Upgrade to clamav 0.90.2 makes scanning extremely slow

Richard Lynch rich at mail.wvnet.edu
Thu Apr 26 21:27:02 IST 2007 

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What's wrong with just using clamavmodule? You need to use Mail::ClamAV 
> 0.20 with ClamAV 0.90 and later, which is all included in my ClamAV+SA 
> package.
>
> I don't understand the sudden rush to clamd at all. Can someone explain 
> to me please?
>
> Jules.
>   
The only advantage I see is that it's all maintained by a single 
source.  That is, the ClamAV team maintains clamd and clamdscan 
together.  There's no third party perl package that may not be up to 
date.  I don't know if there's a performance improvement one way or the 
other.  It's conceivable that clamdscan/clamd performs better in a 
multiprocessor environment by spreading the load across other 
processors.  It's just as possible that the overhead of the 
communications between the two costs too much to justify doing it that way.

I would probably suggest that clamdscan/clamd always be used instead of 
just clamscan.  From what I've seen using clamscan alone is the worst 
possible case performance wise.

Rich

>
> Daniel Maher wrote:
>   
>>> I think I discovered the patches in this same list.
>>> Anyway I'll post them again (wrapper might be slightly
>>> modified -- I don't remember)
>>>
>>> Apply SweepViruses.patch:
>>>     
>>>       
>> <Snip>
>>
>>   
>>     
>>> clamav-0.90.2/contrib/clamdwatch
>>> There are install instructions there
>>>
>>> That's all.
>>> I don't remember doing something else,
>>> apart from telling the system that clamd
>>> should be running on system reboot.
>>>
>>> Good luck
>>>
>>> Giannis
>>> ps. This configuration works for me,
>>> Apply at your own risk.
>>>     
>>>       
>> Thank you for your prompt and informative reply!  Unfortunately, it "didn't work". :(  I followed all of the steps, including the wrapper, lint, and debug tests, and everything appeared to be ok.
>>
>> When I restarted MailScanner with "clamd" as the Virus Scanner, all continued to appear well.  Messages were coming in, getting processed, ostensibly scanned, and passed along.  However, the load had dropped /so much/ compared to clamscan that I became suspicious.  I sent a handful of messages with either the Eicar test string, or the Eicar zip file, through the mail server.  They passed through cleanly, without so much as a warning.
>>
>> Clearly, messages were /not/ getting scanned by clamd.  I re-enabled clamscan, and sent the same Eicar test messages again; this time, they were indentified as normal.
>>
>> After some investigation, I noticed that the Incoming Work Dir was not owned by the proper group, as defined by: Incoming Work Group = clamv
>> I chgrp -R'd the directory, and tried again, but to my surprise, when I restarted MailScanner, ownership reverted to postfix.root !
>>
>> Does anybody have any idea why the permissions on the Incoming Work Dir are not being set properly, and what might be changing them?  Furthermore, does this even seem to be the reason why clamd wasn't able to scan incoming mail?
>>
>> As always, I appreciate any commentary or feedback.  Thank you.
>>
>>
>> --
>>   _
>>  °v°  Daniel Maher
>> /(_)\ Administrateur Système Unix
>>  ^ ^  Unix System Administrator
>>  
>> "How can a man choose between Fresh and Fly?  And believe me, there IS a difference." - Crack Stuntman, 2007.
>>   
>>     
>
> Jules
>
> - -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.0 (Build 214)
> Charset: ISO-8859-1
>
> wj8DBQFGMQDoEfZZRxQVtlQRAn24AKDvOTrRWjRHvomuAo1wlm7JMNJPggCeLqiR
> q21vz1UsL5M/xdrS0QwU/9w=
> =P6hp
> -----END PGP SIGNATURE-----
>
>   


-- 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: rich.vcf
Type: text/x-vcard
Size: 296 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070426/59173655/rich.vcf

More information about the MailScanner mailing list