miker at invcs
Mar 23, 2007, 5:12 PM
Post #1 of 2
(1210 views)
Permalink
|
Hello, everyone. I am new to this and to clam AV. I am looking at
building a solution around it (email scanning) and have a performance
question:
My question is, does clam av scan the entire file or is required to scan
the entire file before determining if it's a virus or not? Or does it scan
as much of the file (i.e., the first 64K) before it determines it's a
file? I assume if you scan zip and jar files, it has to unpack the zip
and scan each file inside. I'm wondering if a stream approach would be
better in terms of performance or should I dettach each file attachment in
an email message and scan the file that way. Or possibly could I have a
service (clamd) on another computer and stream the files that way.
Thank You,
Mike
Luca Gibelli <luca [at] clamav>
Sent by: clamav-devel-bounces [at] lists
03/23/2007 07:01 PM
Please respond to
ClamAV Development <clamav-devel [at] lists>
To
ClamAV Development <clamav-devel [at] lists>
cc
Subject
Re: [Clamav-devel] Patch: freshclam: keep downloaded cdiffs for local
distribution
Hello Aidas,
> >> v. 0.90.1 applies downloaded cdiffs and removes them, so
there is no
> >> way to distribute them to local clients. Attached patch allows to
keep
> >> them and configure movement to RootDirectory of local web server.
> >
> > There's no need for such a patch, please check the latest version of
the FAQ.
>
> Which one is the latest?
Obviously the one linked on our website:
http://www.clamav.net/support/faq
> - speaking about ScriptedUpdates, or
> - speaking about caching proxy as the only option?
> - or anything else?
The FAQ explains why a patch is not needed:
* I’m running ClamAV on a lot of clients on my local network. Can I serve
the cvd files from a local server so that each client doesn’t have to
download them from your servers?
* Sure, there are two possible solutions.
* If you want to take advantage of incremental updates, install a
proxy server and then configure your freshclam clients to use it (watch
for the HTTPProxyServer parameter in man freshclam.conf).
* The second possible solution is to configure a local webserver on
one of your machines (say machine1.mylan) and let freshclam download the
*.cvd files from http://database.clamav.net to the webserver’s
DocumentRoot. Finally, change freshclam.conf on your clients so that it
reads:
* DatabaseMirror machine1.mylan
First the database will be downloaded to the local webserver and then
the other clients on the network will update their copy of the database
from it. For this to work, you have to add ScriptedUpdates off on all of
your machines!
Best regards
--
Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit
[Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
|
signature.asc
