Hi there,
On Fri, 8 Jul 2022, Asier Gomez via clamav-users wrote:
> We are trying to run Clamav in some instances what not more than 1Gb
> of free memory, so when Clamscan runs the scan, the instance dies.
This is to be expected. You really should read the documentation.
See
"Recommended System Requirements"
at
https://docs.clamav.net/Introduction.html and also try searching this mailing list for 'memory' and/or 'RAM' for
example. Expect that the 'official' signature database alone will use
more than 1GByte continuously. If you use third-party databases (or
if you add signatures yourself) expect memory usage to increase still
further. Additionally, in the configuration installed by default, if
you use clamd it will briefly ('briefly' depends on the performance of
your system) after a database update use twice as much memory while it
tests and reloads the signature database.
> Is anyway to configure Clamascan to use less resources?
There is no 'Clamascan'. It's 'clamscan' or 'clamdscan'. You *might*
be able to use a signature database with fewer signatures, but you'd
really need to know what you were doing and I would not recommend that
to someone who's asking the questions that you're asking.
> Or is anyway to run Clamav in a centralized server to check the rest
> of the instances from the central server?
Yes, that's the sort of thing here. See the documentation, e.g. try
man clamd
which explains that you can tell clamd on a server to listen on a TCP
port for connections from clients. Be aware that if you do that, you
likely need to heed the warning in the documentation about making sure
that the whole world can't connect to your clamd server. See also
man clamdscan
which explains how to configure a client scanner. It isn't absolutely
necessary to use clamdscan, for example here we use a client which I
wrote in Perl. Similar things exist elsewhere, but to begin with at
least I recommend that you use the official client until you're very
familiar with the way it all works, and you're clear about how you
want to use it. I can't offer any advice about the various unofficial
scanning clients, I've never used any except my own.
> Checking the following blog: https://www.libellux.com/clamav/, we
Because random blogs and tutorials on the Internet have a habit of
being years out of date (if not just plain wrong in the first place)
in general I would advise that you keep to the official guidance at
https://docs.clamav.net/ AFTER reading it, and the various 'man' pages about the tools which
you will be using, post here for clarification and advice if needed.
> found that it is a way to have the clamav database only in a central
> server and the clients just read the database from this central
> server.
It doesn't work that way, it's the other way around. The clients do
not read the database from the server. The clients send the data to
be scanned to the server and then read the server's response.
> Should this help for clamscan in the clients' instances to use less
> resources?
No, the clamscan tool does not work that way; it will load the entire
signature database into local memory. Use clamdscan instead, which is
a small utility designed to read the scanned data and pass it to clamd
on the server.
Please feel free to get back to us when you've done some more reading
and hopefully some experimentation. When you do, please tell us more
about what you're trying to achieve. "I want to scan things" does not
tell us what we need to know. Some background about what you're doing
and why can be very important.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat