jrudd at UCSC.EDU
Tue Sep 20 15:47:11 IST 2005
On Sep 13, 2005, at 1:59 PM, Julian Field wrote:
> John Rudd wrote:
>> The default definition for clamav in virus.scanners.conf is
>> clamav /opt/MailScanner/lib/clamav-wrapper /usr/local
>> Which I assume will invoke clamscan. If I want to invoke clamd, would
>> it be as simple as just modifying clamav-wrapper to use clamdscan?
>> and would it be faster/better to see about using the clamavmodule
> Use clamavmodule. It's faster and has less overhead than any solution
> involving clamd. That's why I did it the way I did.
I did some testing (in mimedefang, which accesses clamd directly*, not
via clamdscan, so it is not dealing with the fork and exec overhead),
and it was 10 times faster than using Mail::ClamAV (which I had to
write mimedefang support for myself).
(* I'm not sure if it does it via library calls, or via the clamd
unix-socket, but I suspect the latter, because mimedefang does keep
track of the clamd unix-socket)
What I did is submit 1 ham message, 1 spam message, and 1 eicar test
signature virus message, each 333 times. I then looked at how long it
took to run the loop.
I ran it twice using clamd, and twice using Mail::ClamAV.
clamd: 65 seconds and 70 seconds
Mail::ClamAV: 667 seconds and 629 seconds
Of course, I don't know if you can invoke clamd on a large archive in
one swoop, the way mailscanner does with Mail::ClamAV. It may turn out
to be just that mimedefang doesn't get the economy of scale from
Mail::ClamAV that mailscanner does (because, as a milter, it MUST do
one message at a time) and that mailscanner can't get clamd, except via
clamdscan, to do the kind of bulk scans that Mail::ClamAV can.
I was just getting very different recommendations from each project
(and was hoping to use 1 method for both implementations), and had to
do some experimenting.
Though, I think, for my mailscanner installation, the real question is:
is clam(d)scan faster/slower than sophos sweep, and which is faster
between clamscan and clamdscan. I'll have to work up something around
that, as well.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner