[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] [External] Re: Scan very slow
From: "Micah Snyder \(micasnyd\) via clamav-users" <clamav-users () lists ! clamav ! net>
Date: 2019-04-18 15:50:56
Message-ID: 64D49E91-978B-4DC4-9903-4ED7F6441D05 () cisco ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
Mark, Kevin,
I'm glad to hear that your load and scan times are back down to reasonable levels.
We'll continue to investigate the best, safest way to add the phishing detection in a \
way that is fast and optional.
Regards,
Micah
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Mark Allan \
via clamav-users <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Thursday, April 18, 2019 at 6:09 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Mark Allan <markjallan@gmail.com>
Subject: Re: [clamav-users] [External] Re: Scan very slow
Fantastic! I can also confirm that scan times are back to normal now - more-or-less \
back to what they were in early February.
The time for one of our FP test volumes which I've been referencing in this thread is \
back down to 3m 30s, and the total time for our full FP test is back down from \
several hours to just 47 minutes.
Thank you!
Mark
On Thu, 18 Apr 2019 at 09:46, Al Varnell via clamav-users \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Looks \
like all Phish.Phishing.REPHISH_ID_... signatures were dropped by daily-25423 today.
-Al-
On Apr 17, 2019, at 04:02, Al Varnell <alvarnell@mac.com<mailto:alvarnell@mac.com>> \
wrote:
There are still 2515 "Phish.Phishing.REPHISH_ID_...." signatures in daily.ldb
-Al-
On Apr 17, 2019, at 03:36, Maarten Broekman \
<maarten.broekman@gmail.com<mailto:maarten.broekman@gmail.com>> wrote:
Are the "Phish" REPHISH signatures still in the daily or were they removed as well? \
Those were causing part of the issue.
--Maarten
On Wed, Apr 17, 2019 at 5:24 AM Al Varnell via clamav-users \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: An \
additional 3968 Phishtank.Phishing.PHISH_ID_??????? signatures were dropped by \
daily-25417 on 12 April, and I can't seem to locate any more.
-Al-
On Apr 17, 2019, at 02:01, Mark Allan via clamav-users \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
Hi Micah,
Sorry to pester you, but have you any update on when the remaining Phishtank \
signatures will be getting removed? It would be really great to get scan times \
properly back to normal.
Best regards
Mark
On Tue, 9 Apr 2019 at 16:32, Micah Snyder (micasnyd) \
<micasnyd@cisco.com<mailto:micasnyd@cisco.com>> wrote: Mark,
Yes, the plan is still to remove the rest of the Phishtank signatures. We wanted to \
get things back to relative normal and resolve the immediate crisis. We'll remove \
the rest of them soon.
Best,
Micah
From: Mark Allan <markjallan@gmail.com<mailto:markjallan@gmail.com>>
Date: Tuesday, April 9, 2019 at 6:26 AM
To: "Micah Snyder (micasnyd)" <micasnyd@cisco.com<mailto:micasnyd@cisco.com>>
Cc: ClamAV users ML <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Subject: Re: [External] Re: [clamav-users] Scan very slow
The scan times are definitely better than they were - in fact, they're back to how \
they were before last week's inclusion of the Phishtank signatures. They're still \
almost double what they used to be though, and as far as I can see, there are still \
almost 4000 Phishtank signatures in the DB: $ sigtool --find Phishtank | wc -l
3968
Can I request that those ones also be removed please?
Best regards
Mark
On Sun, 7 Apr 2019 at 14:43, Micah Snyder (micasnyd) \
<micasnyd@cisco.com<mailto:micasnyd@cisco.com>> wrote: Tim,
There are a couple of ways for users to drop specific categories of signatures at \
this time. Sadly, they wouldn't have helped this last week. These include bytecode \
signatures, PUA (potentially unwanted applications) signatures, Email.Phishing and \
HTML.Phishing signatures, and the Safebrowsing database.
If we had named the Phishtank.Phishing sigs to HTML.Phishing.Phishtank or \
Email.Phishing.Phishtank then they could have been disabled with the clamscan option \
`--phishing-sigs=no` (clamd.conf: `PhishingSignatures no`).
Maybe a better option would be for us to create a new optional database for phishing \
signatures. However, the names for the databases are hardcoded into freshclam, so it \
is non-trivial to add a new database and would require a few changes to ClamAV's \
code. We have talked about making the databases easier to add/remove in the future so \
users can have more categories to enable/disable. In this light, it ties in well with \
existing plans.
Of note the Phishtank sigs from Friday's daily were removed yesterday and scan times \
should be back to normal.
Regards,
Micah
From: Tim Hawkins <tim.hawkins@redflaggroup.com<mailto:tim.hawkins@redflaggroup.com>>
Date: Friday, April 5, 2019 at 6:06 PM
To: ClamAV users ML <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>, \
Mark Allan <markjallan@gmail.com<mailto:markjallan@gmail.com>>
Cc: "Micah Snyder (micasnyd)" <micasnyd@cisco.com<mailto:micasnyd@cisco.com>>
Subject: Re: [External] Re: [clamav-users] Scan very slow
Hi Micah
Does clamav partition the database so that signatures that are mainly associated with \
email scanning can be dropped out for folks only needing filesystems scans, none of \
our systems use email, and we dont make use of the mailer extension.
