F-Prot 6 (and lack of speed thereof)

Rick Cooper rcooper at dwford.com
Wed Mar 5 23:33:51 GMT 2008


 > -----Original Message-----
 > From: mailscanner-bounces at lists.mailscanner.info 
 > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
 > Behalf Of Scott Silva
 > Sent: Wednesday, March 05, 2008 6:07 PM
 > To: mailscanner at lists.mailscanner.info
 > Subject: Re: F-Prot 6 (and lack of speed thereof)
 > on 3-5-2008 2:52 PM Julian Field spake the following:
 > > F-Prot 6, when used as a command-line scanner, is appallingly slow.
 > > However, it comes with a daemon fpscand.
 > > This runs a whole lot faster.
 > > 
 > > My next job is to implement support for fpscand (I'll 
 > probably call it
 > > f-protd, which is the name of the "service" used to start 
 > and stop it).
 > > This should bring back the speed of f-prot, hopefully to 
 > the same speed
 > > as f-prot 4, which used to be one of the fastest scanners around.
 > > 
 > > Expect news on this front very soon, it affects me badly 
 > on my own site :-(
 > > 
 > > Jules
 > > 
 > Hopefully it will be similar to the clamd work you have already done.
 > -- 

Not much, no. The f-protd expects http GET like syntax, it returns xml (even
the error codes) so I would think there will be a bit more to the parseing,
as well as building the command. The documentation reference properl url
encoded, and it requires the ?/& separators between arguments as well (of
course). And I really don't like the sound of this part:

"The Daemon Scanner is designed to automatically update itself by executing
itself when a new version is in place. The newly executed copy is will bind
to the next available port in it's range (by default 10200-10204) since the
outdated process stays alive for about 5 - 10 seconds. This is done to
guarantee that there is always at least one daemon available at any given
time. Clients are expected to cycle through the port range to find a live
Daemon Scanner when the one they were previously using dies."

How absolutely retarded is that? Here, lemme scan through a few ports
looking the currently active daemon, and oh yeah, it apparently will
disconnect even when there is an active session, if so we just start
scanning through the ports looking for something alive again.

Certainly nothing like clamd, or any other rational virus scanning daemon.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list