I'm tired of using large amounts of memory to check for Viruses. Is there an easy way to disable Clam but still keep Rspam running?
Normally ISPconfig uses about 1.5Gb of RAM. Clam DB takes almost a full Gb. If we disable Clam then the VM shouuld only need ~500Mb of memory. Working SPAM filter takes care of most Viruses anyway.
With 10 containers running on host that's almost 10Gb of RAM wasted. With 100 containers... you do the math.
Actually it looks like you can just decrase container memory (from 4) to 2Gb and Clam dies on its own. Mail still works fine without it. At the moment our ISPcontainers are only using ~500mb of RAM. (No swap.)
You already know that its database need that much of ram and may be more in the future as viruses grows more and more but you may also know that you need clamav in order for your system to work properly. The closest one I found is to only load linux-specific definitions rather than all of them, which is discussed in the answer here: https://unix.stackexchange.com/a/685322. Linux only cvd size at that time was only 321KB which may be a little bit more now. If you find a way to only load that instead of everything into the memory, it might reduced it usages without reducing its speed and efficiency in scanning for viruses. But to extract linux only cvd on each update will require a very good scripting implementation so that it will work when use. Just few cents of thought that may be or may not be worth it.
Nested Proxmox using ZFS. A lot more flexible and secure. None of the KVM Proxmox's (that only have LXC containers) have a SWAP. The hosts handle that. When one of the KVM hosts "dies" it wont kill the HardWare host (usually.) It also allows a LOT more control and flexibility to move stuff around. Only problem is that ZFS uses a LOT of RAM.
OpenSource "Proxmox" also has the OpenSource "Proxmox Mail Gateway" that only took me 1min to setup. I can't believe it took me years to come around trying it. (Buying support license is optional.) I love it. Easiest way to secure your email (as long as it's on different HardWare than the email server.) All you really need is go to the "Configuration" | Mail Proxy and name your "Default Relay" ie. your email server. Then you can add as many "Relay Domains" as you have customer domains. That's it. Don't forget to modify your DNS MX records. I have been testing it over a month now and only negative thing about it is that it does not use RspamD. (So far.)