Clamav suggestions

Arto arto.saraniva at artio.net
Fri May 4 21:50:12 IST 2007 

Richard Frovarp wrote:
> Arto wrote:
>> Richard Frovarp wrote:
>>> Arto wrote:
>>>> Richard Frovarp wrote:
>>>>> Fabio Pedretti wrote:
>>>>>>
>>>>>> 3) Support for clamd trough clamdscan is nice, however, best would 
>>>>>> be to connect to clamd directly to its socket (or network socket) 
>>>>>> from MailScanner, without call clamdscan, and fallback to clamscan 
>>>>>> if clamd is not working. 
>>>>>
>>>>> Why not just run clamavmodule? From my understanding, the support 
>>>>> for clamd was added so that those that didn't want to keep up with 
>>>>> the Perl module required for clamavmodule would have something 
>>>>> faster than clamscan. Any direct call to clamd from MailScanner 
>>>>> would require a Perl module, so at that point you're losing the 
>>>>> requirements benefit of running clamd.
>>>>
>>>> FYI, we have used all of those during last three weeks. First clamav 
>>>> (indeed about two year before this period), then clamavmodule and 
>>>> during this week clamd.
>>>>
>>>> Our MX server passes normally about 10k mails/day (MS, postgrey, 
>>>> postfix and SA) and clamd is IMHO the most comfortable as regards 
>>>> load, memory and swap. The server is a vmware client (CentOS4.4 ) 
>>>> with 2 x 2,4 GHz and 775 Mb memory reserved to client. After start 
>>>> the swap is with clamd under 40 Mb and it will remain there. With 
>>>> clamavmodule and clamav the swap varies from 40 to 400 Mb and the 
>>>> load can be even over 20 with clamav.
>>>>
>>>> More details from our Cacti stats:
>>>> http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache 
>>>>
>>>> The first week was runned with clamav till midday of thursday, after 
>>>> that with clamavmodule and this week with clamd.
>>>>
>>>> With numbers this week (four workdays because of free Monday, 
>>>> otherwise typical):
>>>>
>>>> received: 33307
>>>> spam: 836
>>>> rejected: 163033
>>>> virus: 5
>>>> bounced: 150
>>>> sent: 8331
>>>>
>>>> -arto
>>>>
>>>
>>> You may want to decrease the number of MailScanner processes running 
>>> under Max Children. I've got a vmware guest with 1 GB of RAM. The 
>>> host is a dual socket dual core 3.2 GHz Xeon. We're not see any swap 
>>> at all running clamavmodule. However, I have Max Children set to 7. 
>>> This particular scanner handles internal mail only and scan times are 
>>> only a couple of seconds during the middle of the day with batch 
>>> sizes of 1 or 
>>
>> Max Children = 10 (which should be the recommended value with 2 
>> processors.)
>>
>> -arto
>>
> That's assuming you have the RAM. Each of mine are about 80 MB in size, 
> 10 of those would be 800 MB, which is more than you have allocated for RAM.

Ours are 54388 Mb.

More information about the MailScanner mailing list