Clamd Verses ClamAVModule timing
Julian Field
MailScanner at ecs.soton.ac.uk
Sun Jun 3 19:08:20 IST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would like you to do the ping/pong once per batch. Because...
a) virus scanning is not a high proportion of the total time to test
each message,
and
b) if doing the ping/pong once per batch makes it a bit slower, the
batches will tend to get bigger, thus reducing the percentage overhead
caused by the ping/pong anyway.
Jules.
Rick Cooper wrote:
> I finally did some timing comparisons between the clamd (current full batch
> version) scanning verses clamavmodule. The listed times are pretty average
> for all the tests. Each test was conducted against the same message/batch
> and the batches were 20 copies of the same message. I found something a bit
> interesting.
>
> ClamAVmodule beat clamd on a single message every time when using the
> PING/PONG check (test if clamd is alive and responsive before calling it to
> scan) but clamd was much faster scanning batches even with the PING/PONG
> test. Removing the PING/PONG code resulted in clamd being much faster with
> both single and batch scans. NOTE the times changed between tests but the
> differences were pretty consistent in terms of percentages.
>
> With PING/PONG
>
> Clamd
> Batch ELAPSED TIME : 0.261474
> Single ELAPSED TIME : 0.154804
>
>
> ClamAVModule
> Batch ELAPSED TIME : 1.058038
> Single ELAPSED TIME : 0.035388
>
> Without PING/PONG
>
> Clamd
> Batch ELAPSED TIME : 0.939942
> Single ELAPSED TIME : 0.045016
>
> ClamAVModule
> Batch ELAPSED TIME : 2.430126
> Single ELAPSED TIME : 0.069513
>
> My question is should I remove the PING/PONG code all together, leave it for
> debugging only, or just leave it as is. Even without the PING/PONG test you
> will still get a log message if MailScanner cannot connect to the clamd
> daemon. Clearly the process of building the connection, PING/PONG and
> reconnect for scanning has overhead and it's not a big deal on the batches
> but would make a difference in the single message scans. My opinion is to
> remove the PING/PONG all together as the daemon has proven pretty stable for
> the past year or so, and most people run some form of daemon check script
> anyway. Plus I can provide my clamd check script for the bin dir if
> requested.
>
> Thoughts?
>
> Rick Cooper
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
Jules
- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1
wj8DBQFGYwOZEfZZRxQVtlQRAtRkAKC2bShm1P+hBLzTzRpe7EPuAtFzHwCfZLdc
TDNEsJxF0eg0+KuEd3uaAOY=
=7wOh
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
More information about the MailScanner
mailing list