Michael D. Crawford wrote to [EMAIL PROTECTED]: > Is there a way to filter out the most obvious viruses without using > very much CPU time, so that the processing required to scan all the > remaining messages with clamav wouldn't be so great?
To the clamav devel team: how does the scanner determine in which order to check a file against each signature? If it's something like a naive linear search, that would indeed spin needless CPU cycles. The newest/nasty viruses occur frequently in the wild, and typically account for a significant share of messages in any given day/week (80/20 rule applies, here). We could certainly reduce CPU cycles by trying the most likely (or most frequently used over some fixed interval) signatures first. In the case of clean emails, the scanner would still have to do an exhaustive search, but the performance benefits for infected emails would nonetheless be significant. And, is there any kind of length detection currently in place? Most clean emails are short in length. If a 2K file or email comes through the scanner, there'd be no point checking signatures for viruses with an infection length > 2K, which would weed out the vast majority of signatures, and would vastly improve performance for the majority of clean emails. If clamav already does something like this, then great. I'll admit to not really having looked at the code. :-) - Ryan -- Ryan Thompson <[EMAIL PROTECTED]> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
