Good Day. I've noticed, after running a strace on clamdscan, that clamdscan sends "control messages" using the UNIX socket "clamav.sock" on file descriptor 3. The first of these is the string "STREAM". The response from clamd is a port number to stream the email/file through. The IP socket is connected to on the port received, and data streamed through (on FD 4). The IP socket is then closed, and messages regarding the scanning done by clamd are sent through the UNIX socket.
Our problem is that the major delay in scanning our emails is at the point where clamdscan is waiting on a response for a port number. After that, streaming of data, and scanning is relatively quick. Do you have any recommendations on whether to use the UNIX socket as is default, for sending control messages, or using an IP socket instead. All connections are to the local host. My fear is that connections to the daemon are bottlenecked due to too many clients trying to connect through the UNIX socket, thus the delay. We have a very busy mail server, and the number of threads is set to 400. Hoping that perhaps the IP socket would scale better. Regards, EGK _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
