Hello, I've recently upgraded to clamav 0.90.2 on my linux mail server. Since then I've noticed huge hogs on CPU and long delays of clamscan processes.
I made a test today to see the difference between various versions of clamav. I've compiled versions 0.90.2 0.90.1 0.88.7 all with the same options ./configure --prefix=/usr --with-dbdir=/var/lib/clamav All versions used /var/lib/clamav database of the system's 0.90.2 clamav from ATrpms. Then checked each one on a test file that contains the EICAR test virus 0.88.7 took 2 seconds to identify the virus 0.90.1 took 30 seconds to identify the virus 0.90.2 took 30 seconds to identify the virus Is this delay normal? I can see that version 0.90.2 identifies 215694 viruses and 0.88.7 only 90480. Maybe that's the reason. But from 2 to 30 seconds seems a long delay for a busy mail server. The system is Linux 2.6.20-1.2944.fc6 i686 i686 Fedora Core 6 Intel(R) Pentium(R) 4 CPU 3.00GHz Ram: 2 G Up to date The rpm from ATrpms also takes the same time (30 sec) to identify the virus. Thanks in advance Kapetanakis Giannis System & Network Admin University of Crete / Physics Dep.
# /usr/src/misc/clamav-0.90.2/clamscan/clamscan --debug foo LibClamAV debug: Initializing the engine (0.90.2) LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock LibClamAV debug: Loading databases from /var/lib/clamav/main.inc LibClamAV debug: Initializing md5 list structure LibClamAV debug: /var/lib/clamav/main.inc/main.fp loaded LibClamAV debug: /var/lib/clamav/main.inc/main.hdb loaded LibClamAV debug: /var/lib/clamav/main.inc/main.zmd loaded LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initialising AC pattern matcher of root[0] LibClamAV debug: Initializing BM tables of root[0] LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initialising AC pattern matcher of root[1] LibClamAV debug: Initializing BM tables of root[1] LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initialising AC pattern matcher of root[2] LibClamAV debug: Initializing BM tables of root[2] LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initialising AC pattern matcher of root[3] LibClamAV debug: Initializing BM tables of root[3] LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initialising AC pattern matcher of root[4] LibClamAV debug: Initializing BM tables of root[4] LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initialising AC pattern matcher of root[5] LibClamAV debug: Initializing BM tables of root[5] LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initialising AC pattern matcher of root[6] LibClamAV debug: Initializing BM tables of root[6] LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: /var/lib/clamav/main.inc/main.db loaded LibClamAV debug: /var/lib/clamav/main.inc/main.ndb loaded LibClamAV debug: /var/lib/clamav/main.inc/main.mdb loaded LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock LibClamAV debug: Loading databases from /var/lib/clamav/daily.inc LibClamAV debug: /var/lib/clamav/daily.inc/daily.cfg loaded LibClamAV debug: /var/lib/clamav/daily.inc/daily.db loaded LibClamAV debug: /var/lib/clamav/daily.inc/daily.hdb loaded LibClamAV debug: /var/lib/clamav/daily.inc/daily.mdb loaded LibClamAV debug: /var/lib/clamav/daily.inc/daily.zmd loaded LibClamAV debug: /var/lib/clamav/daily.inc/daily.ndb loaded LibClamAV debug: /var/lib/clamav/daily.inc/daily.fp loaded LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 3e37be3e4f9f91af1051d70e45078bb0 LibClamAV debug: cli_versig: Decoded signature: 3e37be3e4f9f91af1051d70e45078bb0 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/COPYING LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.db LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.hdb LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.ndb LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.zmd LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.fp LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.mdb LibClamAV debug: Unpacking /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.info LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock LibClamAV debug: Loading databases from /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d LibClamAV debug: /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.mdb loaded LibClamAV debug: /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.db loaded LibClamAV debug: /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.ndb loaded LibClamAV debug: /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.hdb loaded LibClamAV debug: /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.fp loaded LibClamAV debug: /tmp/clamav-aa215b1606c6f576842e7352e0f3cb7d/main.zmd loaded LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SUE: On LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: Module ELF: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: ** Off ** LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: /var/lib/clamav/main.cvd loaded LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SUE: On LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: Module ELF: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: ** Off ** LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: Eicar-Test-Signature found in descriptor 3 foo: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 215694 Engine version: 0.90.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Time: 29.443 sec (0 m 29 s)
# /usr/src/misc/clamav-0.88.7/clamscan/clamscan --debug foo LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: Loading /var/lib/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 3e37be3e4f9f91af1051d70e45078bb0 LibClamAV debug: Decoded signature: 3e37be3e4f9f91af1051d70e45078bb0 LibClamAV debug: Digital signature is correct. LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ******************************************************** LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/COPYING LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/main.db LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/main.hdb LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/main.ndb LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/main.zmd LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/main.fp LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/main.mdb LibClamAV debug: Unpacking /tmp/clamav-1470fedc2eb8f838/main.info LibClamAV debug: Loading databases from /tmp/clamav-1470fedc2eb8f838 LibClamAV debug: Loading /tmp/clamav-1470fedc2eb8f838/main.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-1470fedc2eb8f838/main.ndb LibClamAV debug: Loading /tmp/clamav-1470fedc2eb8f838/main.hdb LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-1470fedc2eb8f838/main.fp LibClamAV debug: Loading /tmp/clamav-1470fedc2eb8f838/main.zmd LibClamAV debug: Eicar-Test-Signature found in descriptor 3. foo: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 90480 Engine version: 0.88.7 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Time: 2.002 sec (0 m 2 s)
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
