On Mar 15, 2011, at 7:10 PM, TR Shaw wrote: >> On Mar 15, 2011, at 4:48 PM, TR Shaw wrote: >> >>> Look at your config file. You don't need to scan all more than probably >>> 200KB of a file. >> >> So you are suggesting I use the MaxScanSize directive to limit scans to the >> first 200KB of each file? (i.e., add a line to clamd.conf: MaxScanSize >> 200KB). >> >> I imagine that would speed things up nicely.... :-) >> > > Yes. Pick a size you feel comfy with but I believe there are few signatures > that span large file sizes. You might want to override this once a week to > check large zip/gz files but in general this should be good. Let me know how > it helps.
A full scan with default settings (MaxScanSize = 20MB) takes about 2 hours to scan a particular directory. A full scan with MaxScanSize = 1MB takes about 1 hour. A full scan with MaxScanSize = 200K takes about 18 minutes. *** So I now have two tactics to minimize scan time: 1) Partially scan ALL files 2) Fully scan a set of recently modified files. Which is more likely?: That a partial scan (first 200K) misses a baddie? Or that a baddie fakes a modification date? ----------------- Russ Tyndall Wake Forest, NC _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
