Re: [Clamav-users] Reducing CPU consumption?

Sun, 04 Jul 2004 00:36:26 -0700 

Michael D. Crawford wrote:

Recall that I was asking the list recently how to deal
with getting 400 MB a day of the zafi.b virus in my
mailbox.  I can filter out my mailbox with a procmail
script, followed by using clamscan and procmail, but
my hosting service isn't yet able to do it for me.

It turns out that they had clamav working in their
email processor for a little while, but had to disable
it because it used so much CPU time that the host
wasn't able to keep up with its load.  Ironically, I
think that was likely the case because the hosting
service is getting spammed with so many viruses.

Is there a way to filter out the most obvious viruses
without using very much CPU time, so that the
processing required to scan all the remaining messages
with clamav wouldn't be so great?

I saw a note posted here recently about a program that
would remove messages with certain attachment types
without actually checking if there was a known virus. Something like that should help, perhaps you could
give me more details. As an example, any message with
an attachment whose filename ends in ".scr" (Windows
screensaver) is almost certainly a virus.

Also the first pass I make on my saved spool files is
to filter based just on the subject line.  For example
I delete any messages whose subject includes "You`ve
got 1 VoiceMessage".

What else could be done?

Hopefully I can figure out a virus-scanning scheme
that would suit my hosting service and be able to help
their admins out at getting it installed.  The hosting
service (http://www.seagull.net/) is a small
"mom-and-pop" host, and I think they have their hands
full with all the work they already have to keep it
running.

Mike Crawford
[EMAIL PROTECTED]


A cache of positive detections would improve that usage of CPU. I've it working with other AVs and gets rid of a lot of that all-the-day-coming stuff.
Greetings,
JC


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to