[sanesecurity] Re: Long DB refresh times
- From: David Mayo <D.J.Mayo@xxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Wed, 25 Apr 2012 11:12:32 +0100
On 04/24/2012 06:11 PM, Steve Basford wrote:
For those having issues:
a) what databases are loaded
b) what OS are you running
Until yesterday we were using:
ss_dbs="
junk.ndb
jurlbl.ndb
phish.ndb
rogue.hdb
sanesecurity.ftm
scam.ndb
spamimg.hdb
winnow_malware.hdb
winnow_malware_links.ndb
sigwhitelist.ign2
jurlbla.ndb
lott.ndb
spam.ldb
spamattach.hdb
spear.ndb
spearl.ndb
winnow_spam_complete.ndb
winnow_phish_complete.ndb
winnow.complex.patterns.ldb
winnow_extended_malware.hdb
winnow_extended_malware_links.ndb
winnow.attachments.hdb
scamnailer.ndb
doppelstern.ndb
doppelstern.hdb
doppelstern-phishtank.ndb
crdfam.clamav.hdb
bofhland_cracked_URL.ndb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
si_dbs="
honeynet.hdb
securiteinfobat.hdb
securiteinfodos.hdb
securiteinfoelf.hdb
securiteinfo.hdb
securiteinfohtml.hdb
securiteinfooffice.hdb
securiteinfopdf.hdb
securiteinfosh.hdb
mbl_dbs="
mbl.ndb
We run Solaris 10 on x86.
I noticed we had added bofhland sigs at the same time as upgrading
ClamAV so I tried reloading the virus signatures a few times:
0.97.4 + bofhland DBs: 2m41 (2,920,378 sigs)
0.97.4 - bofhland DBs: 53s (2,873,710 sigs)
0.97.2 + bofhland DBs: 1m30 (2,891,587 sigs)
0.97.2 - bofhland DBs: 49s (2,860,988 sigs)
We have removed the bofhland signatures for now.
Searching around we found an asynchronous database reload patch that was
proposed a year ago:
http://lurker.clamav.net/message/20110328.142644.dce2f446.en.html
It looks like it may have been incorporated into a recent Fedora build:
http://pkgs.org/fedora-16/atomic-x86_64/clamav-db-0.97.4-4.fc16.art.x86_64.rpm.html
So a fix may already be around the corner.
Regards,
Dave.
David Mayo
Networks/Systems Administrator
University of Bath Computing Services, UK
Other related posts:
