Clamd Verses ClamAVModule timing

Rick Cooper rcooper at dwford.com
Sun Jun 3 18:04:11 IST 2007


I finally did some timing comparisons between the clamd (current full batch
version) scanning verses clamavmodule. The listed times are pretty average
for all the tests. Each test was conducted against the same message/batch
and the batches were 20 copies of the same message. I found something a bit
interesting.

ClamAVmodule beat clamd on a single message every time when using the
PING/PONG check (test if clamd is alive and responsive before calling it to
scan) but clamd was much faster scanning batches even with the PING/PONG
test. Removing the PING/PONG code resulted in clamd being much faster with
both single and batch scans. NOTE the times changed between tests but the
differences were pretty consistent in terms of percentages.

With PING/PONG

Clamd
Batch  ELAPSED TIME : 0.261474
Single ELAPSED TIME : 0.154804


ClamAVModule
Batch  ELAPSED TIME : 1.058038
Single ELAPSED TIME : 0.035388

Without PING/PONG

Clamd
Batch  ELAPSED TIME : 0.939942
Single ELAPSED TIME : 0.045016

ClamAVModule
Batch  ELAPSED TIME : 2.430126
Single ELAPSED TIME : 0.069513 

My question is should I remove the PING/PONG code all together, leave it for
debugging only, or just leave it as is. Even without the PING/PONG test you
will still get a log message if MailScanner cannot connect to the clamd
daemon. Clearly the process of building the connection, PING/PONG and
reconnect for scanning has overhead and it's not a big deal on the batches
but would make a difference in the single message scans. My opinion is to
remove the PING/PONG all together as the daemon has proven pretty stable for
the past year or so, and most people run some form of daemon check script
anyway. Plus I can provide my clamd check script for the bin dir if
requested.

Thoughts?

Rick Cooper




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the MailScanner mailing list