It's easier to parse logs with 'grep' than it is to tweak the syslog rule, but aren't we straying from the subject a little? Your logs should have timestamps, which will tell you what's taking the time.
Nope. I give up. No more clamAV for me. Clearly, I'm not smart enough to figure out how to use it.