Clamav suggestions

[Arto]

Richard Frovarp wrote:
> Fabio Pedretti wrote:
>>
>> 3) Support for clamd trough clamdscan is nice, however, best would be 
>> to connect to clamd directly to its socket (or network socket) from 
>> MailScanner, without call clamdscan, and fallback to clamscan if clamd 
>> is not working. 
> 
> Why not just run clamavmodule? From my understanding, the support for 
> clamd was added so that those that didn't want to keep up with the Perl 
> module required for clamavmodule would have something faster than 
> clamscan. Any direct call to clamd from MailScanner would require a Perl 
> module, so at that point you're losing the requirements benefit of 
> running clamd.

FYI, we have used all of those during last three weeks. First clamav 
(indeed about two year before this period), then clamavmodule and during 
this week clamd.

Our MX server passes normally about 10k mails/day (MS, postgrey, postfix 
and SA) and clamd is IMHO the most comfortable as regards load, memory 
and swap. The server is a vmware client (CentOS4.4 ) with 2 x 2,4 GHz 
and 775 Mb memory reserved to client. After start the swap is with clamd 
under 40 Mb and it will remain there. With clamavmodule and clamav the 
swap varies from 40 to 400 Mb and the load can be even over 20 with clamav.

More details from our Cacti stats:
http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache
The first week was runned with clamav till midday of thursday, after 
that with clamavmodule and this week with clamd.

With numbers this week (four workdays because of free Monday, otherwise 
typical):

received: 33307
spam: 836
rejected: 163033
virus: 5
bounced: 150
sent: 8331

-arto