Hello clamAV community,
I wanted to email to ask about a custom database option for users that have memory restrictions, I have a max of 4GB and the database of signatures on top of running snort, squid, squidguard, openVPN, WiFi mini pcie, an AP, wpad, custom LEDs that change by way of state checking, watchdog, dns over tls, unbound, authenticated ntp, syslog viewer for external AP with NAS and wireless printer, dhcp server with options enabled for proxy, static MAC addresses, layer 2 ethernet filtering with 2 broadcast domains, autobackup, boot environments, AppID with full database of text rule signatures, Snort subscriber ruleset, backup files, full firewall ACLs guest network and secure network, ssd trimming cron jobs, custom patches it all takes about 25-55 percent of memory, under a load 60 percent, if I enable clamAV it goes to
96 percent and snort crashes and icap crashes.
Long story short is there a smaller set of signatures? With snorts appid enabled I can’t run clamAV without it running out of
Memory.
It took over 4 years of config changes custom options patches with the open source community to get it to work this good, it blocks shows the red https test url screen, it blocks my urls I want blocked.
I thought maybe there is a smaller set of definitions to use with a custom approved mirror??
Thanks
Jonathan Lee
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
I wanted to email to ask about a custom database option for users that have memory restrictions, I have a max of 4GB and the database of signatures on top of running snort, squid, squidguard, openVPN, WiFi mini pcie, an AP, wpad, custom LEDs that change by way of state checking, watchdog, dns over tls, unbound, authenticated ntp, syslog viewer for external AP with NAS and wireless printer, dhcp server with options enabled for proxy, static MAC addresses, layer 2 ethernet filtering with 2 broadcast domains, autobackup, boot environments, AppID with full database of text rule signatures, Snort subscriber ruleset, backup files, full firewall ACLs guest network and secure network, ssd trimming cron jobs, custom patches it all takes about 25-55 percent of memory, under a load 60 percent, if I enable clamAV it goes to
96 percent and snort crashes and icap crashes.
Long story short is there a smaller set of signatures? With snorts appid enabled I can’t run clamAV without it running out of
Memory.
It took over 4 years of config changes custom options patches with the open source community to get it to work this good, it blocks shows the red https test url screen, it blocks my urls I want blocked.
I thought maybe there is a smaller set of definitions to use with a custom approved mirror??
Thanks
Jonathan Lee
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat