Continuing saga of ClamAV module
Leonardo Helman
mailscanner at lists.com.ar
Mon Apr 16 13:45:21 IST 2007
Yes, that's a possible solution, but why don't you
change the MailScanner.conf as someone posted
something like
Monitor For Clam... = /path/to/clamfiles/main.inc/* /path/.../daily.inc/* /path/to.../*.cvd
There must be at least one file to watch (with file lenght not 0),
and MS "reloads" the files (not exactly) if the existing files (at
start) had changed in the meantime
Here is the code from SweepViruses.pm (for the nonveryperl "-s" returns
the size of the archive)
# Build the hash of the size of all the watch files
my(@watchglobs, $glob, @filelist, $file, $filecount);
@watchglobs = split(" ", MailScanner::Config::Value('clamwatchfiles'));
$filecount = 0;
foreach $glob (@watchglobs) {
@filelist = glob($glob);
foreach $file (@filelist) {
$Clamwatchfiles{$file} = -s $file;
$filecount++;
}
}
MailScanner::Log::DieLog("None of the files matched by the \"Monitors " .
"For ClamAV Updates\" patterns exist!") unless $filecount>0;
And then
# Have the ClamAV database files been modified? (changed size)
# If so, abandon this child process altogether and start again.
# This is called from the main WorkForHours() loop
#
sub ClamUpgraded {
my($watch, $size);
return 0 unless $Claminuse;
while (($watch, $size) = each %Clamwatchfiles) {
if ($size != -s $watch) {
MailScanner::Log::InfoLog("ClamAV update of $watch detected, " .
"resetting ClamAV Module");
return 1;
}
}
# No update detected
return 0;
}
On Fri, Apr 13, 2007 at 06:50:09AM -0700, Mike Tremaine wrote:
>
> >With the recurring clamavmodule problems of late, has anybody started just
> >using clamav direct rather than the module?
> >Is there a huge speed increase to be gained in using the module, or a big
> >saving on resources?
> >
> >Edward
> >
> >
>
> Yes my solution to the last problem was to swtich to clamav only because
> it was the fix that worked before I really understood the problem. But
> clamav is using commandling line clamscan which is much slower then
> clamavmodule. The problem is everytime you call [fork] a new clamscan it
> has to load the virus database which is over 100,000 records.
>
> One possible solution that it might time to revisit is making a new
> wrapper for clamdscan and starting the clamd daemon. I know this has
> been mentioned before but I forgot what the issue was with it. I know
> that Mail::ClamAV aka clamavmodule was a nicely intergrated solution for
> MailScanner but as you mentioned we keeping seeing it as the weakest
> link. If clamdscan + clamd allow more stability during upgrades [both of
> the sig database and the engine] then maybe it is time to switch.
>
> [I know it would be pretty easy to copy the clamav.wrapper and change to
> use clamdscan, I might test this out soon.]
>
> -Mike
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list