great.
Oke if you added that setting it's fine. Since you wrote you changed it, I thought for some reason it might be present in there by default and I've missed some update.
Thanks.
rowebca
Verified User
Yes, the option is there but the default is YES.Please don't quote full posts. we know what we have written and keeps things a bit more clear.
I don't mean the custombuild script, just custombuild. I don't know why you hate that way, works great.
Oke if you added that setting it's fine. Since you wrote you changed it, I thought for some reason it might be present in there by default and I've missed some update.
Thanks.
Regards,
George B.
Richard G
Verified User
Lol you said you added it. But darn that's odd. I even searched for concur and reload and found nothing.
Now on the other servers this is present, so on 1 server the clamd.conf was not updated.
So good that we spoke here, so this way I discovered I got an older clamd.conf on one server.
Otherwise I will just rsync the one from the other server.
Edit: I just copied the sample and doublechecked everything is fine and the same now on all servers.
Last edited: