Am 02.11.2017 um 19:47 schrieb Reindl Harald:
Am 02.11.2017 um 19:21 schrieb Chris Johnson:
Because it takes too long to launch. Clamd called from php took about
5 seconds, on access detects the file in under .05seconds
no - if you fire up clamd on demand you are doing it plain wrong
clamd is designed as a long running service and clamdscan talks to the
already initaialized clamd - clamd for sure don't take 5 seconds for a
single scan, otherwise it would be not possible here to have 3
before-queue clamd (2 as spamassassin plgun via spamass-milter and 1 via
clamav-milter)
don't confuse clamscan and clamdscan
here you go:
ob_start();
passthru('/usr/bin/clamdscan --stdout
--config-file=/etc/clamd.d/scan.conf ' . escapeshellarg($temp_file));
$clamd_out = ob_get_clean();
clamdscan is using the same "scan.conf" the clamd and hence there is
nothing to launch, clamd is already running and has loaded the
signatures and *that* is the expensive part
clamscan is nice for scan a directory with thousands of files because in
that case the initalization time don't matter
clamd is running that way as service
/usr/sbin/clamd -c /etc/clamd.d/scan.conf
[root@mail-gw:~]$ cat /etc/clamd.d/scan.conf
User clamscan
AllowSupplementaryGroups yes
PidFile /run/clamd.scan/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly no
LocalSocket /run/clamd/clamd.sock
LocalSocketMode 0666
MaxConnectionQueueLength 100
StreamMaxLength 35M
StreamMinPort 31000
StreamMaxPort 32000
MaxThreads 10
MaxQueue 50
ReadTimeout 120
CommandReadTimeout 5
SendBufTimeout 200
IdleTimeout 30
ExcludePath ^/proc/
ExcludePath ^/sys/
MaxDirectoryRecursion 20
FollowDirectorySymlinks no
FollowFileSymlinks no
CrossFilesystems yes
SelfCheck 86400
ExitOnOOM yes
Foreground no
Debug no
LeaveTemporaryFiles no
AllowAllMatchScan no
DetectPUA no
AlgorithmicDetection yes
DisableCache no
ScanPE yes
DisableCertCheck yes
ScanELF yes
DetectBrokenExecutables yes
ScanOLE2 yes
OLE2BlockMacros no
ScanPDF yes
ScanSWF yes
ScanMail yes
ScanPartialMessages no
PhishingSignatures yes
PhishingScanURLs no
PhishingAlwaysBlockSSLMismatch no
PhishingAlwaysBlockCloak no
PartitionIntersection no
HeuristicScanPrecedence yes
StructuredDataDetection no
ScanHTML yes
ScanArchive yes
ArchiveBlockEncrypted no
MaxScanSize 50M
MaxFileSize 50M
MaxRecursion 10
MaxFiles 10000
MaxEmbeddedPE 10M
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 5M
MaxPartitions 50
MaxIconsPE 100
ScanOnAccess no
Bytecode yes
BytecodeSecurity TrustSigned
BytecodeTimeout 2000
StatsEnabled no
StatsPEDisabled yes
LogFile /var/log/clamscan.log
LogFileMaxSize 32M
LogTime yes
LogClean no
ExtendedDetectionInfo yes
LogFileUnlock yes
On 2 November 2017 at 15:34, Reindl Harald <h.rei...@thelounge.net>
wrote:
Am 02.11.2017 um 16:28 schrieb Chris Johnson:
PHP checks for the existence for the file with (deleted) in the file
name, blocks the addition of this file to our records and deletes it.
Clam AV typically creates this additional file within 0.025 seconds
when testing with the eicar test file
Is there a way of getting clamd to run a script when a virus is not
found?
why in the world don't you use clamdscan with exec() from your
php-script
and deal with the return value instead of such constructs with race
conditions?
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
