Re: [Declude.Virus] clamav

[Matt]

I've spent another few hours playing around with this and when I call things correctly by starting clamd.exe and then configured Declude to run clamdscan.exe, the scan times went from 1 second to between 0.08 seconds up to 0.6 seconds across about a dozen scans.  I also tracked this in performance monitor for an hour and found the average utilization of clamd.exe and clamdscan.exe combined to be about equal to that of F-Prot, but it had a couple very large peaks possibly hitting 100% momentarily, not sure what that was about.  Note that Performance Monitor screws up the numbers and I consider it unreliable to assume something from just one hour of monitoring/stats.  Clamd though is definitely a contender if some issues could be cleared up. I tried to use the Resource Kit's SRVANY.exe to create a service out of clamd.exe in a method similar to how the persistent version of Sniffer is run, but that doesn't work.  Clamd.exe doesn't show up on the list of processes in Task Manager and the scan times go back to 1 second each. I have almost no experience in Unix environments, so I would be stabbing in the dark to figure out what was necessary to get this to work, but I would guess at it being a context issue. ClamAV would be a great backup scanner for Declude it seems if the daemon could be run without a kludge, and the reporting was modified to be compliant, or Declude was modified to accept various formats instead of just what follows a particular string.  I suppose this could be done by having a before and an after definition instead of just a before. Terry, if you could explain the demime thing, that would be appreciated. Thanks, Matt Charles Frolick wrote: I never updated after I posted that. I need to find a way to start and check the clamd service. Since it runs Unix style under Cygwin, it creates an instance and is out of sight, it doesn't fire correctly from a service manager like fire daemon, at least not in the config I used. I have been real busy with migrating 2 acquired companies into our network, so I haven't played with it much. Something I thought I might try is a batch file or Perl script that is fired by Task Scheduler and runs Cygwin ps to see if it is running, and restart it if it is not. Thanks, Chuck Frolick ArgoLink.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Terry Fritts Sent: Thursday, April 01, 2004 6:54 AM To: Charles Frolick Subject: Re[2]: [Declude.Virus] clamav BTW, run clamd.exe and clamdscan.exe and notice a difference in speed Charles, Did you start clamd and then leave the server logged on? Terry --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================