clamav not working?
fcusack at fcusack.com
Fri Nov 27 17:59:31 GMT 2009
On November 24, 2009 9:36:40 AM +0000 Julian Field
<MailScanner at ecs.soton.ac.uk> wrote:
> On 24/11/2009 02:00, Frank Cusack wrote:
>> Looking at ProcessClamAVOutput() in SweepViruses.pm I see a lot of
>> pattern matching which is hurting my brain. Ok, that is fine for
>> logging but why doesn't it just check the return value of clamav-wrapper
>> (which passes the return value of clamscan) to determine success?
> For the very good reason that part of MailScanner's high speed comes from
> the fact that it checks many messages at a time. So checking the return
> value is useless as it would not tell you which message contained the
> virus. If it worked in the same slow way as its competition, it would
> check each message individually, at which point it could use the return
> code. But scanning 5 files takes only fractionally longer than scanning 1
> file, as the largest proportion of the time in the virus scanner is when
> it is starting up and reading all its virus pattern databases. So to gain
> a huge increase in speed, I scan many messages at once.
> If you want to see what happens when you scan each message individually,
> set the "Max Unsafe Messages Per Scan = 1" and watch how slowly it goes!
> There is method in my madness. Just because you don't see a good reason
> for a design decision, it does not mean there *isn't* a good reason for
> it, just that you don't see it.
Right, and that's exactly why I asked ... you don't need to lecture me
on what I don't understand. :) I was in no way questioning the design
of MailScanner, I was just wondering why things are the way they are.
Thank you for your response! But you didn't answer why it's not
correctly parsing clamscan's output. Is the clamav support perhaps
linked to an older version of clamav? I really hate pattern matching
textual output from other programs and this is one reason why. It
sounds like you are restricted here for efficiency's sake though. Or
is something wrong with my config? I've added my own debug as clamscan
is being run and is detecting a virus, it's just that MailScaner isn't
picking that up.
More information about the MailScanner