On 01/09/2019 14.51, Per Jessen wrote:
Carlos E. R. wrote:
On 01/09/2019 09.38, Per Jessen wrote:
Carlos E. R. wrote:
Photo using top, sort by memory, this instant:
PID USER PR NI VIRT RES SHR SWAP S %CPU %MEM TIME+ COMMAND 21395 cer 20 0 3402620 782716 85432 166280 S 69,35 9,591 61:58.83 Web Content 1096 cer 20 0 3688736 767644 104104 0 S 2,976 9,406 19:05.04 thunderbird-bin 3938 vscan 20 0 999648 725460 2628 17856 S 0,000 8,889 8:09.22 clamd .................................*******
0.7 GB of RAM! I will have to uninstall it. Las time I looked, it was half a gigabyte.
And it is set with swapiness of 100...
A couple of comments
- increasing swappiness will only create more work for your system and increase latency in processing.
Which is totally acceptable. It is already set to 100 for that process, and still it does not swap out on its own :-(
In principle, the memory could be pinned, but I see no mlock* calls in libclamav. I don't know if there are other ways though. maybe clamd does a regular traverse across the signature database, dunno.
No, it is still swapped out, an hour later. It is the data segment, not the code.
Current status, after coming from hibernation this morning:
PID USER PR NI VIRT RES SHR SWAP S %CPU %MEM TIME+ COMMAND
3938 vscan 20 0 999648 28740 2924 715764 S 0,000 0,352 8:09.72 clamd
Does hibernation somehow force processes to swap out?
Yes, fully. Apparently they are all frozen, no cpu time; then discardable parts are just released, the rest is swapped out to normal swap, so to say. It is not a linear dump of all memory, but app by app - or at least, first app by app, then a dump of what remains. Educated guess.
As you can see, now is almost totally swaped out. No issues. It just increased the used time some centiseconds. I will now send an email to myself on another computer, and check. [snip]>
As you can see, no impact at all.
PID USER PR NI VIRT RES SHR SWAP S %CPU %MEM TIME+ COMMAND
3938 vscan 20 0 999648 28892 2924 715596 S 0,000 0,354 8:09.73 clamd
Same thing. One centisecond more, almost same swap amount.
Your email was not scanned ?
It was, see the amavis entry in the log. And headers on the received mail: Received: from localhost (localhost [127.0.0.1]) by Telcontar.valinor (Postfix) with ESMTP id 482C33213B5 for <cer@isengard.valinor>; Sun, 1 Sep 2019 14:08:45 +0200 (CEST) X-Virus-Scanned: amavisd-new at valinor Received: from Telcontar.valinor ([127.0.0.1]) by localhost (telcontar.valinor [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ho0PUkymM_pr for <cer@isengard.valinor>; Sun, 1 Sep 2019 14:08:45 +0200 (CEST) I can try the reverse instead, sending to this machine. [...] Done. It was scanned: X-Virus-Scanned: amavisd-new at valinor Let's see the log: <2.6> 2019-09-01 15:30:23 Telcontar postfix 4031 - - 83A653213B5: from=<cer@Isengard.valinor>, size=1459, nrcpt=1 (queue active) <2.6> 2019-09-01 15:30:23 Telcontar amavis 30621 - - (30621-08) HuP8u8ciVXg9 FWD from <cer@Isengard.valinor> -> <cer@Telcontar.valinor>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 83A653213B5 <2.6> 2019-09-01 15:30:23 Telcontar postfix 10745 - - disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 <2.5> 2019-09-01 15:30:23 Telcontar amavis 30621 - - (30621-08) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [192.168.1.16]:45176 <cer@isengard.valinor> -> <cer@telcontar.valinor>, Queue-ID: 5901D3213AD, Message-ID: <alpine.LSU.2.21.1909011530130.4300@isengard.valinor>, mail_id: HuP8u8ciVXg9, Hits: -, size: 1020, queued_as: 83A653213B5, 138 ms <2.6> 2019-09-01 15:30:23 Telcontar postfix 10742 - - 5901D3213AD: to=<cer@Telcontar.valinor>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.19, delays=0.01/0.04/0/0.14, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 