[sanesecurity] Re: Long DB refresh times
- From: micah <micah@xxxxxxxxxx>
- To: Lyle Giese <lyle@xxxxxxxxxxxxxxx>, sanesecurity@xxxxxxxxxxxxx
- Date: Wed, 14 Aug 2013 15:31:52 -0400
Lyle Giese <lyle@xxxxxxxxxxxxxxx> writes:
> On 8/14/2013 8:45 AM, Steve Basford wrote:
>>
>>> removing the "www" for each entry might speed up the thing, but is
>>> probably also going to increase the chance of FPs.
>>>
>>> Also, there are currently 52914 URLs beginning with "www" in the sigfile
>>> now; it's not difficult for URL-shorteners' abuse to reach the same
>>> level in a couple of weeks (given the current trend).
>>> Then what? I certainly can't remove the domain part only 'cause all the
>>> the sigs start with "742E636F2F"... :-(
>>>
>> Yep, can't disagree.... so guess we need ClamAV Team to investigate as to
>> why.
>>
>> In additional testing:
>>
>> a) Replacing "(B)7777772E" with "(B)77????2E" also brings the speed
>> down... (6.5 secs)
>>
>> b) Replacing "(B)7777772E" with "(B)77??772E" also brings the speed
>> down...(10.2 secs)
>>
>> c) Replacing "(B)7777772E" with "772E" (w.) also brings the speed down...
>> (10.5 secs)
>>
>> very odd.. but maybe option a) could be used...
>>
>> Cheers,
>>
>> Steve
>> Sanesecurity
>>
>>
> Just an FYI, I am having that problem with long refresh times and it
> appears to have started recently. Don't know if it is related, but I
> also just recently updated to 0.97.8 from 0.97.2.
I'm also having very long refresh times, and am using
bofhland_cracked. I'm also experiencing a problem where clamd seems to
stop doing anything, keep running, and block any delivery at all from
happening. This has happened on two different machines twice in the last
24 hours. A (loooooooong) restart of clamav-daemon fixes things.
I'm going to try removing bofhland_cracked db and see if that improves
things.
micah
Other related posts:
