Re: [AMaViS-user] Antivirus programs?

From: Bill Landry <bill(at)inetmsg.com>
Date: Wed Oct 10 2007 - 18:27:22 EDT

Adam65535 wrote:
> On 10/10/07, *Bill Landry* <bill@inetmsg.com <mailto:bill@inetmsg.com>>
> wrote:
>
> Adam65535 wrote:
> > On 10/9/07, Pelletier, Robert <pelletierr@csdhr.qc.ca
> <mailto:pelletierr@csdhr.qc.ca>> wrote:
> >> I'm using ClamAV. It's a perfect match with Amavis, it's fast and
> get's
> >> high in the reviews.
> >>
> >
> > In my experiences clamav/clamd is much slower than other mail
> scanners (even
> > when up against command line scanners like uvscan). It is still a
> very
> > useful virus scanner but not fast by any means. For an example... the
> > command line scanner uvscan takes .15 seconds while clamav takes
> 2.6 seconds
> > for the same email. This trend is throughout the logs.
>
> Those figures certainly don't match my results. I ran clamd and
> uvscan for
> quite some time (at least two years) until our volume became too
> great, and then
> had to do away with uvscan because it was way too slow. For the
> most part,
> clamd timings were always sub-second, while uvscan was always in the
> multiple
> second range, even as high as 17 seconds on some scans.
>
> I would suggest that you are using clamscan rather than clamd did if
> you are
> seeing the results you are reporting above.
>
>
> I disabled clamscan with amavis because the timings for that are much
> worse than clamd so I don't want that as a backup scanner. I am 110%
> sure I am using clamd. I have been running amavisd-new with uvscan and
> clamd on a few servers with the same results in timings. Pretty weird
> that you are seeing different results. Uvscan has always been quicker
> for me with 4.x and the 5.x versions of uvscan than clamd by far.
>

Just for reference purposes, I still have uvscan running on an old single proc P350 running RedHat 9. Here are some timing comparisons between uvscan (Scan engine v5.1.00 for Linux) and clamdscan (ClamAV 0.91.2):

time /usr/local/bin/uvscan --secure -rv --mime --mailbox --noboot test.eml

real    0m6.371s
user    0m5.840s
sys     0m0.528s

===

time /usr/local/bin/clamscan --stdout --detect-broken --block-max

--mail-follow-urls --max-recursion=15 --unzip=/usr/bin/unzip
--unrar=/usr/local/bin/unrar --arj=/usr/bin/arj --unzoo=/usr/bin/unzoo
--lha=/usr/bin/lha --jar=/usr/bin/unzip --tar=/bin/tar --tgz=/bin/tar -r test.eml

real 0m12.790s
user 0m11.437s
sys 0m0.480s

===

time /usr/local/bin/clamdscan test.eml

real    0m0.388s
user    0m0.004s
sys     0m0.008s

Of all of the virus scanners I've personally tested with amavisd-new (ClamAV, BitDefender, UVScan, Sophis, TrendMicro, Avast, AntiVir, Panda, AVG, and F-Prot), F-Prot is by far the fastest command-line scanner of the bunch. It is almost as fast a some of the other scanners when running in daemon mode.

time /usr/local/bin/f-prot -ai -archive=5 -dumb -noboot -nobreak -nomem -follow -packed -server test.eml

real    0m2.888s
user    0m2.489s
sys     0m0.395s

Anyway, just my unsolicited 2 cents...

Bill

---

This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/

---

AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ Received on Wed Oct 10 18:35:38 2007