I'm currently trying to deploy ClamAV in its LTS 0.103.2 version onto an Ubuntu 18.04 LTS server. ClamAV seems to work fine in the first place but when I did some test scans of different files I've noticed a curious behavior.
ClamAV seems to need nearly the same time for ANY kind of scan?! Even for very huge files?!
Command: clamscan myarchive1.zip
, command output below:
/srv/bla/bla/bla/bla/bla/bla/myarchive1.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 8579279
Engine version: 0.103.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 25485.31 MB (ratio 0.00:1)
Time: 13.142 sec (0 m 13 s)
Start Date: 2021:11:23 08:23:51
End Date: 2021:11:23 08:24:04
Command: clamscan -r .
, command output below:
/srv/bla/bla/bla/bla/bla/bla/myarchive1.zip: OK
/srv/bla/bla/bla/bla/bla/bla/myarchive2.zip: OK
/srv/bla/bla/bla/bla/bla/bla/myarchive3.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 8579279
Engine version: 0.103.2
Scanned directories: 1
Scanned files: 3
Infected files: 0
Data scanned: 0.00 MB
Data read: 71528.48 MB (ratio 0.00:1)
Time: 13.194 sec (0 m 13 s)
Start Date: 2021:11:23 08:29:37
End Date: 2021:11:23 08:29:51
Please take a look at the Data scanned
, Data read
and Time
values.
I don't think that ClamAV has READ 71528.48 MB within 13.194 sec, as it's physical impossible for my machine to be that fast.
The machine uses an ordinary Intel Core i3-4160 CPU with 3.6GHz, a Seagate Enterprise SATA HDD with 4TB (max read/write round about 200MiB/s) and 1 ECC RAM DIMM with 8GB.
Even in best conditions my machine would need at least 5 minutes for reading 71528.48 MB from its harddisk drive (200 MiB/s).
To the worst, ClamAV seems also need the same time for scanning very small files. (An 1KiB small file also needs round about 12 to 13 seconds "scan time".)
clamconf -n
(requested by yang mandi)
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
MaxConnectionQueueLength = "15"
MaxThreads = "12"
ReadTimeout = "180"
SendBufTimeout = "200"
SelfCheck = "3600"
User = "clamav"
BytecodeTimeout = "60000"
ScanMail disabled
MaxScanTime = "120000000"
MaxScanSize = "4194304000"
MaxFileSize = "4194304000"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"Checks = "2"
DatabaseMirror = "http://10.200.0.1/clamav"
MaxAttempts = "5"
*** SafeBrowsing is DEPRECATED ***
clamav-milter.conf not found
Software settings
-----------------
Version: 0.103.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT
Database information
--------------------
Database directory: /var/lib/clamavdaily.cld: version 26420, sigs: 1970864, built on Wed Jan 12 10:26:28 2022
main.cld: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021
Total number of signatures: 8618383
Platform information
--------------------
uname: Linux 4.15.0-166-generic #174-Ubuntu SMP Wed Dec 8 19:07:44 UTC 2021 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Ubuntu 18.04.6 LTS
zlib version: 1.2.11 (1.2.11), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: haswell, Little-endian
platform id: 0x0a217b7b0807050001070500
Build information
-----------------
GNU C: 7.5.0 (7.5.0)
GNU C++: 7.5.0 (7.5.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config-3.9' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security'
sizeof(void*) = 8
Engine flevel: 123, dconf: 123