Topic: A solution to ClamAV consuming too much memory
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Debian 8.7 Jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
My other thread about ClamAV using too much memory (and bringing important parts of iRedMail down, like amavis) got closed, but I think I found a good, practical solution to the problem without increasing the server's memory, which I'd like to add here for anyone who's in the same situation as me. Please comment if I'm getting something wrong.
ClamAV can run as a daemon, which constantly needs about 500MB of RAM, but it can also run on-demand, via a command called clamscan. This is, by default, configured as a backup scanner in case the ClamAV daemon fails.
clamscan will, of course, also need about the same amount of memory, but not constantly, only when an email arrives. Also, reading from disk is much slower than from memory, but in the case that you only receive emails infrequently, clamscan means you only load the virus definitions in memory when needed, and the rest of the time that memory is free.
I wouldn't recommend this for servers that receive a lot of incoming email traffic. In that case, increasing memory is the only way to go.
This is how one uses clamscan as their primary virus scanner.
1. In /etc/amavis/conf.d/50-user, find the following:
@av_scanners = (
#### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);2. Comment out the ClamAV-clamd block, and copy the ClamAV-clamscan block from @av_scanners_backup into @av_scanners, like this:
@av_scanners = (
#### http://www.clamav.net/
#['ClamAV-clamd',
#\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
#qr/\bOK$/, qr/\bFOUND$/,
#qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);3. Restart amavis like this:
service amavis restart----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
