Mailing List Archive: ClamAV: win32

clamav (w32) slow compared to sosdg

Index | Next | Previous | View Threaded

hohokus at gmail

Dec 9, 2006, 5:55 PM

Post #1 of 5 (1692 views)
Permalink

clamav (w32) slow compared to sosdg

clamav from w32.clamav.net appears much, much slower on my system,
compared to sosdg. same definitions, same options.

w32:
----------- SCAN SUMMARY -----------
Known viruses: 84832
Engine version: devel-20061209
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 1.00 MB
Time: 52.764 sec (0 m 52 s)

sosdg:
----------- SCAN SUMMARY -----------
Known viruses: 84832
Engine version: devel-20061102
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 1.00 MB
Time: 4.750 sec (0 m 4 s)

this is scanning a ~1mb email with attached images.

any thoughts on this? no realtime virus scanners in play. running on
win2000.

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

njh at bandsman

Dec 10, 2006, 1:34 AM

Post #2 of 5 (1602 views)
Permalink

Re: clamav (w32) slow compared to sosdg [In reply to]

Justin wrote:
> clamav from w32.clamav.net appears much, much slower on my system,
> compared to sosdg. same definitions, same options.
>
> w32:
> ----------- SCAN SUMMARY -----------
> Known viruses: 84832
> Engine version: devel-20061209
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 1.00 MB
> Time: 52.764 sec (0 m 52 s)
>
> sosdg:
> ----------- SCAN SUMMARY -----------
> Known viruses: 84832
> Engine version: devel-20061102
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 1.00 MB
> Time: 4.750 sec (0 m 4 s)
>
> this is scanning a ~1mb email with attached images.
>
> any thoughts on this? no realtime virus scanners in play. running on
> win2000.

There is another, more important, difference which you omitted to include in your equation: the difference in the engine versions. Recently the engine was upgrade to catch more viruses, unfortunately this improvement included a nasty performance hit, which we are aware of.

-Nigel

dave-usenet at djwcomputers

Dec 10, 2006, 5:48 PM

Post #3 of 5 (1589 views)
Permalink

Re: clamav (w32) slow compared to sosdg [In reply to]

In message <457BD4B8.3010704 [at] bandsman> Nigel Horne
<njh [at] bandsman> wrote:

>There is another, more important, difference which you omitted to include in your equation: the difference in the engine versions. Recently the engine was upgrade to catch more viruses, unfortunately this improvement included a nasty performance hit, which we are aware of.

Is there a light at the end of the tunnel?

Admittedly my server isn't far from running at capacity, so an upgrade
is already in the works, but the difference in engines means I'm no
longer able to keep up with my mail flow during peak times with ClamAV
running.

I'm currently running both Kaspersky and ClamAV, so my current solution
is to bypass certain classes of messages from ClamAV scanning, this is
helping, but at the end of the day, customers are still noticing the
difference.

For the record, if there is no light at the end of the tunnel, that's
fine, I'll build out the capacity for it -- But if this is a temporary
measure that is expected to revert to previous CPU utilization in the
short term, I'll invest in a higher I/O:CPU ratio.
--
Dave Warren,
MSN Instant Messenger: dave [at] djwcomputers
Office: (403) 770-6140 Cell: (403) 690-3140

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

njh at bandsman

Dec 10, 2006, 11:59 PM

Post #4 of 5 (1576 views)
Permalink

Re: Re: clamav (w32) slow compared to sosdg [In reply to]

Dave Warren wrote:
> In message <457BD4B8.3010704 [at] bandsman> Nigel Horne
> <njh [at] bandsman> wrote:
>
>> There is another, more important, difference which you omitted to include in your equation: the difference in the engine versions. Recently the engine was upgrade to catch more viruses, unfortunately this improvement included a nasty performance hit, which we are aware of.
>
> Is there a light at the end of the tunnel?

We take the attitude that catching viruses is much more important than
performance, so we have other issues on our list of things to do. I
don't wish to sound as though we consider performance unimportant
(profiling the code is always on my list of things to do!), we do, but I
wish you to understand where our priority is.

> I'm currently running both Kaspersky and ClamAV, so my current solution
> is to bypass certain classes of messages from ClamAV scanning, this is
> helping, but at the end of the day, customers are still noticing the
> difference.

It would be useful if you were to find the specific class or type of
file which suffers most and let us know, so that we know where to focus
our time.

-Nigel

dave-usenet at djwcomputers

Dec 11, 2006, 7:20 AM

Post #5 of 5 (1580 views)
Permalink

Re: clamav (w32) slow compared to sosdg [In reply to]

In message <457D0FDD.7010406 [at] bandsman> Nigel Horne
<njh [at] bandsman> wrote:

>Dave Warren wrote:
>> In message <457BD4B8.3010704 [at] bandsman> Nigel Horne
>> <njh [at] bandsman> wrote:
>>
>>> There is another, more important, difference which you omitted to include in your equation: the difference in the engine versions. Recently the engine was upgrade to catch more viruses, unfortunately this improvement included a nasty performance hit, which we are aware of.
>>
>> Is there a light at the end of the tunnel?
>
>We take the attitude that catching viruses is much more important than
>performance, so we have other issues on our list of things to do. I
>don't wish to sound as though we consider performance unimportant
>(profiling the code is always on my list of things to do!), we do, but I
>wish you to understand where our priority is.

Understood -- And in principle I agree, although in practice, if I
wanted to block all viruses, I'd simply run mimedefang and/or discard
anything which isn't in plain-text to begin with, so there always needs
to be a balance.

A hardware upgrade to my under-powered server will restore balance to
the universe.

>> I'm currently running both Kaspersky and ClamAV, so my current solution
>> is to bypass certain classes of messages from ClamAV scanning, this is
>> helping, but at the end of the day, customers are still noticing the
>> difference.
>
>It would be useful if you were to find the specific class or type of
>file which suffers most and let us know, so that we know where to focus
>our time.

Right now, I'm concentrating more on the classes of mail that are less
of a threat and therefore don't need to be scanned with two engines.

I've got two new servers lined up and ready to roll, once I'm migrated
over I'll start passing everything through clamd again and see if I can
identify any specific classes or groups of mail which take longer then
expected, with any luck it won't be a security-sensitive client :)
--
Dave Warren,
MSN Instant Messenger: dave [at] djwcomputers
Office: (403) 770-6140 Cell: (403) 690-3140

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads