Re: [clamav-users] problem reading socket while updating database

Jingo Administrator Wed, 08 Jul 2015 13:31:10 -0700

I have the clamav-unofficial-sigs-3.7.2 package installed and 4
signature libraries of SecuriteInfo.com
Here's the output of 'ls -l' of my /var/lib/clamav directory:
total 311024
-rw-r--r-- 1 clamav clamav    78152 Jul  8 20:55 blurl.ndb
-rw-r--r-- 1 clamav clamav  6058730 Jul  8 20:50 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav    92058 Jul  8 20:50 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav    55336 Jul  8 20:50 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav    13648 Jul  8 20:50 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav   462336 Jul  6 16:31 bytecode.cld
-rw-r--r-- 1 clamav clamav   364678 Jul  8 20:50 crdfam.clamav.hdb
-rw-r--r-- 1 clamav clamav 93945344 Jul  8 19:39 daily.cld
-rw-r--r-- 1 clamav clamav       65 Jul 26  2013 doppelstern.hdb
-rw-r--r-- 1 clamav clamav 40301619 Jul  8 16:33 javascript.ndb
-rw-r--r-- 1 clamav clamav  6360934 Jul  7 10:57 junk.ndb
-rw-r--r-- 1 clamav clamav   517999 Jul  8 20:55 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 64720632 May  6 11:17 main.cvd
-rw-r--r-- 1 clamav clamav      356 Jan 29 00:51 mbl.ndb
-rw------- 1 clamav clamav      312 Jul  8 21:40 mirrors.dat
-rw-r--r-- 1 clamav clamav  3750508 Jul  8 13:15 phish.ndb
-rw-r--r-- 1 clamav clamav  4267912 Jul  8 20:46 phishtank.ndb
-rw-r--r-- 1 clamav clamav   271956 Jul  8 20:46 porcupine.ndb
-rw-r--r-- 1 clamav clamav   366130 Jul  8 14:55 rogue.hdb
-rw-r--r-- 1 clamav clamav 16796323 Jul  8 17:37 safebrowsing.cvd
-rw-r--r-- 1 clamav clamav     9952 Sep  3  2014 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav  1873411 Jul  7 09:58 scam.ndb
-rw-r--r-- 1 clamav clamav  2074222 Jul  8 17:37 securiteinfoascii.hdb
-rw-r--r-- 1 clamav clamav 41902481 Jul  8 11:30 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 32527410 Jul  8 12:30 securiteinfohtml.hdb
-rw-r--r-- 1 clamav clamav     3394 Jun 30 18:36 securiteinfo.ign2
-rw-r--r-- 1 clamav clamav     6473 Jun 29 09:18 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav     1602 Nov 21  2014 spamattach.hdb
-rw-r--r-- 1 clamav clamav       98 May 19 16:54 spamimg.hdb
-rw-r--r-- 1 clamav clamav   186965 Apr 30 07:25 spam_marketing.ndb.non-act
-rw-r--r-- 1 clamav clamav    58278 Jul  8 20:45 winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav   259649 Dec 22  2014 winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav   209629 Jul  8 20:45 winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav   128378 Jul  8 20:45 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav   716158 Jul  8 20:45 winnow_malware_links.ndb


I am planning to drop the SecuriteInfo.com signature libraries first,
because these were the last I added and after that the issue began to
pop up.

Wouter

On 07/08/2015 06:46 PM, Steve Basford wrote:
> On Wed, July 8, 2015 5:09 pm, Jingo Administrator wrote:
>> Well, I agree my hardware isn't rather stunning and doesn't help to
>> (dramatically) reduce the time it takes for clamav to reload the
>> database. I will draw my conclusion and start to drop the 3rd party sigs.
>
> What signatures (3rd Party) are you using... some of the, do take more
> memory and are slower to process than others.
>
> Using a very simple scan on one file, here's how the dbs compare...
>
> foxhole_filename.cdb   1062 ms
> doppelstern-phishtank.ndb      1078 ms
> foxhole_all.cdb        1078 ms
> doppelstern.hdb        1093 ms
> doppelstern.ndb        1093 ms
> spamimg.hdb    1093 ms
> winnow.complex.patterns.ldb    1093 ms
> winnow_bad_cw.hdb      1093 ms
> winnow_extended_malware_links.ndb      1093 ms
> bofhland_phishing_URL.ndb      1094 ms
> crdfam.clamav.hdb      1094 ms
> rogue.hdb      1094 ms
> spam.ldb       1094 ms
> spamattach.hdb         1094 ms
> spearl.ndb     1094 ms
> winnow.attachments.hdb         1094 ms
> bofhland_malware_URL.ndb       1109 ms
> foxhole_generic.cdb    1109 ms
> lott.ndb       1109 ms
> winnow_extended_malware.hdb    1109 ms
> winnow_malware.hdb     1109 ms
> winnow_spam_complete.ndb       1125 ms
> bofhland_malware_attach.hdb    1141 ms
> jurlbla.ndb    1141 ms
> porcupine.ndb  1156 ms
> winnow_malware_links.ndb       1157 ms
> blurl.ndb      1187 ms
> jurlbl.ndb     1188 ms
> scam.ndb       1391 ms
> phishtank.ndb  1578 ms
> spear.ndb      1640 ms
> bofhland_cracked_URL.ndb       1734 ms
> winnow_phish_complete.ndb      1750 ms
> junk.ndb       1765 ms
> winnow_phish_complete_url.ndb  1766 ms
> phish.ndb      3422 ms
> scamnailer.ndb         6031 ms
>
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


--- e-mail sent by Private Lotus using Exim ---
------------ virus scan by ClamAV -------------
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problem reading socket while updating database

Reply via email to