83A653213B5) All within a second. It is amavis who calls clamd. Perhaps it doesn't if there are no attachments. PID USER PR NI VIRT RES SHR SWAP S %CPU %MEM TIME+ COMMAND 3938 vscan 20 0 999648 34304 2924 710216 S 0,000 0,420 8:10.06 clamd It used less than a second CPU time in the last hour. -rw-r--r-- 1 root root 981 May 13 2018 /usr/share/cups/data/confidential.pdf I'll mail that to me. <2.6> 2019-09-01 15:36:39 Telcontar postfix 4031 - - 3B0AA3213B6: from=<cer@Isengard.valinor>, size=3430, nrcpt=1 (queue active) <2.6> 2019-09-01 15:36:39 Telcontar amavis 29786 - - (29786-09) ABdPf5OUOzE0 FWD from <cer@Isengard.valinor> -> <cer@Telcontar.valinor>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3B0AA3213B6 <2.5> 2019-09-01 15:36:39 Telcontar amavis 29786 - - (29786-09) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [192.168.1.16]:45278 <cer@isengard.valinor> -> <cer@telcontar.valinor>, Queue-ID: F12803213AD, Message-ID: <alpine.LSU.2.21.1909011535510.4807@isengard.valinor>, mail_id: ABdPf5OUOzE0, Hits: -, size: 2991, queued_as: 3B0AA3213B6, 216 ms <2.6> 2019-09-01 15:36:39 Telcontar postfix 11049 - - F12803213AD: to=<cer@Telcontar.valinor>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.27, delays=0.01/0.04/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3B0AA3213B6) PID USER PR NI VIRT RES SHR SWAP S %CPU %MEM TIME+ COMMAND 3938 vscan 20 0 999648 37720 3832 708536 S 0,000 0,462 8:10.10 clamd I'll have to mail myself a sample virus. [...] Detected: 2.6> 2019-09-01 15:46:46 Telcontar postfix 11639 - - disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 <2.6> 2019-09-01 15:46:46 Telcontar amavis 30621 - - (30621-09) bn83MTXvr3CP FWD from <cer@Isengard.valinor> -> <cer+virus@Telcontar.valinor>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 530BE3213B7 <2.5> 2019-09-01 15:46:46 Telcontar amavis 30621 - - (30621-09) Passed INFECTED (Win.Worm.N-74) {RelayedTaggedInternal,Quarantined}, MYNETS LOCAL [192.168.1.16]:46054 <cer@isengard.valinor> -> <cer@telcontar.valinor>, quarantine: virus-bn83MTXvr3CP, Queue-ID: 67BD73213AD, Message-ID: <alpine.LSU.2.21.1909011546180.4807@isengard.valinor>, mail_id: bn83MTXvr3CP, Hits: -, size: 407964, queued_as: 530BE3213B7, 3919 ms <2.6> 2019-09-01 15:46:46 Telcontar postfix 11632 - - 67BD73213AD: to=<cer@Telcontar.valinor>, relay=127.0.0.1[127.0.0.1]:10024, delay=4, delays=0.02/0.04/0/3.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 530BE3213B7) <2.6> 2019-09-01 15:46:46 Telcontar postfix 4031 - - 67BD73213AD: removed <2.6> 2019-09-01 15:46:47 Telcontar postfix 11649 - - 530BE3213B7: to=<cer+virus@Telcontar.valinor>, relay=local, delay=0.72, delays=0.06/0.01/0/0.65, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail) <2.6> 2019-09-01 15:46:47 Telcontar postfix 4031 - - 530BE3213B7: removed <2.6> 2019-09-01 15:46:47 Telcontar dovecot - - - lda(cer)<11657><I/K7BMfLa12JLQAAoyW3yA>: msgid=<VAbn83MTXvr3CP@telcontar.valinor>: saved mail to in_root <2.6> 2019-09-01 15:46:47 Telcontar postfix 11640 - - 4D3713213B6: to=<cer@Telcontar.valinor>, orig_to=<virusalert@telcontar.valinor>, relay=local, delay=0.94, delays=0.01/0.01/0/0.92, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail) <2.6> 2019-09-01 15:46:47 Telcontar postfix 4031 - - 4D3713213B6: removed One second to process. And, surprise! See memory use: PID USER PR NI VIRT RES SHR SWAP S %CPU %MEM TIME+ COMMAND 3938 vscan 20 0 999648 121692 3832 624804 S 0,000 1,491 8:11.65 clamd One second and a half CPU time used, less than a 100MB RES increase. So you see, clamd can remain swapped out most of the time in my environment with no impairment.
Maybe clamd is only used on mail receive, and that is a manual operation when I call fetchmail. Maybe the clamd daemon is awakened periodically when the database is freshened.
Definitely the latter - the database is often updated a few times a day. I guess you are running freshclam?
Yes. That would certainly cause the process to be in RAM, but after a while it should be swapped out again.
I do not understand why with a swapiness of 100 for that process, it doesn't swap out when it is not being used for hours. :-(
If nothing needs to use that memory?
But it does, swap is in use all the time, the system I noticed a bit slow yesterday. Swaping out clamd would release some RAM, better used by other processes. And I'm god, I ordered swapiness 100 for that process. I decide. Sigh... it does not obey. Why? cer@Telcontar:/sys/fs/cgroup/memory/clamd> l total 0 drwxr-xr-x 2 root root 0 Sep 1 15:57 ./ dr-xr-xr-x 3 root root 0 Sep 1 15:55 ../ -rw-r--r-- 1 root root 0 Sep 1 15:57 cgroup.clone_children --w--w--w- 1 root root 0 Sep 1 15:57 cgroup.event_control -rw-r--r-- 1 root root 0 Aug 26 11:50 cgroup.procs -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.failcnt --w------- 1 root root 0 Sep 1 15:57 memory.force_empty -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.failcnt -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.limit_in_bytes -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.max_usage_in_bytes -r--r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.slabinfo -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.tcp.failcnt -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.tcp.limit_in_bytes -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.tcp.max_usage_in_bytes -r--r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.tcp.usage_in_bytes -r--r--r-- 1 root root 0 Sep 1 15:57 memory.kmem.usage_in_bytes -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.limit_in_bytes -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.max_usage_in_bytes -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.move_charge_at_immigrate -r--r--r-- 1 root root 0 Sep 1 15:57 memory.numa_stat -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.oom_control ---------- 1 root root 0 Sep 1 15:57 memory.pressure_level -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.soft_limit_in_bytes -r--r--r-- 1 root root 0 Sep 1 15:57 memory.stat -rw-r--r-- 1 root root 0 Aug 26 11:49 memory.swappiness -r--r--r-- 1 root root 0 Sep 1 15:57 memory.usage_in_bytes -rw-r--r-- 1 root root 0 Sep 1 15:57 memory.use_hierarchy -rw-r--r-- 1 root root 0 Sep 1 15:57 notify_on_release -rw-r--r-- 1 root root 0 Sep 1 15:57 tasks cer@Telcontar:/sys/fs/cgroup/memory/clamd> cer@Telcontar:/sys/fs/cgroup/memory/clamd> cat memory.swappiness 100 cer@Telcontar:/sys/fs/cgroup/memory/clamd>
- run clamd on a another machine
I failed at doing this. No idea how to do it, unless I move the entire amavis. The other machine has free memory but the CPU is way less powerful.
My old test system cluster ran on Pentium II 450MHz, it did just fine. clamd can be configured to listen for external connections, now you just need to make amavis talk to an external clamd.
I don't know how to do that. Do you have a link? -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)