|
My AV scanners are running a bit slower than
yours because the server is not very new and fancy and we do not have that
much traffic:
PIII 666
256MB Ram
IDE Raid1 with old 2x30GB HD (2-3years
old)
I guess with Raid10, new HD, dual P4 and more ram
this would speed it up 10x.
Anyway, the proportions in the time consumption
should be similar.
Adrian
-------------------------------------------------
----- Original Message -----
Sent: Wednesday, March 31, 2004 3:04
PM
Subject: Re: [Declude.Virus] Faster
second scanner needed
Adrian,
This is helpful, however the control is
different as mine was based on the 32 bit version of F-Prot
(fpcmd.exe).
It appears from your logs that 16 bit F-Prot beat out
32-bit McAfee by 50% or more. I'm not sure if the F-Prot being 16 bit
had all that much effect, but one would expect for it to be slower than the 32
bit version. On my system, F-Prot can detect a virus in about 0.1
seconds, and the 32-bit version of AVG takes about 0.4 seconds (standard 30 KB
Netsky/Bagle variants during low load).
Note that most of the delay
with AVG in 16-bit mode is that it runs within NTVDM. This goes away
when you switch to the 32-bit version 7 which now supports the error codes
that Declude uses. The switch though didn't seem to do much to the
processor utilization, however the wider window does keep more concurrent
processes open at the same time and that isn't
optimal.
Thanks,
Matt
Adrian Hauri wrote:
AVG takes about 4 seconds to fire up the AV Engine and scan. I'm running the
16bit version 6 of AVG.
I would recommend you to use McAfee. I use version 4.32 for more than a year
now and it is as fast as F-Prot.
Also it was the first and only AV scanner for several days who was able to
detect viruses in pwd protected zip files like bagle.
Here is part of my logfile from another server running my own script with
stalker communigate pro:
01:07:33.69 4 EXTFILTER(ANTIVIRUS) inp(39): * start virusscan for
Queue\1760059.msg
01:07:34.67 4 EXTFILTER(ANTIVIRUS) inp(97): * Found the W32/[EMAIL PROTECTED]
virus !!! in Queue\1760059.msg MCAFEE.
01:07:35.28 4 EXTFILTER(ANTIVIRUS) inp(54): * Message Queue\1760059.msg
seems to be clean (F-Prot)
01:07:39.28 4 EXTFILTER(ANTIVIRUS) inp(83): * identified I-Worm/Netsky.Q in
Queue\1760059.msg With AVG
13:13:21.11 4 EXTFILTER(ANTIVIRUS) inp(39): * start virusscan for
Queue\1750545.msg
13:13:22.72 4 EXTFILTER(ANTIVIRUS) inp(93): * Found the W32/[EMAIL PROTECTED]
virus !!! in Queue\1750545.msg MCAFEE.
13:13:23.61 4 EXTFILTER(ANTIVIRUS) inp(87): * Infection: W32/[EMAIL PROTECTED]
in Queue\1750545.msg FPROT.
13:13:27.96 4 EXTFILTER(ANTIVIRUS) inp(83): * identified I-Worm/Netsky.C in
Queue\1750545.msg AVG.
I hope this helps to compare the speed. F-Prot is the 16bit Fprot for dos
version.
Adrian
-------------------------------------------------
----- Original Message -----
From: "Matt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 31, 2004 10:38 AM
Subject: [Declude.Virus] Faster second scanner needed
As I continue to research opportunities for increasing efficiency in
order to extend the life of my current environment, I have identified
AVG Anti-Virus as one of the biggest processor hogs, and holder of the
most opportunity. F-Prot is 4 times faster, and maybe more efficient
than that when it comes to processor utilization. Outside of
efficiency, AVG has proven to be a good second scanner, and this should
only be an issue if you are approaching the capacity of your
environment. With AVG commented out and only F-Prot running, the peaks
are much shorter and much lower, but I can ride 100% for over 5 seconds
several times a minute during rush hours with both scanners enabled.
Everything that I've read about Kaspersky seems to indicate that they
are the fastest at detecting new viruses, but their "File Server"
edition costs $370 retail, and 70% of that yearly. I suppose that I
might be able to find this much cheaper through a wholesaleing source.
My main concern though is efficiency, and I would take an average
scanner if it was the most efficient over the best scanner if it was
average in terms of efficiency. If anyone has some first hand knowledge
concerning efficiency of any of the scanners, please let me know. I
believe this can be tracked by doing the following if you use F-Prot as
one of two or more scanners:
1) Change to LOGLEVEL DEBUG in your Virus.config
2) Wait for three viruses to be blocked (not 1K ECAIR tests, the
real deal).
3) Change your LOGLEVEL back to it's normal setting.
4) Compare the times logged for each scanner (you can post them here
or E-mail them to me and I would be happy to decipher)
I would imagine that with most 32 bit scanners, the difference in time
will be directly related to the processing power required to run the
scanner, or at least that holds true for the comparison between F-Prot
and AVG on my system. Note that the times between systems shouldn't be
compared, only the relative multiple of the second scanner to F-Prot
should be compared, that way you establish F-Prot's time as being the
control.
I'm primarily interested in Kaspersky, ClamAV and McAfee, in that order,
though I'm welcome to suggestions for other products that don't prohibit
command line scanning of E-mail in their licenses.
Anecodotal evidence is also appreciated :)
Thanks,
Matt
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
