If cpu usage is normal then it's related to DNS or online things, it maybe wait for communication...
I think the -L parameter disables online checks. Just try without online checks. Also use -D for debug. On Sat, Sep 4, 2010 at 7:25 PM, Michael Scheidell < michael.scheid...@secnap.com> wrote: > On 9/4/10 9:42 AM, Chris wrote: > >> I'm trying to figure out why I'm having ridiculous scan times such as >> the above examples. Lower scan times such as in the 20 second range are >> the exception rather than the rule. I'm running bind as a local caching >> nameserver and it seems to be working correctly. I've just seen a ham >> that has a scantime=172.2. Could there be something else on the system >> that is affecting this? >> >> Any advice as to troubleshooting would be appreciated. >> >> DNS or runaway regexp. > > run sa with debug and you will see where the problem is. > most likely your are using a defunct dns rbl, or a custom rule. disable all > custom rules and rbl's and try again. > > -- > Michael Scheidell, CTO > o: 561-999-5000 > d: 561-948-2259 > ISN: 1259*1300 > > *| *SECNAP Network Security Corporation > > * Certified SNORT Integrator > * 2008-9 Hot Company Award Winner, World Executive Alliance > * Five-Star Partner Program 2009, VARBusiness > * Best in Email Security,2010: Network Products Guide > * King of Spam Filters, SC Magazine 2008 > > ______________________________________________________________________ > This email has been scanned and certified safe by SpammerTrap(r). For > Information please see http://www.secnap.com/products/spammertrap/ > ______________________________________________________________________