High ClamScan ...

Chuck Rock carock at epconline.com
Mon Jun 11 22:10:10 IST 2007 

Try this place, it will send a test virus to your mail server.

http://www.declude.com/Articles.asp?ID=99

Chuck

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve
Campbell
Sent: Monday, June 11, 2007 3:44 PM
To: MailScanner discussion
Subject: Re: High ClamScan ...



Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Steve Campbell wrote:
>   
>> Julian Field wrote:
>>     
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Use the clamavmodule or clamd scanners instead.
>>> You can install the clamavmodule as part of my ClamAV+SA 
>>> easy-to-install package available from www.mailscanner.info.
>>> Or else get the clamd RPM from dag.wieers.com, start it up and tell 
>>> MailScanner to use the clamd scanner.
>>>   
>>>       
>> I figured I'd give the clamavmodule a try, and see how it faired. I 
>> have always used Julians ClamAV+SA easy-to-install package and up til 
>> now, the clamscan stuff.. It is not clear to me, now, though, how to 
>> tell if I am really using the Perl module or not.
>>
>> Are there any hints?
>>     
> The log entries will have changed. Chuck it a copy of eicar (see 
> www.eicar.org) and you'll see different log entries. Also the speed 
> should give it away.
>   

The speed is definitely different, but getting the files from eicar.org 
to download, and sending them through to one of our servers here is no 
easy task. We have so much stuffing blocking everything, it's near 
impossible to send something like that.

I used to use a site that would send me a virus with the signature only, 
but it doesn't exist anymore.

I can wait, I guess and view the logwatch stuff.

Thanks, (I know this was answered many times, so I appreciate the 
"niceness" also)

Steve
>   
>> Thanks,
>>
>> Steve
>>     
>>> Rob Poe wrote:
>>>  
>>>       
>>>> >From Top
>>>>
>>>> 30174 clam      25   0 26352  25M  1100 R    25.9  1.0   0:07   0 
>>>> clamscan
>>>> 30142 clam      25   0 27044  26M  1100 R    25.5  1.0   0:19   0 
>>>> clamscan
>>>> 30387 clam      25   0 13936  13M  1096 R    21.1  0.5   0:01   0 
>>>> clamscan
>>>> 30128 clam      25   0 27488  26M  1100 R    19.9  1.0   0:30   0 
>>>> clamscan
>>>>
>>>> load average: 6.86, 4.74, 3.31
>>>>
>>>> Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w 
>>>> hardware RAID 1 (SCSI 10k drives)
>>>>
>>>> What gives?
>>>>
>>>> Is there a better way to do this?  Seems that clamscan is tooo 
>>>> freaking slow any more..
>>>>
>>>> Another box: 16842 clam      25   0 18260  13m 1204 R   99  0.6   
>>>> 0:29.65 
>>>> clamscan                                                               
>>>> 17024 clam      25   0 12100 6696 1204 R   92  0.3   0:06.72 
>>>> clamscan                                                               
>>>> 16884 clam      25   0 19416  12m 1204 R   72  0.6   0:23.79 
>>>> clamscan                                                               
>>>> 17050 clam      25   0  6808 2276 1044 R   54  0.1   0:01.95 
>>>> clamscan  load average: 5.01, 3.86, 3.43
>>>> Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller
>>>>
>>>> These aren't slow boxes ..  but Clam is killing them..
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>       
>>>>         
>>> Jules
>>>
>>> - -- Julian Field MEng CITP
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> MailScanner customisation, or any advanced system administration help?
>>> Contact me at Jules at Jules.FM
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>> For all your IT requirements visit www.transtec.co.uk
>>>
>>>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: PGP Desktop 9.6.1 (Build 1012)
>>> Charset: ISO-8859-1
>>>
>>> wj8DBQFGbakxEfZZRxQVtlQRAsquAJ9FEm1oxMON1iLouPQW/W7DAK2QqwCg+tNp
>>> rUuq2j3hIDh9YxjUsOlmhf8=
>>> =Dh3L
>>> -----END PGP SIGNATURE-----
>>>
>>>   
>>>       
>
> Jules
>
> - -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
> Charset: ISO-8859-1
>
> wj8DBQFGba/+EfZZRxQVtlQRAhZFAKD/LQFC1kju0KZXQtEyzLvdgLgmgwCg6Q54
> 5slWXXzEvXCpvZlFhWbg2wE=
> =gejR
> -----END PGP SIGNATURE-----
>
>   

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list