[clamav-users] Scan very slow

jmedard at amv-sa.fr jmedard at amv-sa.fr
Sat Mar 23 05:26:43 EDT 2019


Hi,

Micah Snyder, Do you know if Clamav was able to trace the orgine of getting crawled in the database "daily.cld" and was able to fix the problem?
Regards

 

De : Micah Snyder (micasnyd) <micasnyd at cisco.com> 
Envoyé : lundi 18 mars 2019 18:09
À : ClamAV users ML <clamav-users at lists.clamav.net>
Objet : Re: [clamav-users] Scan very slow

 

Maarten,

 

This is very concerning, and the details you’ve provide are quite helpful.  Thank you for investigating.

Hopefully we can figure out why the newer daily.cld/cvd is scanning significantly slower than before. Any other details you can provide would probably be helpful.  If you’re aware if any specific file types are causing the issue, or if all files appear to scanning slower that will also help.

 

-Micah

 


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

 

 

 

From: clamav-users <clamav-users-bounces at lists.clamav.net <mailto:clamav-users-bounces at lists.clamav.net> > on behalf of Maarten Broekman via clamav-users <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net> >
Reply-To: ClamAV users ML <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net> >
Date: Monday, March 18, 2019 at 10:37 AM
To: ClamAV users ML <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net> >
Cc: Maarten Broekman <maarten.broekman at gmail.com <mailto:maarten.broekman at gmail.com> >
Subject: Re: [clamav-users] Scan very slow

 

We've noticed a marked increase in scan times over the last couple of weeks as well. From the look of it, there's something in the daily file that's causing it. Whether this is similar to the safebrowsing issue (where the ordering of entries in the file caused a 3000% increase in time) is unclear.

 

--Maarten Broekman

 

Full scans without the daily cvd/cld: Scan time ~60seconds

Full scans with the daily from March 11th: Scan time: 84seconds

Full scans with the daily from March 17th: Scan time: 109seconds

 

~/clamav# ls -larth  /tmp/clamdtest*/daily.cld

-rw-r--r-- 1 clamav clamav 110M Mar 11 04:15 /tmp/clamdtest2/daily.cld

-rw-r--r-- 1 clamav clamav 113M Mar 17 04:15 /tmp/clamdtest/daily.cld

 

~/clamav# wc /tmp/clamdtest*/daily.cld

  1514589   1517471 115031552 /tmp/clamdtest2/daily.cld

  1524782   1527664 118202368 /tmp/clamdtest/daily.cld

 

Single file scans with JUST the daily.cld:

~/clamav# time /opt/clamav/clamav/bin/clamscan -d /tmp/clamdtest2/daily.cld test42.js

test42.js: OK

 

----------- SCAN SUMMARY -----------

Known viruses: 1504423

Engine version: 0.100.2

Scanned directories: 1

Scanned files: 1

Infected files: 0

Data scanned: 0.00 MB

Data read: 0.00 MB (ratio 0.00:1)

Time: 5.255 sec (0 m 5 s)

 

real    0m5.260s

user    0m5.044s

sys    0m0.192s

~/clamav# time /opt/clamav/clamav/bin/clamscan -d /tmp/clamdtest/daily.cld test42.js

test42.js: OK

 

----------- SCAN SUMMARY -----------

Known viruses: 1514543

Engine version: 0.100.2

Scanned directories: 1

Scanned files: 1

Infected files: 0

Data scanned: 0.00 MB

Data read: 0.00 MB (ratio 0.00:1)

Time: 9.300 sec (0 m 9 s)

 

real    0m9.329s

user    0m9.100s

sys    0m0.204s

 

 

 

 

 

 

On Mon, Mar 18, 2019 at 10:02 AM Yasuhiro KIMURA <yasu at utahime.org <mailto:yasu at utahime.org> > wrote:

From: Jean-Michel via clamav-users <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net> >
Subject: Re: [clamav-users] Scan very slow
Date: Mon, 18 Mar 2019 12:30:49 +0100

> Isn't it the second scan result ? The second analyse on same file is faster.
> Could tou try to restart clamav-daemon and re-do the analyse with clamdscan.
> I've tried it on 3 computers, all are above 40seconds

It was first trial. But after restarting clamav-daemon result changed
as following.

yasu at kusanagi[1716]% clamdscan esploso_A3TH.pdf
/home/yasu/tmp/esploso_A3TH.pdf: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 60.551 sec (1 m 0 s)
yasu at kusanagi[1717]%

---
Yasuhiro KIMURA

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net> 
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190323/53156ea2/attachment.html>


More information about the clamav-users mailing list