Hello Masaru,
> I think Neel's intention is to reduce the system load.
Thanks! Yes, and it's all over internet - discussions about ClamAV CPU
usage. I did face the same problem with McAfee but that was 15 years back. So,
I think it goes to show that is possible. Is it not possible for clamav dev to
do something about it?
On 8 CPU machine, clamav takes about 40% overall CPU with -m option. That's
HUGE. On 4 vCPU VM, it takes ALL with -m option.
People seem to come up with lot of strategies - incremental scan, cpulimit,
cPanel to name few.
Couldn't there be an option equivalent of -m, may be -l for --lazy or -s
for --staggered or -b for --breather? :)
Thanks in advance,
-Neel.
From: Masaru Nomiya via clamav-users <clamav-users@lists.clamav.net>
Sent: Tue, 10 Dec 2024 08:55:19
To: clamav-users@lists.clamav.net
Cc: Masaru Nomiya <nom...@lake.dti.ne.jp>
Subject: Re: [clamav-users] Using linux command "find" to get
modified files list for scan
Hello,
In the Message;
Subject : Re: [clamav-users] Using linux command
"find" to get modified files list for scan
Message-ID
: <f961d922-c798-e436-3bf9-956640631...@aitchison.me.uk>
Date & Time: Mon, 9 Dec 2024 12:47:59 +0000 (GMT)
[ACA] == Andrew C Aitchison via clamav-users
<clamav-users@lists.clamav.net> has written:
ACA> On Mon, 9 Dec 2024, neel roy via clamav-users wrote:
ACA> > Yes, that I found evident as described in mail below.
ACA> > Yet, no antivirus including ClamAV use this approach in
their product.
ACA> > There must be reason(s). I am just trying to find that
reason.
ACA> I do not think it is very useful to only scan files that have
changed.
ACA> That way, files that were changed by new (day-one?) malware
before ClamAV
ACA> has rules to detect them will not be caught unless they change
again.
ACA> With the "OnAccess" feature ClamAV scans a file
whenever it is opened
ACA> (for reading or writing IIRC). Working this way it is not so
useful to find
ACA> files which have changed, whether with 'find' or some
other way.
If the ClamAV daemon (clamd) is running, using clamdscan enables
multi-threaded scanning, and since the virus database does not need to
be loaded each time, it is more efficient, isn't it?
There is inevitably a time lag between the appearance of new viruses
and the expansion of the corresponding database, and onAccess is no
exception.
I think Neel's intention is to reduce the system load.
It is true that clamondacc is a heavy load.
Best Regards.
---
$B(.(,(,(/WD(B Masaru Nomiya
mail-to: nomiya @ lake.dti.ne.jp
$B(-!@!?WD(B
$B(1(,(,(0(B "As Google fights for positioning in a new AI boom and
an era where
some consumers are turning to TikTok or ChatGPT
instead of Google
Search, some employees now worry product development
could become
dangerously hasty. The restructuring of RESIN has
increased those
concerns, the sources say."
-- Google Splits Up a Key AI Ethics Watchdog
--
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
