From 7031310257bad0d7bc3beb99f33e6b557bba5de1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 20 Apr 2026 15:18:36 +0000 Subject: [PATCH] feat(clamav): reduce RAM usage via ConcurrentDatabaseReload no and MaxThreads 2 Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/4a5841ac-069e-4d40-8bd1-e557b685802c docs(clamav): add comments explaining ConcurrentDatabaseReload and MaxThreads changes Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/3b943282-bf8e-469a-acee-2a0b0d699112 Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com> --- Containers/clamav/Dockerfile | 9 +++++++++ Containers/clamav/supervisord.conf | 1 - 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index c45d981a..14e5fbf9 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -13,6 +13,15 @@ RUN set -ex; \ sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2000M|g" /etc/clamav/clamd.conf; \ # StreamMaxLength must be synced with av_stream_max_length inside the Nextcloud files_antivirus plugin sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2000M|g" /etc/clamav/clamd.conf; \ +# By default clamd keeps the old signature database in RAM while loading the new one, +# briefly doubling memory usage (~1 GB extra) during each freshclam update cycle. +# Setting ConcurrentDatabaseReload to "no" makes clamd unload the old database first, +# eliminating that transient peak and significantly reducing maximum RAM consumption. + sed -i "s|#\?ConcurrentDatabaseReload.*|ConcurrentDatabaseReload no|g" /etc/clamav/clamd.conf; \ +# The default thread pool is 10-12 threads, each reserving its own stack and scan buffers. +# The Nextcloud antivirus plugin sends one file at a time, so 2 threads are sufficient +# and avoids the idle per-thread memory overhead of the larger default pool. + sed -i "s|#\?MaxThreads.*|MaxThreads 2|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \ sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \ sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \ diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf index 1895ceb6..88933ab2 100644 --- a/Containers/clamav/supervisord.conf +++ b/Containers/clamav/supervisord.conf @@ -1,6 +1,5 @@ [supervisord] nodaemon=true -nodaemon=true logfile=/var/log/supervisord/supervisord.log pidfile=/var/run/supervisord/supervisord.pid childlogdir=/var/log/supervisord/