I've spent another few hours playing around with this and when I call
things correctly by starting clamd.exe and then configured Declude to
run clamdscan.exe, the scan times went from 1 second to between 0.08
seconds up to 0.6 seconds across about a dozen scans. I also tracked
this in performance monitor for an hour and found the average
utilization of clamd.exe and clamdscan.exe combined to be about equal
to that of F-Prot, but it had a couple very large peaks possibly
hitting 100% momentarily, not sure what that was about. Note that
Performance Monitor screws up the numbers and I consider it unreliable
to assume something from just one hour of monitoring/stats. Clamd
though is definitely a contender if some issues could be cleared up. I tried to use the Resource Kit's SRVANY.exe to create a service out of clamd.exe in a method similar to how the persistent version of Sniffer is run, but that doesn't work. Clamd.exe doesn't show up on the list of processes in Task Manager and the scan times go back to 1 second each. I have almost no experience in Unix environments, so I would be stabbing in the dark to figure out what was necessary to get this to work, but I would guess at it being a context issue. ClamAV would be a great backup scanner for Declude it seems if the daemon could be run without a kludge, and the reporting was modified to be compliant, or Declude was modified to accept various formats instead of just what follows a particular string. I suppose this could be done by having a before and an after definition instead of just a before. Terry, if you could explain the demime thing, that would be appreciated. Thanks, Matt Charles Frolick wrote: I never updated after I posted that. I need to find a way to start and check the clamd service. Since it runs Unix style under Cygwin, it creates an instance and is out of sight, it doesn't fire correctly from a service manager like fire daemon, at least not in the config I used. I have been real busy with migrating 2 acquired companies into our network, so I haven't played with it much. Something I thought I might try is a batch file or Perl script that is fired by Task Scheduler and runs Cygwin ps to see if it is running, and restart it if it is not.Thanks, Chuck Frolick ArgoLink.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Terry Fritts Sent: Thursday, April 01, 2004 6:54 AM To: Charles Frolick Subject: Re[2]: [Declude.Virus] clamavBTW, run clamd.exe and clamdscan.exe and notice a difference in speedCharles, Did you start clamd and then leave the server logged on? Terry --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- Re: [Declude.Virus] clamav Terry Fritts
- RE: [Declude.Virus] clamav Charles Frolick
- Re[2]: [Declude.Virus] clamav Terry Fritts
- RE: Re[2]: [Declude.Virus] clamav Charles Frolick
- Re[2]: [Declude.Virus] clamav Matt
- Re[2]: [Declude.Virus] clamav Terry Fritts
- Re: [Declude.Virus] clamav Matt
- Re: [Declude.Virus] clamav R. Scott Perry
- RE: Re[2]: [Declude.Virus] clamav Charles Frolick
- Re[4]: [Declude.Virus] clamav Terry Fritts
- RE: Re[4]: [Declude.Virus] clamav Markus Gufler
- Re[6]: [Declude.Virus] clamav Terry Fritts
- RE: Re[4]: [Declude.Virus] clamav Charles Frolick
- [Declude.Virus] ClamAV Kami Razvan
- Re: [Declude.Virus] ClamAV R. Scott Perry