Mailing List Archive

ClamAV scan time improvement
Hello Team,

We are leveraging ClamAV agent for our vm's malware detection.

we tried to scan a vm with 30GB used space and it took approx 1.30Hrs(we
tried to capture certain file extensions to reduce number of files and
passed file lists as arguments to clamdclient)
Note:
1. we tried above test with 4 core 8GB vm
2. We tried clamdscan as below

/bin/parallel -j 10 clamdscan -m --fdpass --no-summary --file-list

we have below queries

1. Where can we find bench mark results for clamdscan?

2.What is the recommendation to make the scan faster for 30GB?

3. What is the recommendation if we have a VM of size >~500GB.


I really appreciate any kind of support here. It helps alot.

Thanks,

Vijay
Re: ClamAV scan time improvement [ In reply to ]
Hello,


Le 08/11/2022 à 19:02, Vijay Kumar Kamannavar via clamav-users a écrit :
> Hello Team,
>
> We are leveraging ClamAV agent for our vm's malware detection.
>
> we tried to scan a vm with 30GB used space and it took approx 1.30Hrs(we
> tried to capture certain file extensions to reduce number of files and
> passed file lists as arguments to clamdclient)
> Note:
> 1. we tried above test with 4 core 8GB vm
> 2. We tried clamdscan as below
>
> /bin/parallel -j 10 clamdscan -m --fdpass --no-summary --file-list


Why -j 10 if you have only 4 cores ?


If you want to scan /my_path directory and subdirectories, I suggest the
following :

find /my_path -type f | parallel clamdscan -mi --fdpass --no-summary {}

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.60.47.09.81
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Signatures for ClamAV antivirus : http://ow.ly/LqfdL
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: ClamAV scan time improvement [ In reply to ]
On Tue, 8 Nov 2022, Vijay Kumar Kamannavar via clamav-users wrote:

> Hello Team,
>
> We are leveraging ClamAV agent for our vm's malware detection.
>
> we tried to scan a vm with 30GB used space and it took approx 1.30Hrs(we
> tried to capture certain file extensions to reduce number of files and
> passed file lists as arguments to clamdclient)
> Note:
> 1. we tried above test with 4 core 8GB vm
> 2. We tried clamdscan as below
>
> /bin/parallel -j 10 clamdscan -m --fdpass --no-summary --file-list

parallel is running the scanner 10 times isn't it ?
so each scan takes 9 minutes (90/10) ?
You only have 4 cores, so why do ten things at once ?

Since you use clamdscan, most of the work happens in the clamd daemon
processes. How many of those are you running ?

Does it make sense to use -m *and* parallel ? I don't know.

How long does it take to read 30GB of file from storage ?
On my (old) machine it takes 3minutes. Three times that to
scan for >8million viruses doesn't sound too bad to me.

> we have below queries
>
> 1. Where can we find bench mark results for clamdscan?
>
> 2.What is the recommendation to make the scan faster for 30GB?
>
> 3. What is the recommendation if we have a VM of size >~500GB.
>
>
> I really appreciate any kind of support here. It helps alot.
>
> Thanks,
>
> Vijay
>

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: ClamAV scan time improvement [ In reply to ]
Hello Andrew,

Thanks for your suggestions.

*On my (old) machine it takes 3minutes*
May I know the machine configuration where clamdscan and clamd daemon are
running?
Are both client and server running on the same machine? is cache enabled in
your case?

We have a VM with size 500GB (all 500GB is used space).
Please note, we are scanning VM on demand basis, where
1. we will install clamav(client and daemon)
2. We will scan all 500GB
3. we will uninstall clamAV

what will be the system & deployment recommendation to finish the scan task
quickly for above on demand scans?.

Thanks,
Vijay




On Wed, Nov 9, 2022 at 2:03 PM Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

>
> On Tue, 8 Nov 2022, Vijay Kumar Kamannavar via clamav-users wrote:
>
> > Hello Team,
> >
> > We are leveraging ClamAV agent for our vm's malware detection.
> >
> > we tried to scan a vm with 30GB used space and it took approx 1.30Hrs(we
> > tried to capture certain file extensions to reduce number of files and
> > passed file lists as arguments to clamdclient)
> > Note:
> > 1. we tried above test with 4 core 8GB vm
> > 2. We tried clamdscan as below
> >
> > /bin/parallel -j 10 clamdscan -m --fdpass --no-summary --file-list
>
> parallel is running the scanner 10 times isn't it ?
> so each scan takes 9 minutes (90/10) ?
> You only have 4 cores, so why do ten things at once ?
>
> Since you use clamdscan, most of the work happens in the clamd daemon
> processes. How many of those are you running ?
>
> Does it make sense to use -m *and* parallel ? I don't know.
>
> How long does it take to read 30GB of file from storage ?
> On my (old) machine it takes 3minutes. Three times that to
> scan for >8million viruses doesn't sound too bad to me.
>
> > we have below queries
> >
> > 1. Where can we find bench mark results for clamdscan?
> >
> > 2.What is the recommendation to make the scan faster for 30GB?
> >
> > 3. What is the recommendation if we have a VM of size >~500GB.
> >
> >
> > I really appreciate any kind of support here. It helps alot.
> >
> > Thanks,
> >
> > Vijay
> >
>
> --
> Andrew C. Aitchison Kendal, UK
> andrew@aitchison.me.uk
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>