Carlos E. R. wrote:
I don't believe that for one second. clamd works by loading all signatures into memory and using that when scanning. Maybe you could add "LogTime true" to clamd.conf ?
Well, you can see how it actually detected a virus, and not the entire thing came back to ram. I guess memory segments were retrieved as needed from swap by the kernel, till clamd hit a match signature and it stopped. Less than 100MB were needed.
And the test signature is probably one of the first in the database, yes. I don't think the PDF you sent was scanned though.
The setting is active, anyway:
# Log time with each message. # Default: no LogTime yes
So there must be a log somewhere? That would be conclusive evidence.
But it does, swap is in use all the time, the system I noticed a bit slow yesterday. Swaping out clamd would release some RAM, better used by other processes. And I'm god, I ordered swapiness 100 for that process. I decide. Sigh... it does not obey. Why?
You have only decided that the clamd memory _can_ be swapped out, not that it _will_ be swapped out. There is no need to swap out if nothing else needs the memory. Or somehow your swappiness setting doesn't take effect?
You see I posted the sys entries that show it is active.
Yeah I saw that. Yet your experience seems to contradict it.
Id like to find something more aggressive.
Maybe try "kill -TSTP <pid>" to suspend/pause clamd.
man clamd.conf and man amavisd.conf ?
I tried... but they are just a list of options and their syntax. Not how to do something.
Well, no. That is the job for the sysadmin :-) You need to enable clamd for listening on an external socket - that seems to be the TCPSocket and the TCPAddr options. I don't have amavis installed anywhere, but I am sure you can find parameters that directs which clamd to use.
Clamd listen on a port, amavis could be redirected to that port outside. But the problem is, amavis autodetects clamd and connects to it, so connecting to outside means changing code, IMHO.
There is nothing to configure which clamd to use?
# ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd-socket"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
Wild guess: replace "/var/run/clamav/clamd-socket"] with "yourhost:yourport" -- Per Jessen, Zürich (22.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org