[clamav-users] Worrying clamscan timing trend

Chris St John cbs at primusinterpares.co.uk
Fri Aug 14 06:42:31 EDT 2015


I found the problem, and actually it brought my server to a halt and
required extensive work in "single user mode" to bring it back online.

ClamAV writes temporary files to /private/var/folders - a lot of temporary
files, several million in fact - and it looks like OSX doesn't deal very
well with millions of files in one directory.

Reboot stopped for what appeared to be an indefinite period, and once I'd
rebooted to single user and found the problem deleting the temporary files
with rm -rf took several hours. Once complete the system rebooted just fine.

Looks like it's largely a ClamAV configuration problem compounded with
inherent limitations of the OSX filesystem.

On Thu, Jul 9, 2015 at 4:02 PM, Chris St John <cbs at primusinterpares.co.uk>
wrote:

> I've installed ClamAV 0.98.5 using "brew" on OSX (Yosemite) and I schedule
> a daily freshclam followed by clamscan using Jenkins-CI.
>
> I've noticed a worrying trend in the scan times over the past couple of
> weeks:
>
> June 20
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 3849353
> Engine version: 0.98.5
> Scanned directories: 199102
> Scanned files: 1559603
> Infected files: 0
> Data scanned: 69081.70 MB
> Data read: 191713.22 MB (ratio 0.36:1)
> Time: 27714.616 sec (461 m 54 s)
> Finished: SUCCESS
>
>
> July 8
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 3885885
> Engine version: 0.98.5
> Scanned directories: 199602
> Scanned files: 2465935
> Infected files: 0
> Data scanned: 72968.66 MB
> Data read: 206279.09 MB (ratio 0.35:1)
> Time: 54119.966 sec (901 m 59 s)
>
>
> so that's a ~100% increase in time for a ~10% increase in data read/scanned. The intervening times look pretty much linear between these two points. The full graph is available here:
>
> https://www.dropbox.com/s/hyxi9bmpy5uzlsp/ClamAV.png?dl=0
>
>
> At this rate I won't be able to do daily scans in another 2 weeks or so - they'll take longer than 24 hours.
>
>
> Will an upgrade to 0.98.7 (currently unsupported by "brew") solve this or am I doing something wrong?
>
>
> Thanks,
>
> Chris
>
>
>



More information about the clamav-users mailing list