Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using YARA scanning process in a container led to OOM due to the generation of a large amount of cache. #2059

Open
touyudexiaomao opened this issue Mar 27, 2024 · 1 comment
Open

Using YARA scanning process in a container led to OOM due to the generation of a large amount of cache. #2059

touyudexiaomao opened this issue Mar 27, 2024 · 1 comment
Labels
bug

Comments

@touyudexiaomao
Copy link

Describe the bug
I created a container with a maximum memory limit of 1GB. I started a process A inside the container, which uses the YARA API to scan other processes.
During the YARA scanning process, a large amount of cache is generated due to intensive I/O operations.
As a result, the sum of RSS (200M) and cache (900M) of all processes in the container exceeded 1GB, leading to the OOM kill of process A.

Expected behavior
Can YARA be controlled through parameters to perform I/O operations in direct I/O mode?

Please complete the following information:

  • OS: centos 3.10.0-957.el7.x86_64
  • YARA version: 4.3.2
@plusvic
Copy link
Member

plusvic commented Apr 2, 2024

If I understood correctly you are scanning other processes, not files, right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@plusvic @touyudexiaomao