Reducing memory usage: antivirus recommendations
I'm currently running an ISPConfig3 setup on a linode with 1.5GB RAM, and it's working pretty good.
However, I'd like to optimise it with an aim of running it on a 1GB linode.
I only have about half a dozen websites with associated email accounts, etc. The websites are mainly Wordpress ones.
If I reboot the node and leave it for a few minutes to settle down, it takes about 1GB RAM, but this often rises to around 1.3 - 1.4GB in use.
Looking at the memory usage, the greediest one seems to be ClamAV running with Amavis-new for scanning email: they seem to eat up to around 400MB between them which seems rather excessivee to me!
Name Count CPU Memory
amavis 3 0% 280 MB
clamd 1 0% 245 MB
apache2 11 0.01% 152 MB
mysqld 1 0.14% 48 MB
So I'm trying to decide what my options are and would really appreciate your thoughts / recommendations.
Do I:
Remove all av / amavis packages to free up the ram (but take a risk on virused an wormed emails?
Keep what I have but "tune" it. If so, are there many parameters to reduce RAM usage?
Change from ClamAV to something else, if so which AV? BTW, ClamAV is currently running as the daemon (clamavd)
Something else?
So any ideas on where to go from here?
Thanks in advance,
Xav
6 Replies
If you are running Postfix, my personal generic recommendation is to set up configuration options (rejectnonfqdnhelohostname, rejectinvalidhelohostname, rejectnonfqdnsender, rejectunknownsenderdomain, rejectunauthpipelining, rejectnonfqdnrecipient, rejectunknownrecipientdomain, rejectunauthdestination, and rejectunlisted_recipient) first, then greylisting.
If that's not sufficient, next I would use a DNS block list (DNSBL), probably zen.spamhaus.orgterms of use
Employing content scanning like ClamAV/Amavis/SpamAssassin would be my last step. The fact that most spam is already dealt with by the other measures should reduce the load by itself.
See this thread
Assuming you have anything at all AV-wise running at the client level, you won't be increasing your risk factor at all.
After doing a little bit of research, it looks like clamav isn't that effective, or certainly doesn't give you value for memory!
I think amavis will go too as there's no point of having amavis if you don't have some form of AV.
Oh and to answer your questions, yes, the server is a mail server as well as a web server.
Will continue reading, but thanks again for your input.
Thanks again and happy new year
Could we limit the Clamav memory usage?