On 19 Nov 07, at 1228, G.W. Haywood wrote: > Hi there, > > On Mon, 19 Nov 2007 Ian G Batten wrote: > >> On 18 Nov 07, at 0614, Dennis Peterson wrote: >>> >>> Have you considered scannning only files that have changed (md5sum >>> difference, for example) since the last time they were scanned? >>> There's no need to scan a file endlessly - only if it has changed >>> since the previous scan. >> >> Hmm. Firstly, computing an MD5 sum of a file is just as much I/O, >> and probably as much CPU, as just scanning it anyway. > > That's rather doubtful, given that you're looking for just one MD5 sum > and something in the region of 200,000 virus signatures.
That was my gut feel. But see below. Yes, there are all sorts of factors (openssl isn't ultra optimised, initial load involves some libraries, etc, etc). But I don't think these numbers support the doubts. mailhost-new# time /usr/sfw/bin/openssl md5 /etc/termcap MD5(/etc/termcap)= c7c115fea262f53f9b5938f08a69ab65 real 0.3 user 0.0 sys 0.0 mailhost-new# time /usr/local/bin/clamdscan /etc/termcap /etc/termcap: OK ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.003 sec (0 m 0 s) real 0.1 user 0.0 sys 0.0 mailhost-new# _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
