On Wed, 20 Aug 2003 18:10:14 -0400
Yevgeniy Miretskiy <[EMAIL PROTECTED]> wrote:
> While experimenting with clamav, we found that clamav performance can
> be significantly improved by increasing number of levels in the search
> trie.
>
> Below are the results of timing clamscan, scanning a 2 gigabyte
> VMware virtual disk which does not contain any viruses.
> During our benchmarking, we ran similar tests many times with roughly
> the same results. The table below shows speed improvements (over 1
> run). Currently, clamav uses a 2 level trie.
>
> Time | Level 2 | Level 3 | Level 4 | Level 5
> -----------------------------------------------------
> real | 3m56.477s | 1m47.712s | 1m40.420s | 1m31.998s
> user | 3m19.270s | 1m18.230s | 1m7.070s | 1m0.020s
> sys | 0m8.770s | 0m6.400s | 0m8.710s | 0m7.090
>
> Memory usage increases by roughly 5-7 MB per each level.
> Level 5 memory usage is around 25 MB.
> Considering that most people use clamd, I think 25MB
> usage for 1 process with 3X performance is a fair tradeoff.
No ! :
1) under BSD the memory usage will be about 50 MB (_now_)
2) under higher level new signatures will cause a _BRUTAL_ memory
usage because new nodes will be created for most signatures
(there are only few signatures that have the same first 5
characters)
3) higher levels brake some polymorphic signatures (eg. W32/Magistr.B,
W32/Hybris.C), because we don't realize regular expressions in the
trie
> We also ran benchmarks with much larger virus database
> (we made up about 80000 addition "signature"), and, not surprisingly,
Please create a _random_ signatures (using /dev/urandom or so) - I
wonder if your virtual memory will hold a few clamscan process...
Best regards,
Tomasz Kojm
--
oo ..... [EMAIL PROTECTED]
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Clamav-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-devel
