I tested for both the time from start to completion, and also the average and peak processor utilization of the first instance as tracked by performance monitor. Note that the longer that the process lives, the more likely it is to be tracked by performance monitor and the higher the processor utilization. The times come from Declude logs at debug level. I tested 8 different scanners; F-Prot, AVG, McAfee, ClamAV, BitDefender, eTrust, Sophos and Kaspersky. Here's what I found for those that were worth tracking or capable of being tracked:
Scanner Avg. Time Avg.Processor% Peak% ==================================================== F-Prot.......0.1 seconds.......0.482%.........4.688% AVG..........0.5 seconds.......0.934%........52.316% McAfee.......0.6 seconds.......0.900%........73.433% ClamAV.......1.0 seconds.......2.303%.......100.000%
F-Prot is amazing. If this was a horse race, they won by 20 lengths. I formerly thought that AVG was inefficient and inappropriate for mail server virus scanning, but they pretty much share the second spot with McAfee, maybe even nudging them out by a hair. ClamAV was tested with Clamd running, and while it doesn't come close to the other three, it outperforms the other 4 virus scanners that I tested.
Note that in reality it shouldn't take even a half second to scan a short mail file, and the times shown are more so a reflection of both scanning and something else that's going on (who knows). On larger files the difference in time almost disappears. Longer times do though increase contention on busy systems and should be avoided whenever possible.
Now for the dogs...
Kaspersky - It takes 3.0 seconds for this scanner to complete, no clue as to why. Although the stats aren't shown, it was obvious that it was noticeably less processor efficient than the ones indicated above and therefore it isn't a good candidate for command line mail scanning unless you have plenty of extra processor capacity and no plans on increasing traffic.
Sophos - Takes 2.0 seconds to complete a scan, and was noticeably less processor efficient than the top 4 so I didn't bother getting stats. On install, the real-time component was immediately started and turning this off was not intuitive, nor was the updating mechanism (works as a client/server installation).
eTrust - Formerly VET, now owned by Computer Associates and sold as a replacement for their Inoculate product line. I couldn't get Declude to detect a return code. Customer service refused to provide direction/confirmation and indicated that it wasn't multi-processor capable. Seemed to be a very fast scanner though.
BitDefender - DOS version gave me page faults when called from Win2K. Free Windows version didn't respond to a command line configuration. File Server version installed a real-time component without an option to not install it, and it started it immediately which conflicted with NAV. The uninstall process tool about 10 minutes to complete because the processors were pegged due to the conflict. The software looked nice, though it is expensive if this is the version that is necessary. I didn't care to test it after experiencing the installation/conflict issue.
I skipped over some of the other scanners because they weren't listed with a 'report' configuration, though some of them might be contenders aside from the lack of functionality.
The bottom line is that F-Prot should be the default choice for Declude as a primary scanner, and it seems like there are only two scanners that one might consider for a second scanner; AVG or McAfee. Beyond that, if you are at all concerned about speed, efficiency, and reporting capabilities, there doesn't seem to be any good choices. The fact though that F-Prot spanks everyone suggests that even AVG and McAfee have a lot of room for improvement.
Matt
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
