> OK...I'll do some testing tomorrow and see if we can't come up with some > information for you. > > Matt
> in the last few days a lot of spam is (ab)using t.co shortened URLs in > the payload, so these are ending up in bofhland_cracked_URL.ndb (~7K > distinct URLs atm) > Sorry for the cross post... Hi, In doing a very small single file test using the bofhland_cracked_URL.ndb, it look ** 66 seconds ** to scan the file. Having a quick look at repeating pattens in the file, 777777 (www) was common, so just for testing I tried this... sed "s/(B)7777772E/2E/g" bofhland_cracked_URL.ndb > bofhland_cracked_URL_test.ndb This will remove the beginning boundary check and the www. bit... and replace with a single ".", which hopefully will be a simple boundary separator: If I now scan the same file, but using the bofhland_cracked_URL_test.ndb database, it only takes ** 5 seconds ** :O Not sure if this is the workaround... but certainly food for thought. Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
