Re: [Clamav-users] Tracking false positives

Dennis Peterson Wed, 15 Sep 2010 10:05:29 -0700

On 9/15/10 7:47 AM, Tomasz Kojm wrote:

On Tue, 14 Sep 2010 09:22:48 -0700 Dennis Peterson<denni...@inetnw.com>
wrote:

Time tests of sigtool --find-sigs compared to grep. The output of either
sigtool or grep can be piped back in to sigtool --decode-sigs:

$ time sigtool --find-sigs Sanesecurity.Spam.10995
Sanesecurity.Spam.10995:4:*:46726f6d3a20{-50}5066697a6572*5375626a6563743a20{-100}2520


real    2m4.16s
user    1m46.65s
sys     0m2.88s


Hi David,

how many signatures are you using and which OS? On my 3-year old Linux
box the search takes 3 seconds (~965k sigs):

$ time sigtool --find-sigs Sanesecurity.Spam.10995
Sanesecurity.Spam.10995:4:*:46726f6d3a20{-50}5066697a6572*5375626a6563743a20{-100}2520

real    0m3.076s
user    0m2.952s
sys     0m0.124s

There are 823070 signatures in the current daily.cld, main.cld, andbytecode.cld, and 190586 signatures in the various Sane Security files. This isa Sun Sparc box running Solaris.

Which begs another question - anyone have a single command that will generatethese numbers based on signature files in the DataDictionary directory?


dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Tracking false positives

Reply via email to