I was struggling to understand a warning in netdata about swap usage, increasing constantly every week, reaching almost 30% of it, while I had 10% of actual ram usage or less, I initially thought it was a memory leak in some mono docker (radarr or sonarr), but after installing smem and using the command smem -u I saw that almost all of it was the clamav user.
I saw in the internet that clamav uses a lot of memory if the database is big, but should it unload it to swap directly? I have the swap in a SSD so I wanted to reduce it to bare minimum. I even made a rule in /etc/sysctl.d/ to reduce vm.swappiness to 0 and it continued using it.
Is this normal? I disabled the antivirus and swap usage is now much lower than before, no warning in netdata anymore.