Clamd Daemon Scanning Patches

Thu May 31 10:35:48 IST 2007

Rick Cooper wrote:
>  
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
>> Of Glenn Steen
>> Sent: Wednesday, May 30, 2007 5:01 PM
>> To: MailScanner discussion
>> Subject: Re: Clamd Daemon Scanning Patches
>>
>>     
> [..]
>   
>>> Last two items that should probably be asked of the group:
>>>
>>> I am assuming that the clamd init scripts are creating lock 
>>>       
>> files, as most
>>     
>>> do, (usually /var/lock/subsys/clamd) but if that is not the 
>>>       
>> case I should
>>     
>>> remove the check, I am PINGing clamd anyway but if the lock 
>>>       
>> file isn't there
>>     
>>> I can short circuit the whole connect process.
>>>       
>> Perhaps do this as a config thing too? If "Clamd Lock File" is empty,
>> do the ping unconditionally, else check whatever it points to...?
>>
>>     
>
> Yeah, in retrospect I think it should have gone that way and not made
> assumptions. Right now if the lock file isn't there it's assumed that clamd
> isn't running. Easy fix
>   
Work out a new set of patches and send me them, and they'll go in the 
first beta of the next version 4.61.
>   
>>> I am not using the threaded daemon model (MULTISCAN) but a 
>>>       
>> config parameter
>>     
>>> such as "Clamd Use Threads" could be added so clamd can 
>>>       
>> take advantage of
>>     
>>> threading on SMP hosts.
>>>       
>> Should work. How far away is Config Option Number 400, Jules?:-)
>>
>>     
>
> I don't know how helpful this option is as I don't have a SMP host to test
> on and I kept to the per file scanning model, although the tests I did
> didn't have an appreciable difference between scanning entire dir verses one
> file at a time since the connection to the daemon is open anyway.
>
>
>   
>> Awesome stuff, can't wait to see it in a new beta (Yeah, I'm feeling
>> lazy today:-).
>> When you tested this Rick, did you notice how this affected startup
>> time of MS compared to clamavmodule? I boticed that using clamavmodule
>> adds a hefty time for reading in the signatures... (rather irritating
>> while debugging that p-record patch ... start debug, wait a couple of
>> minutes, see some errors whizz by, fiddle with code, redo...
>> sigh.:-)... Yeah, not that important, I know...:)
>>
>>     
>
> Didn't really time it but bear in mind MS doesn't load anything. It simply
> makes the socket (UNIX/TCP) connection and asks the daemon to scan something
> when required (no persistent connection). If you already use clamd then
> there is no impact on resources (no signatures loaded, etc). And it appears
> to be at least as fast as clamavmodule but I didn't do any high resolution
> timing or huge file, huge number of files. What ever overhead there is
> involved with clamavmodule is gone, including checking for changed files,
> loading DBs, etc. and the system overhead of clamdscan is also gone. Now of
> course you have to set some options in the clamd.conf that were set in
> MailScanner, such as flagging password protected files as viruses.
>
> Rick
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>   

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070531/f8f0e739/attachment-0001.html