On 8/14/2013 8:45 AM, Steve Basford wrote:
Just an FYI, I am having that problem with long refresh times and it appears to have started recently. Don't know if it is related, but I also just recently updated to 0.97.8 from 0.97.2.removing the "www" for each entry might speed up the thing, but is probably also going to increase the chance of FPs. Also, there are currently 52914 URLs beginning with "www" in the sigfile now; it's not difficult for URL-shorteners' abuse to reach the same level in a couple of weeks (given the current trend). Then what? I certainly can't remove the domain part only 'cause all the the sigs start with "742E636F2F"... :-(Yep, can't disagree.... so guess we need ClamAV Team to investigate as to why. In additional testing: a) Replacing "(B)7777772E" with "(B)77????2E" also brings the speed down... (6.5 secs) b) Replacing "(B)7777772E" with "(B)77??772E" also brings the speed down...(10.2 secs) c) Replacing "(B)7777772E" with "772E" (w.) also brings the speed down... (10.5 secs) very odd.. but maybe option a) could be used... Cheers, Steve Sanesecurity
I have not changed the databases being used for a while. I use scamp to download the databases from sanesecurity and when this started, I hand edited it to stop downloading dopplestern. Not that this helped any.
Lyle Giese LCR Computer Services, Inc.