Hi there, On Tue, 24 Sep 2019, Tim Stubbs wrote:
I am running clamd with OnAccess enabled, however its causing the load on the systems to make them almost unusable within about 24hours.
This may be true, but I'd want to know that the suspicion is justified (and front and centre I personally think scanning most Linux boxes with ClamAV is a waste of CPU).
as you can see sys is at 98% ...
No, I see CPU 27% idle and three clamd processes doing nothing. But I do see a load average of around seven. On my dual CPU 2.7GHz Opterons I routinely see an average of that sort of figure when they do backups for a bunch of other machines, and Nagios will whine about it when it gets over 8, but I don't usually worry about it until it gets into the double digits.
it seem clamd is stopping other applications from processing somehow. cannot find anything in the logs. not sure what debugging would be helpful? any advice would be helpful here?
My immediate reaction is - if the suspicion is found to be justified - that you should try to reduce, initially to a bare minimum, the amount of work which you're asking the machine to do.
OnAccessIncludePath = "/home", "/root", "/etc", "/sftp", "/boot", \ "/opt", "/media", "/mnt"
For example you could remove most of the directories from this list to see if it helps. There are other things you might try, like limiting the number of threads. But again, I don't see anything in your 'top' output which tells me that clamd is heavily loading your machine. What kinds of threats do you care about? If for example you're not expecting your Linux boxes to be attacked by Windows malware you could reduce the size of the ClamAV databases very significantly which might improve scanning performance. ClamaV version 0.102 has just been released as a candidate for testing and I've been running it for some time before the RC was released. It contains some significant improvements for on-access scanning and, if you do intend to persevere with on-access scanning, I'd recommend that you install the latest version from the source. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
