clamd OOM

Heads up for fellow clamed users:

I got an alert this morning that my Linode was using lots of CPU. Investigation of the logs showed clamd constantly restarting, which causes it to re-parse its AV database and use a lot of memory. Some investigation revealed that there's a new feature to reload new virus definitions in parallel to avoid stopping the scanner but it takes twice as much memory. I'm now fixing my clamd config to use the new setting to disable this. Details here:

https://github.com/mailcow/mailcow-dockerized/issues/3761

Short answer: Add "ConcurrentDatabaseReload no" to your config file.

(For RH-based systems, look in /usr/share/doc/clamd-*/clamd.conf for the latest sample config with comments. Your old config in /etc/clamd.d may be missing important new settings.)

1 Reply

Linode Staff

Thanks for taking the time to investigate this and then post your findings here, @scratchmonkey. This is certainly something I could see affecting customers using some of the smaller Linode plans that have only 1 core of memory. Gonna go check all of my Nanodes that have ClamAV running on cron jobs.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct