[sanesecurity] Re: Long DB refresh times

  • From: Lyle Giese <lyle@xxxxxxxxxxxxxxx>
  • To: sanesecurity@xxxxxxxxxxxxx
  • Date: Wed, 14 Aug 2013 08:59:48 -0500

On 8/14/2013 8:45 AM, Steve Basford wrote:



removing the "www" for each entry might speed up the thing, but is
probably also going to increase the chance of FPs.

Also, there are currently 52914 URLs beginning with "www" in the sigfile
now; it's not difficult for URL-shorteners' abuse to reach the same
level in a couple of weeks (given the current trend).
Then what? I certainly can't remove the domain part only 'cause all the
the sigs start with "742E636F2F"... :-(


Yep, can't disagree.... so guess we need ClamAV Team to investigate as to
why.

In additional testing:

a) Replacing "(B)7777772E" with "(B)77????2E" also brings the speed
down... (6.5 secs)

b) Replacing "(B)7777772E" with "(B)77??772E" also brings the speed
down...(10.2 secs)

c) Replacing "(B)7777772E" with "772E" (w.) also brings the speed down...
(10.5 secs)

very odd.. but maybe option a) could be used...

Cheers,

Steve
Sanesecurity
Just an FYI, I am having that problem with long refresh times and it appears to have started recently. Don't know if it is related, but I also just recently updated to 0.97.8 from 0.97.2.
I have not changed the databases being used for a while. I use scamp to download the databases from sanesecurity and when this started, I hand edited it to stop downloading dopplestern. Not that this helped any. 

Lyle Giese
LCR Computer Services, Inc.

Other related posts:

  1. Home
  2. sanesecurity
  3. Archive
  4. 08-2013