ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
ClamAV extremely slow scanning files of certain extensions
dave.becks


Joined: 24 Aug 2021
Posts: 1
Location: Ireland
Reply with quote
Hi,

I've clamd process running on a Docker container using https://hub.docker.com/r/mkodockx/docker-clamav/

My use case is to scan any attachments that a user uploads and return the scan status as response to the uploading service.

I've noticed that it takes a very long time(~2 mins) to scan certain files for example .pdf files of even smaller sizes like 12MB.

bash-5.0$ ls -lh 12MB-PDF.pdf
-rw-r--r-- 1 501 dialout 11.3M Aug 23 11:50 12MB-PDF.pdf
bash-5.0$

bash-5.0$ clamdscan 12MB-PDF.pdf
/tmp/12MB-PDF.pdf: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 129.203 sec (2 m 9 s)
Start Date: 2021:08:24 14:46:19
End Date: 2021:08:24 14:48:28



Is there a way to improve the performance of clamd?

Below is my clamd.conf for reference.

###############
# General
###############

DatabaseDirectory /var/lib/clamav
TemporaryDirectory /tmp
LogTime yes
PidFile /run/clamav/clamd.pid
LocalSocket /run/clamav/clamd.sock
TCPSocket 3310
Foreground yes

###############
# Results
###############

DetectPUA yes
ExcludePUA NetTool
ExcludePUA PWTool
AlgorithmicDetection yes
Bytecode yes

###############
# Scan
###############

ScanPE yes
DisableCertCheck yes
ScanELF yes
AlertBrokenExecutables yes
ScanOLE2 yes
ScanPDF yes
ScanSWF yes
ScanMail yes
PhishingSignatures yes
PhishingScanURLs yes
ScanHTML yes
ScanArchive yes

###############
# Scan
###############

MaxScanSize 2000M
MaxFileSize 2000M
StreamMaxLength 2000M
MaxRecursion 30
MaxFiles 50000
MaxEmbeddedPE 40M
MaxHTMLNormalize 40M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
MaxPartitions 128
MaxIconsPE 200
PCREMatchLimit 10000
PCRERecMatchLimit 10000


Thanks.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4758
Location: USA
Reply with quote
The official version of ClamWin doesn't use clamd to scan, so you must be using Clam Av on Linux. In that case, we can't help you. These forums are devoted to the use of the free, open-source official ClamWin antivirus, which is based on a Windows port of Clam AV for Linux. Scanning is different although ClamWin uses the same database as Clam Av.

Regards,
View user's profileSend private message
ClamAV extremely slow scanning files of certain extensions
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic