We're running on ubuntu servers with freshclam updating signatures daily. Over the last year or so there seems to have been a very noticeable degradation of performance with clamscan, by which I mean it seems to be significantly slower.
For example - scanning a couple of simple files around May 2018 took around 11 seconds: ----------- SCAN SUMMARY ----------- Known viruses: 6514140 Engine version: 0.99.4 Scanned directories: 1 Scanned files: 4 Infected files: 1 Data scanned: 0.04 MB Data read: 0.04 MB (ratio 1.00:1) Time: 11.585 sec (0 m 11 s) On the same machine last week: $ clamscan test.txt test.txt: OK ----------- SCAN SUMMARY ----------- Known viruses: 6165915 Engine version: 0.100.3 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 30.820 sec (0 m 30 s) By a fairly crude process of elimination (using sigtool to unpack daily.cvd), we've identified the daily.ldb signatures as contributing significantly to the slow performance; perhaps especially those which begin "Win.Trojan.Agent" I'm happy to provide details of this analysis if it would be useful. However, it's difficult to do a good comparison of how changes in the signatures have affected performance over time, as it doesn't seem to be possible to download older copies of e.g. daily.cvd unless I'm missing something? Is there anything we can do about this? Has anyone else noticed how significant the apparent slowdown has been?
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
