Thanks for that in-depth work. It helps to clear things up. Now, go to sleep. I know you are not on the West coast, and it is already midnight here.
John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Matt > Sent: Wednesday, March 31, 2004 11:48 PM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] Scanner Efficiency Olympics > > I tested a bunch of AV scanners with Declude trying to figure out what > the most efficient scanners were. > > I tested for both the time from start to completion, and also the > average and peak processor utilization of the first instance as tracked > by performance monitor. Note that the longer that the process lives, > the more likely it is to be tracked by performance monitor and the > higher the processor utilization. The times come from Declude logs at > debug level. I tested 8 different scanners; F-Prot, AVG, McAfee, > ClamAV, BitDefender, eTrust, Sophos and Kaspersky. Here's what I found > for those that were worth tracking or capable of being tracked: > > Scanner Avg. Time Avg.Processor% Peak% > > ==================================================== > F-Prot.......0.1 seconds.......0.482%.........4.688% > AVG..........0.5 seconds.......0.934%........52.316% > McAfee.......0.6 seconds.......0.900%........73.433% > ClamAV.......1.0 seconds.......2.303%.......100.000% > > > F-Prot is amazing. If this was a horse race, they won by 20 lengths. I > formerly thought that AVG was inefficient and inappropriate for mail > server virus scanning, but they pretty much share the second spot with > McAfee, maybe even nudging them out by a hair. ClamAV was tested with > Clamd running, and while it doesn't come close to the other three, it > outperforms the other 4 virus scanners that I tested. > > Note that in reality it shouldn't take even a half second to scan a > short mail file, and the times shown are more so a reflection of both > scanning and something else that's going on (who knows). On larger > files the difference in time almost disappears. Longer times do though > increase contention on busy systems and should be avoided whenever possible. > > Now for the dogs... > > > Kaspersky - It takes 3.0 seconds for this scanner to complete, no clue > as to why. Although the stats aren't shown, it was obvious that it was > noticeably less processor efficient than the ones indicated above and > therefore it isn't a good candidate for command line mail scanning > unless you have plenty of extra processor capacity and no plans on > increasing traffic. > > Sophos - Takes 2.0 seconds to complete a scan, and was noticeably less > processor efficient than the top 4 so I didn't bother getting stats. On > install, the real-time component was immediately started and turning > this off was not intuitive, nor was the updating mechanism (works as a > client/server installation). > > eTrust - Formerly VET, now owned by Computer Associates and sold as a > replacement for their Inoculate product line. I couldn't get Declude to > detect a return code. Customer service refused to provide > direction/confirmation and indicated that it wasn't multi-processor > capable. Seemed to be a very fast scanner though. > > BitDefender - DOS version gave me page faults when called from Win2K. > Free Windows version didn't respond to a command line configuration. > File Server version installed a real-time component without an option to > not install it, and it started it immediately which conflicted with > NAV. The uninstall process tool about 10 minutes to complete because > the processors were pegged due to the conflict. The software looked > nice, though it is expensive if this is the version that is necessary. > I didn't care to test it after experiencing the installation/conflict issue. > > I skipped over some of the other scanners because they weren't listed > with a 'report' configuration, though some of them might be contenders > aside from the lack of functionality. > > The bottom line is that F-Prot should be the default choice for Declude > as a primary scanner, and it seems like there are only two scanners that > one might consider for a second scanner; AVG or McAfee. Beyond that, if > you are at all concerned about speed, efficiency, and reporting > capabilities, there doesn't seem to be any good choices. The fact > though that F-Prot spanks everyone suggests that even AVG and McAfee > have a lot of room for improvement. > > Matt > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
