I am in the process of replacing my old Windows 98 SE (!) file server with a Linux/Samba server. The Samba server is nicer and much faster than the Windows one except for virus scanning.
On my old server (a 900 MHz Athlon with 768 MB RAM) I had an old version of Norton AV (v5.0) which ran every day and scanned all 300,000+ files (240 GB) in about 1.5 hours elapsed time. On my new server (a 1200 MHz Athlon with 1024 MB RAM), I am running ClamAV 0.88.4 and, as I write this, it has been running 29.2 hours (CPU time!) and has only scanned about 45,000 files (but more than 133 GB) This is in spite of the fact that file serving from the new Samba server is almost twice as fast as from the old Windows one, i.e., it's not a disk problem. In fact the disk is being read at about 1.3 MB/s on average for ClamAV, vs an easy steady 3.5 MB/s when serving a DV-video file, or over 10 MB/s (bursty) when copying a file to a client over Gig-E. I can only presume that this is due to a very different algorithm that ClamAV uses compared to Norton AV. My guess would be that Norton AV only looks at a small part of the big files. (Many of the files are 10s or 100s of MBs.) Needless to say, I can not do daily scans of all files with ClamAV on my new file server. Even if CPU weren't always pegged at 99-100%, a daily elapsed time of far more than 24 hours doesn't work on this planet. (And no, I can't afford to get a super-fast quad-CPU Opteron box, especially since the proof-of-concept Samba server was almost as fast at serving files even though it was only 650 MHz.) I would appreciate any suggestions. P.S. Amazingly, Windows 98 SE is quite stable as a file server -- if you don't run applications, uptimes of 30, 60 or even 90 days are not difficult. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
