[clamav-users] ClamAV® blog: ClamAV 0.102.0 has been released!

G.W. Haywood clamav at jubileegroup.co.uk
Thu Oct 3 06:09:58 EDT 2019


Hi there,

On Thu, 3 Oct 2019, Marco wrote:

> Il 02/10/2019 21:08, Joel Esler (jesler) via clamav-users ha scritto:
>> 
>>> 
>>> https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html
>>> 
>>>
>>>   ClamAV 0.102.0 has been released!
>
> I read "the version of clamonacc (and clamd) released with 0.102.0 is not 
> optimized for sending files and receiving verdicts via a network stream".

It took me a couple of tries to find where you read that.  It's not
actually in the link you posted, but it is in

https://blog.clamav.net/2019/

and since both pages start with the same 3rd October item it was a
little confusing.

> I use Amavis and clamd with INSTREAM to check infected emails.
> Clamd is listening at TCP port 3310 the Amavis requests.
>
> Do you suggest to upgrade to this last clamd version?

You might want consider the following before doing it.

Until now clamonacc and clamd ran together on the same machine.  Every
time clamd scans a file, it first computes a hash of the file and puts
the hash in a lookup table if it isn't already there.  After it has
scanned the file it stores the result with the hash.  The next time it
sees the same file, instead of scanning it all over again it can just
look in the lookup table and return that result.  Until the separation
of the clamonacc utilty from clamd (for excellent reasons) clamonacc
had access to clamd's lookup table.  After the separation, it doesn't.

That means as things are at the moment in 0.102.x, if you're using a
TCP socket to stream data from clamonacc to clamd you'll need to send
the whole file every time you san it.  I believe in future development
clamonacc will be given its own lookup table, so it can compute a hash
and first send just the hash to the clamd instance.  That's obviously
a lot less data to send if that hash is already in clamd's table too.

The performance gain from hashing is very significant.  I do not use
clamonacc and I do not use clamav-milter.  I interface directly with
clamd from my own milter and I use TCP for the communications between
clamd and the milter.  Typically, for modest-sized files in the region
of tens to hundreds of kilobytes which have not already been hashed, I
see scan times in the order of tens to hundreds of milliseconds on my
ageing dual 2.7GHz Opterons.  If a file has already been hashed, the
clamd response will come back in 2-3 milliseconds.  Obviously the TCP
data transfer times will very much depend on your network.

--

73,
Ged.


More information about the clamav-users mailing list