On Mon, 18 Oct 2010 13:32:01 -0500 René Berber <rber...@prodigy.net.mx> wrote:
> On 10/18/2010 12:54 PM, Török Edwin wrote: > > > What kind of signatures do those 3rdparty databases have? > > Can you use wc -l, and then group them by extension? > > I would expect hashes (.mdb, .hdb) to load quite fast, since we have > > lots of those too, and .ndb, or maybe .ldb to load a bit more > > slowly if you have many. > > # wc -l * > 2310 bytecode.cld > 140903 daily.cld > 705232 main.cld > ------ > 848445 (67%) > > 139 sanesecurity.ftm > > 20 sigwhitelist.ign2 > > 111 doppelstern.hdb > 1613 rogue.hdb > 854 spamimg.hdb > 63 spamattach.hdb > 2158 winnow.attachments.hdb > 14344 winnow_malware.hdb > ----- > 19143 (2%) > > 56 spam.ldb > 3 winnow.complex.patterns.ldb > ---- > 59 > > 216439 INetMsg-SpamDomains-2m.ndb > 542 doppelstern.ndb > 36235 junk.ndb > 19492 jurlbl.ndb > 49131 jurlbla.ndb > 2217 lott.ndb > 1727 mbl.ndb > 14604 phish.ndb > 11167 scam.ndb > 20878 scamnailer.ndb > 15439 spear.ndb > 3943 spearl.ndb > 1901 winnow_malware_links.ndb > 709 winnow_phish_complete_url.ndb > ------ > 394424 (31%) These look like the largest, I'll do some tests on the Solaris box I have access to and see how long it takes there. > > > Although it is expected that using more signatures slows down DB > > reload, 4 minutes is a bit much. > > How long does it take with only the official DBs? > > I don't know, I'll have to test that on the off-hours. > > BTW clamd spikes the CPU to between 80 to 90% during those 4 minutes. That is to be expected, it is busy loading. I assume you mean 80% of one core though, not all 32. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
