> I have just done some tests and bofhland_malware_URL.ndb increases my > database reload time by 400%. > Total number of sigs. loaded is not a factor in the reload time increase > Hi Paul, I think I might have made a little progress, after doing a few tests on signature variations... Can do do the following test for me... 1. Load db's as normal.. make a note of the time to load. 2. sed -i "s/:687474703A2F2F/:2F2F/g" bofhland_malware_URL.ndb 3. reload and take a note of the time. Any improvement? Simple test for me using clamscan and one database only: Before: clamscan --database=bofhland_malware_URL.ndb test.eml test.eml: OK ----------- SCAN SUMMARY ----------- Known viruses: 31999 Engine version: 0.97.3 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.01 MB Data read: 0.00 MB (ratio 2.00:1) Time: 42.625 sec (0 m 42 s) After: clamscan --database=bofhland_malware_URL.ndb test.eml test.eml: OK ----------- SCAN SUMMARY ----------- Known viruses: 31999 Engine version: 0.97.3 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.01 MB Data read: 0.00 MB (ratio 2.00:1) Time: 2.031 sec (0 m 2 s) So, from 42s down to 2s Cheers, Steve Sanesecurity