Good morning, I've found that Clamav is the reason of my server overload each hour. I've found in this forum that I should use clamd instead of clamav to reduce this load average. But I don't know how to do it (and proposed modifications in this forum is too old). Anyone can help me? Thanks in advance.
I remember previous problems with clamav using too much memory. From what I understand, it is not practical to try to make clamav use less memory. If your high load is a result of memory filling up and swapping to disk happening a lot, I would say only way to remedy the situation is to add more RAM. From previous discussions 2 GB is enought to run web server, e-mails etc. and clamav scanning. How much RAM does your host have and how much is used? What about swap? Code: free -h Some users with very low RAM have disabled amavis. This has downsides.
I have 4GB RAM + 8GB Swap, I currently use ~2.6GB of RAM and ~3GB RAM when clamav is running in the background (with very high load average). I think that it is not a RAM problem but CPU usage problem.
Try to find out what causes the high load. What is it that clamav is scanning? You mentioned "each hour", is some special scan started hourly? What is the CPU on that host? Suitable tools for monitoring: free -h, htop, dstat.
What is it that clamav is scanning? No idea. You mentioned "each hour", is some special scan started hourly? systemctl status clamav show that a scan will be performed each hour. I think that the previous administrator used clamav instead of clamav-daemon / clamd. What is the CPU on that host? Intel Xeon E5-2640v4, 2 vCores (OpenVZ 6 virtualization). Other containers in the same physical host don't display a such issue. I think that I should disable/remove clamav and setup clamav-daemon as replacement. But I don't know how to do it.
If clamav scans all of disk, it is sure to cause high load unless that host has very fast disk system. I would examine what it is scanning and change it to once every night or remove it if not needed. Read clamav man page and other docs on how that scan starts and how it modify it. I do not know what Operating System you have, so can not give specific advice.
Thank you. I have Debian 9. I think that disabling this scan should reduce my load average. Because I didn't installed this scan schedule, do you know if Debian 9 (or Debian 8 as I'm pretty sure that it was a Debian 8 upgraded to Debian 9) has any default scanning schedule after installing clamav ?
Debian does not have automatic clamav run. It must be the previous admin who added that. On debian you have docs available: Code: ls -lhd /usr/share/doc/clam* It may be it is cron that start the scan. Code: ls -lh /etc/cron.hourly/ Or root crontab: Code: crontab -l -u root
No cron found on these commands. I did : Code: apt-get remove clamav apt-get install clamav-daemon I think this should solve my issue (I'm waiting for the next scan schedule if it happens).
