Hi there, On Fri, 8 Jul 2022, Asier Gomez via clamav-users wrote:
We are trying to run Clamav in some instances what not more than 1Gb of free memory, so when Clamscan runs the scan, the instance dies.
This is to be expected. You really should read the documentation. See "Recommended System Requirements" at https://docs.clamav.net/Introduction.html and also try searching this mailing list for 'memory' and/or 'RAM' for example. Expect that the 'official' signature database alone will use more than 1GByte continuously. If you use third-party databases (or if you add signatures yourself) expect memory usage to increase still further. Additionally, in the configuration installed by default, if you use clamd it will briefly ('briefly' depends on the performance of your system) after a database update use twice as much memory while it tests and reloads the signature database.
Is anyway to configure Clamascan to use less resources?
There is no 'Clamascan'. It's 'clamscan' or 'clamdscan'. You *might* be able to use a signature database with fewer signatures, but you'd really need to know what you were doing and I would not recommend that to someone who's asking the questions that you're asking.
Or is anyway to run Clamav in a centralized server to check the rest of the instances from the central server?
Yes, that's the sort of thing here. See the documentation, e.g. try man clamd which explains that you can tell clamd on a server to listen on a TCP port for connections from clients. Be aware that if you do that, you likely need to heed the warning in the documentation about making sure that the whole world can't connect to your clamd server. See also man clamdscan which explains how to configure a client scanner. It isn't absolutely necessary to use clamdscan, for example here we use a client which I wrote in Perl. Similar things exist elsewhere, but to begin with at least I recommend that you use the official client until you're very familiar with the way it all works, and you're clear about how you want to use it. I can't offer any advice about the various unofficial scanning clients, I've never used any except my own.
Checking the following blog: https://www.libellux.com/clamav/, we
Because random blogs and tutorials on the Internet have a habit of being years out of date (if not just plain wrong in the first place) in general I would advise that you keep to the official guidance at https://docs.clamav.net/ AFTER reading it, and the various 'man' pages about the tools which you will be using, post here for clarification and advice if needed.
found that it is a way to have the clamav database only in a central server and the clients just read the database from this central server.
It doesn't work that way, it's the other way around. The clients do not read the database from the server. The clients send the data to be scanned to the server and then read the server's response.
Should this help for clamscan in the clients' instances to use less resources?
No, the clamscan tool does not work that way; it will load the entire signature database into local memory. Use clamdscan instead, which is a small utility designed to read the scanned data and pass it to clamd on the server. Please feel free to get back to us when you've done some more reading and hopefully some experimentation. When you do, please tell us more about what you're trying to achieve. "I want to scan things" does not tell us what we need to know. Some background about what you're doing and why can be very important. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
