Continuing saga of ClamAV module

Leonardo Helman mailscanner at
Mon Apr 16 13:45:21 IST 2007

Yes, that's a possible solution, but why don't you 
change the MailScanner.conf as someone posted

something like
Monitor For Clam... = /path/to/clamfiles/* /path/.../* /path/to.../*.cvd

There must be at least one file to watch (with file lenght not 0),
and MS "reloads" the files (not exactly) if the existing files (at
start) had changed in the meantime

Here is the code from (for the nonveryperl "-s" returns
the size of the archive)

  # Build the hash of the size of all the watch files
  my(@watchglobs, $glob, @filelist, $file, $filecount);
  @watchglobs = split(" ", MailScanner::Config::Value('clamwatchfiles'));
  $filecount = 0;
  foreach $glob (@watchglobs) {
    @filelist = glob($glob);  
    foreach $file (@filelist) {
      $Clamwatchfiles{$file} = -s $file;
  MailScanner::Log::DieLog("None of the files matched by the \"Monitors " .
    "For ClamAV Updates\" patterns exist!") unless $filecount>0;

And then

# Have the ClamAV database files been modified? (changed size)
# If so, abandon this child process altogether and start again.
# This is called from the main WorkForHours() loop
sub ClamUpgraded {
  my($watch, $size);

  return 0 unless $Claminuse;

  while (($watch, $size) = each %Clamwatchfiles) {
    if ($size != -s $watch) {
      MailScanner::Log::InfoLog("ClamAV update of $watch detected, " .
                                "resetting ClamAV Module");
      return 1;

  # No update detected
  return 0;

On Fri, Apr 13, 2007 at 06:50:09AM -0700, Mike Tremaine wrote:
> >With the recurring clamavmodule problems of late, has anybody started just
> >using clamav direct rather than the module? 
> >Is there a huge speed increase to be gained in using the module, or a big
> >saving on resources?
> >
> >Edward
> >
> >
> Yes my solution to the last problem was to swtich to clamav only because 
> it was the fix that  worked before I really understood the problem. But 
> clamav is using commandling line clamscan which is much slower then 
> clamavmodule. The problem is everytime you call [fork] a new clamscan it 
> has to load the virus database which is over 100,000 records.
> One possible solution that it might time to revisit is making a new 
> wrapper for clamdscan and starting the clamd daemon. I know this has 
> been mentioned before but I forgot what the issue was with it. I know 
> that Mail::ClamAV aka clamavmodule was a nicely intergrated solution for 
> MailScanner but as you mentioned we keeping seeing it as the weakest 
> link. If clamdscan + clamd allow more stability during upgrades [both of 
> the sig database and the engine] then maybe it is time to switch.
> [I know it would be pretty easy to copy the clamav.wrapper and change to 
> use clamdscan, I might test this out soon.]
> -Mike
> -- 
> MailScanner mailing list
> mailscanner at
> Before posting, read
> Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list