Is it possible to disable clamAV at start?
Kicey opened this issue · comments
The clamAV using lots of server resources, and may have confict with other protector on the server. Is it possible to disable it when I start the container. Is there any way to config that?
I had the same problem, I was running a container in a kubernetes cluster. The container either consumed almost 2GB of memory, or clamav went into an eternal reboot and the container began to consume more than one dedicated core. I tried many ways, in the end I just turned off the service.
/etc/supervisor/conf.d/clamav.conf
;
;This file is managed by iRedMail Team <[support@iredmail.org](mailto:support@iredmail.org)> with Ansible,
;please do __NOT__ modify it manually.
;
[program:clamav]
command=/usr/sbin/clamd -c /etc/clamav/clamd.conf --foreground
priority=999
startsecs=0
autostart=false
autorestart=false
stdout_syslog=true
stderr_syslog=true
Changes:
- priority 20->999 (lower)
- autostart true->false
- autorestart true->false
To save the changes, attach the modified configuration file to the container. An example for kubernetes:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iredmail-server
name: iredmail
labels:
app: iredmail
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: iredmail
template:
metadata:
labels:
app: iredmail
spec:
containers:
- name: iredmail
image: iredmail/mariadb:stable
env:
- name: FIRST_MAIL_DOMAIN
value: $YOUR_DOMAIN
- name: FIRST_MAIL_DOMAIN_ADMIN_PASSWORD
value: $YOUR_PASSWORD
- name: HOSTNAME
value: $YOUR_HOSTNAME
- name: MLMMJADMIN_API_TOKEN
value: $(openssl rand -base64 32)
- name: ROUNDCUBE_DES_KEY
value: $(openssl rand -base64 24)
ports:
- containerPort: 80
- containerPort: 443
- containerPort: 110
- containerPort: 995
- containerPort: 143
- containerPort: 993
- containerPort: 25
- containerPort: 465
- containerPort: 587
resources: {}
volumeMounts:
- mountPath: /var/vmail/backup/mysql
subPath: backup_mysql
name: iredmail-data
- mountPath: /var/vmail/vmail1
subPath: vmail1
name: iredmail-data
- mountPath: /var/vmail/mlmmj
subPath: mlmmj
name: iredmail-data
- mountPath: /var/vmail/mlmmj-archive
subPath: mlmmj-archive
name: iredmail-data
- mountPath: /var/vmail/imapsieve_copy
subPath: imapsieve_copy
name: iredmail-data
- mountPath: /opt/iredmail/custom
subPath: custom
name: iredmail-data
- mountPath: /opt/iredmail/ssl
subPath: ssl
name: iredmail-data
- mountPath: /var/lib/mysql
subPath: mysql
name: iredmail-data
- mountPath: /var/lib/clamav
subPath: clamav
name: iredmail-data
- mountPath: /var/lib/spamassassin
subPath: spamassassin
name: iredmail-data
- mountPath: /var/spool/postfix
subPath: postfix
name: iredmail-data
- mountPath: /opt/iredmail/ssl/cert.pem
subPath: tls.crt
name: iredmail-certs
- mountPath: /opt/iredmail/ssl/key.pem
subPath: tls.key
name: iredmail-certs
- mountPath: /opt/iredmail/ssl/combined.pem
subPath: tls-combined.pem
name: iredmail-certs
- mountPath: /etc/supervisor/conf.d/clamav.conf
subPath: configs/supervisor/clamav.conf
name: iredmail-data
hostname: localhost
restartPolicy: Always
volumes:
- name: iredmail-data
persistentVolumeClaim:
claimName: iredmail
- name: iredmail-certs
secret:
secretName: iredmail-certs@siarheidudko Thanks for your detailed answer. I turn to use mailu (I also suggest that to you), so I can't verify it.