Re: [clamav-users] Scan very slow

Mon, 08 Apr 2019 09:41:35 -0700 

Hello again,

On Mon, 8 Apr 2019,  Arnaud Jacques wrote:

Le 07/04/2019 ? 18:18, G.W. Haywood via clamav-users a ?crit?:

> > grep -a '^Phishtank.Phishing' daily.cld | cut -d':' -f1 >
> ~/phishtank.ign2

This is not optimized :
Phishtank.Phishing are loaded in memory.
Then phishtank.ign2 is loaded on memory.


Possibly true, I haven't looked at the code, but if I'd coded it then
it would work in a more sensible way.  I'd free the ignored signatures
from memory (and keep a note of the databases/files in use, and check
their mtimes every now and again - perhaps even for every scan - etc.).


So there is a lot of memory used for nothing.


Conjecture?


And I guess this will slow down the scan.


Conjecture, but easily tested.  And if it *does* slow down the scan,
I'd suggest that something must be horribly wrong.  It should be far
quicker to ignore a signature than to check some block of data to see
if it's matched.  Of course if the signature doesn't exist (i.e. it's
been removed from memory) then it will take zero time to process it. :)


... and one day I created a *huge* ign2 file and it crashed clamd.


Has this fault in the code been reported?


Ign2 files may not be appropriate to ignore tons of signatures.


I did count the number of signatures before suggesting this.

mail6:~# >>> wc -l phishtank.ign2
3968 phishtank.ign2
mail6:~# >>>

I agree that it might not make sense to do this for somthing like all
the Android signatures; if we're talking about hundreds of thousands,
instead of just a few thousand, then I'd start asking if it weren't
more appropriate to create my own databases from the published ones or
something like that.  But for just a few thousand signatures, I'd have
thought a .ign2 file would be quite satisfactory.

Isn't that what this mechanism is for?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to