On 25 Apr 2012 at 14:55, Török Edwin wrote:
> On 04/25/2012 02:33 PM, Pierre Dehaen wrote:
> > On 24 Apr 2012 at 18:11, Steve Basford wrote:
> >
> >>> Has anyone else seen these kinds of delays? Is there any way to get
> >>> these databases to load faster or to allow ClamAV to continue scanning
> >>> when the database is being reloaded?
> >>
> >> Sorry for the briefness here, as I'm currently sorting out my home
> >> internet access...
> >>
> >> For those having issues:
> >>
> >> a) what databases are loaded
> >> b) what OS are you running
> >>
> >> It could be, as someone else suggested a tipping point in memory, but
> >> we need to get a handle on db's used etc.
> >>
> >> Perhaps we can then get a set of test data and create a bugzilla clamav
> >> entry....
> >
> > I don't know if this can help speeding up the process but I collected some
> > statistics on
> > clamscan of a small file (wallclock duration: ~25sec):
>
> I think I'm missing some context here: which DB files are slow to load?
> The official ones? Just the sanesecurity ones? Any particular DB from the
> sanesecurity ones?
$ clamscan --official-db-only=yes afile
afile: OK
----------- SCAN SUMMARY -----------
Known viruses: 1204045
Engine version: 0.97.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 14.235 sec (0 m 14 s)
$ clamscan afile
afile: OK
----------- SCAN SUMMARY -----------
Known viruses: 1446134
Engine version: 0.97.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 26.130 sec (0 m 26 s)
# This shows time delta between open syscalls (and the DBs used):
$ truss -Dt open clamscan afile
[...]
0.0015 open("/opt/clamav/etc/freshclam.conf", O_RDONLY) = 3
0.0232 open("/opt/clamav/share/clamav/sigwhitelist.ign2", O_RDONLY) = 4
0.0026 open("/opt/clamav/share/clamav/daily.cld", O_RDONLY) = 4
0.0004 open("/opt/clamav/share/clamav/daily.cld", O_RDONLY) = 4
1.4788 open("/opt/clamav/share/clamav/main.cld", O_RDONLY) = 4
11.3070 open("/opt/clamav/share/clamav/winnow_malware.hdb", O_RDONLY) = 4
0.0015 open("/opt/clamav/share/clamav/junk.ndb", O_RDONLY) = 4
1.4502 open("/opt/clamav/share/clamav/jurlbl.ndb", O_RDONLY) = 4
0.2828 open("/opt/clamav/share/clamav/phish.ndb", O_RDONLY) = 4
6.3976 open("/opt/clamav/share/clamav/rogue.hdb", O_RDONLY) = 4
0.0201 open("/opt/clamav/share/clamav/scam.ndb", O_RDONLY) = 4
1.6515 open("/opt/clamav/share/clamav/spamimg.hdb", O_RDONLY) = 4
0.0073 open("/opt/clamav/share/clamav/winnow_malware_links.ndb", O_RDONLY) = 4
0.4164 open("/opt/clamav/share/clamav/MSRBL-Images.hdb", O_RDONLY) = 4
0.0203 open("/opt/clamav/share/clamav/MSRBL-SPAM.ndb", O_RDONLY) = 4
0.2371 open("/opt/clamav/share/clamav/bytecode.cld", O_RDONLY) = 4
0.0609 open("/opt/clamav/share/clamav/pierre.ndb", O_RDONLY) = 4
0.0050 open("/opt/clamav/share/clamav/securiteinfo.hdb", O_RDONLY) = 4
1.0959 open("/opt/clamav/share/clamav/spamattach.hdb", O_RDONLY) = 4
0.0052 open("/opt/clamav/share/clamav/honeynet.hdb", O_RDONLY) = 4
0.0055 open("/opt/clamav/share/clamav/mbl.ndb", O_RDONLY) = 4
0.0512 open("/opt/clamav/share/clamav/sanesecurity.ftm", O_RDONLY) = 4
1.4356 open("afile", O_RDONLY) = 3
afile: OK
----------- SCAN SUMMARY -----------
Known viruses: 1446134
Engine version: 0.97.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 26.650 sec (0 m 26 s)
So main.cdl is taking most of the time. Note that I do not complain about the
load time: to me,
26sec, it is not a problem. This just delays mail scanning a little bit.
Regards,
Pierre
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
