I have a personal mail server at home too. It runs clamav with the base
sigs and spamassassin. It is a small atom-based server and takes about
1 minute to reload the base sigs. I've never noticed any problems
related to the reload time. In fact, I wasn't even aware that it was
taking that long until I looked at it today. So low-end servers are not
completely useless, you just can't load them down with all the 3rd-party
sigs.
Bowie
On 7/8/2015 12:44 PM, Jingo Administrator wrote:
Thanks for the suggestion, I probably will. In the meantime responses of
people made me clear two things :
1. My system is too low budget to have an acceptable time period in
which clamav is unresponsive. My mail server is for personal use, it is
just a home server with a few mail accounts. But does that mean that in
such a setting one can't make use of clamav?
2. There are ways to have the processes/services that rely on clamav
implement a tempfail during the time clamav is unresponsive, as a way to
"deal" with this fact. I'll dive into that first.
Thanks anyway for helping me and pointing me into the right direction.
Wouter
On 07/08/2015 06:26 PM, Dennis Peterson wrote:
You've redefined the real problem multiple times. Pick one and stay
with it.
To properly diagnose *your* system it would be very helpful to see a
SAR report for CPU/Swap/Paging/Cache/Memory activity/IOWait before,
during, and after a signature refresh.
Running sar -A will provide coarse information to the resolution of
your sar crontab entries, but you can run it manually to capture an
event of interest.
Also helpful would be a clamconf report, and the ls -l output for your
signatures directory. Also helpful is the output of lsof, ps -elLf,
and vmstat while a signature refresh is active.
That is a lot of data to post to a list, so better is to park it on a
web page or dropbox. Take care not to expose passwords.
My mailers are instructed to tempfail if ClamD is unresponsive which
causes most sending systems to retry on alternate server. The entire
messaging world expects you will have one, too, else you will be seen
as a burden.
dp
On 7/8/15 9:09 AM, Jingo Administrator wrote:
Well, I agree my hardware isn't rather stunning and doesn't help to
(dramatically) reduce the time it takes for clamav to reload the
database. I will draw my conclusion and start to drop the 3rd party
sigs. But no matter how much I can narrow down the problem of the reload
time, and now I come back to my original point, on every system there
will be a (short) period of time that clamav isn't responsive and
therefor causes problems to other services making use of the clamav
service. Imho that's the real problem.
On 07/08/2015 05:54 PM, Dennis Peterson wrote:
On 7/8/15 8:11 AM, Jingo Administrator wrote:
Scanning is not the bottleneck, reloading
the database is.
Because you're wrong about this you cannot correct the real problem.
The bottleneck is the platform. Nothing else.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--- e-mail sent by Private Lotus using Exim ---
------------ virus scan by ClamAV -------------
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--- e-mail sent by Private Lotus using Exim ---
------------ virus scan by ClamAV -------------
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
