clamscan takes ages to complete.

gbowden · 02-06-2006, 02:35 PM

When I run clamscan -r -i --bell / it takes 10 hours to scan 78.2 GB.

Should it be taking this long?

odevans · 02-06-2006, 02:42 PM

Sounds close to my results - scanning some 30 GB of data takes about 4-5 hrs. That's empirical, I've never actually timed it. Think I might though...

palceksmuk · 02-06-2006, 04:34 PM

are there any viruses that work on linux?

mdarby · 02-06-2006, 04:57 PM

Absolutely. Not nearly the amount on Windows of course. We have to worry about rootkits.

odevans · 02-06-2006, 05:34 PM

Okay, just tried this on my home server:

Code:

root@box~#  time /usr/bin/clamscan --quiet -l /var/log/clamav.log --move=/var/clamav_quarantine -r /home

Real: 86m13.756s
User: 71m3.765s
Sys:  3m52.690s

root@box~#  du -cm /home

17182 total

So 17,182 MB in 1h 16m ~= 80,000 MB in, uh, ~6h 40m (worked that out on my fingers

). That's on a an Athlon 2600+ / 512MB / 5400RPM IDE. I could see a slower machine taking longer. What are you machine's specs?

eelriver · 02-06-2006, 05:43 PM

I just scan my mail folders. With good computing hygene how would a virus get into a folder only writable by root?

mdarby · 02-07-2006, 01:10 PM

Edit: I'm a dumbass -- read below.

gbowden · 02-07-2006, 01:23 PM

I've got a AMD Sempron Processor 3000+ @ 1808 Mhz with 512 MB of RAM.

My hard drive is using udma 5.

I don't really know what the problem is I thought it would be quicker than that.

mdarby · 02-07-2006, 01:46 PM

Oops. I forgot my script only scans everything from the previous work week;

Code:

#!/bin/bash

dir[0]="/home"
dir[1]="/mnt/smb/profiles"

find ${dir[@]} -mtime -5 -type f -print0 | xargs -0 /usr/local/bin/clamscan --infected --recursive --unzip --move=/var/quarantine

KimVette · 02-07-2006, 06:05 PM

Quote:

Originally Posted by palceksmuk

are there any viruses that work on linux?

all I scan is samba shares and apache directories (edit: and /tmp).

The samba shares, because Windows boxes have access to them.

Apache shares - because apache worms, the few that exist - are cross-platform and will compile on Windows, Linux, OS/X, or any other platform with a particular vulnerability. I have apache patched but it's a cat-and-mouse game.