Clamd Daemon Scanning Patches

Rick Cooper rcooper at dwford.com
Wed May 30 23:12:56 IST 2007 

 

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Glenn Steen
> Sent: Wednesday, May 30, 2007 5:01 PM
> To: MailScanner discussion
> Subject: Re: Clamd Daemon Scanning Patches
> 
[..]
> > Last two items that should probably be asked of the group:
> >
> > I am assuming that the clamd init scripts are creating lock 
> files, as most
> > do, (usually /var/lock/subsys/clamd) but if that is not the 
> case I should
> > remove the check, I am PINGing clamd anyway but if the lock 
> file isn't there
> > I can short circuit the whole connect process.
> 
> Perhaps do this as a config thing too? If "Clamd Lock File" is empty,
> do the ping unconditionally, else check whatever it points to...?
> 

Yeah, in retrospect I think it should have gone that way and not made
assumptions. Right now if the lock file isn't there it's assumed that clamd
isn't running. Easy fix

> > I am not using the threaded daemon model (MULTISCAN) but a 
> config parameter
> > such as "Clamd Use Threads" could be added so clamd can 
> take advantage of
> > threading on SMP hosts.
> 
> Should work. How far away is Config Option Number 400, Jules?:-)
> 

I don't know how helpful this option is as I don't have a SMP host to test
on and I kept to the per file scanning model, although the tests I did
didn't have an appreciable difference between scanning entire dir verses one
file at a time since the connection to the daemon is open anyway.


> Awesome stuff, can't wait to see it in a new beta (Yeah, I'm feeling
> lazy today:-).
> When you tested this Rick, did you notice how this affected startup
> time of MS compared to clamavmodule? I boticed that using clamavmodule
> adds a hefty time for reading in the signatures... (rather irritating
> while debugging that p-record patch ... start debug, wait a couple of
> minutes, see some errors whizz by, fiddle with code, redo...
> sigh.:-)... Yeah, not that important, I know...:)
> 

Didn't really time it but bear in mind MS doesn't load anything. It simply
makes the socket (UNIX/TCP) connection and asks the daemon to scan something
when required (no persistent connection). If you already use clamd then
there is no impact on resources (no signatures loaded, etc). And it appears
to be at least as fast as clamavmodule but I didn't do any high resolution
timing or huge file, huge number of files. What ever overhead there is
involved with clamavmodule is gone, including checking for changed files,
loading DBs, etc. and the system overhead of clamdscan is also gone. Now of
course you have to set some options in the clamd.conf that were set in
MailScanner, such as flagging password protected files as viruses.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list