Hi,

I've clamd process running on a Docker container using https://hub.docker.com/r/mkodockx/docker-clamav/

My use case is to scan any attachments that a user uploads and return the scan status as response to the uploading service.

I've noticed that it takes a very long time(~2 mins) to scan certain files for example .pdf files of even smaller sizes like 12MB.

bash-5.0$ ls -lh 12MB-PDF.pdf
-rw-r--r-- 1 501 dialout 11.3M Aug 23 11:50 12MB-PDF.pdf
bash-5.0$

bash-5.0$ clamdscan 12MB-PDF.pdf
/tmp/12MB-PDF.pdf: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 129.203 sec (2 m 9 s)
Start Date: 2021:08:24 14:46:19
End Date: 2021:08:24 14:48:28


Is there a way to improve the performance of clamd?

Below is my clamd.conf for reference.

###############
# General
###############

DatabaseDirectory /var/lib/clamav
TemporaryDirectory /tmp
LogTime yes
PidFile /run/clamav/clamd.pid
LocalSocket /run/clamav/clamd.sock
TCPSocket 3310
Foreground yes

###############
# Results
###############

DetectPUA yes
ExcludePUA NetTool
ExcludePUA PWTool
AlgorithmicDetection yes
Bytecode yes

###############
# Scan
###############

ScanPE yes
DisableCertCheck yes
ScanELF yes
AlertBrokenExecutables yes
ScanOLE2 yes
ScanPDF yes
ScanSWF yes
ScanMail yes
PhishingSignatures yes
PhishingScanURLs yes
ScanHTML yes
ScanArchive yes

###############
# Scan
###############

MaxScanSize 2000M
MaxFileSize 2000M
StreamMaxLength 2000M
MaxRecursion 30
MaxFiles 50000
MaxEmbeddedPE 40M
MaxHTMLNormalize 40M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
MaxPartitions 128
MaxIconsPE 200
PCREMatchLimit 10000
PCRERecMatchLimit 10000


Thanks.

The official version of ClamWin doesn't use clamd to scan, so you must be using Clam Av on Linux. In that case, we can't help you. These forums are devoted to the use of the free, open-source official ClamWin antivirus, which is based on a Windows port of Clam AV for Linux. Scanning is different although ClamWin uses the same database as Clam Av.

Regards,