Having to load all the email focused signatures could as you have observed impact \
performance. Sent from Nine<http://www.9folders.com/>
________________________________
From: "Micah Snyder (micasnyd) via clamav-users" \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Sent: Saturday, April 6, 2019 03:18
To: ClamAV users ML; Mark Allan
Cc: Micah Snyder (micasnyd)
Subject: [External] Re: [clamav-users] Scan very slow
Regarding slow scan times today (and slow scan times in general), it appears that the \
signatures we generate based on PhishTank's feed for phishing URLs are resulting in \
very slow load and scan times.
Today's daily update saw 7448 new Phishtank signatures (much higher than usual) \
coinciding with the immediate performance drop for load time and scan time. One user \
reported that the load time today on some of his slower machines was slow enough to \
exceed the timeout for service startup \
(https://bugzilla.clamav.net/show_bug.cgi?id=12317).
In limited testing on my own machine I saw the following change after dropping the \
Phishtank.Phishing signatures from daily.cvd's daily.ldb file:
* Database load time on my laptop went from 75.43203997612 seconds down to \
14.859203100204468 seconds
* Scan time (for an arbitrary pdf) went from 1.798 sec to 0.644 sec.
After some discussion between the teams that work on ClamAV and ClamAV signature \
content and deployment, we've agreed to drop PhishTank signatures from the database \
until we can determine a way to craft Phishtank signatures without incurring such a \
significant performance hit.
The daily update tomorrow will have the change.
-Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
From: clamav-users <clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net>> \
on behalf of "Micah Snyder (micasnyd) via clamav-users" \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Reply-To: ClamAV users ML \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Date: Friday, April 5, 2019 at 1:08 PM
To: Mark Allan <markjallan@gmail.com<mailto:markjallan@gmail.com>>, ClamAV users ML \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Cc: "Micah Snyder (micasnyd)" <micasnyd@cisco.com<mailto:micasnyd@cisco.com>>
Subject: Re: [clamav-users] Scan very slow
Hi Mark,
Sorry about the delay in responding. I hadn't looked at my clamav-users filter this \
morning. Just investigating now. Will respond when I know more.
-Micah
From: Mark Allan <markjallan@gmail.com<mailto:markjallan@gmail.com>>
Date: Friday, April 5, 2019 at 9:12 AM
To: ClamAV users ML <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>, \
"Micah Snyder (micasnyd)" \
<micasnyd@cisco.com<mailto:micasnyd@cisco.com>>
Subject: Re: [clamav-users] Scan very slow
Also CC'ing Micah directly as the mailing list would appear to be offline (at least \
lists.clamav.net<http://lists.clamav.net/> isn't responding to http requests anyway)
It looks like scan times have gone through the roof. As Oya said, they're still \
considerably higher than they were a couple of months ago, but today's scan time is \
insane.
Yesterday's scan using
0.101.2:58:25409:1554370140:1:63:48554:328
took 7m 3s
On the same hardware, scanning the same read-only disk image, with today's scan using
0.101.2:58:25410:1554452941:1:63:48557:328
the scan time has jumped to 26m 15s
This is the longest it has ever taken to scan this volume (cf my previous email of \
25th March)
Is there anything that can be excluded?
Best regards
Mark
On Mon, 1 Apr 2019 at 17:11, Micah Snyder (micasnyd) via clamav-users \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Thanks \
Oya for the update. We will continue to investigate the signature performance issue.
Regards,
Micah
On 3/28/19, 9:50 AM, "clamav-users on behalf of Tsutomu Oyamada" \
<clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net> \
on behalf of oyamada@promark-inc.com<mailto:oyamada@promark-inc.com>> wrote:
Hi Micah
It seems that the scanning slow down issue of this time has been solved
at some level with CVD Update of the other day.
However, there is still big discrepancy in between the current condition and
the last condition in one month ago.
Date Files Scan time
2019/02/15 2550338 08:53:57
2019/03/15 2612792 19:22:54
2019/03/26 2634489 18:13:56
2019/03/27 2637201 18:10:05
We know the improvement of this time is due to the details of CVD, because
we did not make any change on the user's system.
We are going to try some tuning for scanning.
We like to know if you still have some room to make further improvement
for this slow down issue.
Thank you for your help, in advance.
Best regards,
Oya
On Mon, 25 Mar 2019 15:45:02 +0000
"Micah Snyder \(micasnyd\) via clamav-users" \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
> Hi Mark, all:
>
> I'm disappointed to hear that it is still slow for you.
>
> We found that the target-type of signatures used for PhishTank.Phishing \
signatures were causing a significant slowdown. We have dropped them as of this \
past Saturday (https://lists.gt.net/clamav/virusdb/75279 ) and in the last two \
updates have been re-adding them with more specific scan target types. We're now \
investigating some other optimizations we can make for the next major ClamAV release \
to improve scan times but at present we don't have any other leads for signatures \
that may be slowing down scans. >
> Regards,
> Micah
>
>
> From: clamav-users \
<clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net>> \
on behalf of Mark Allan via clamav-users \
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> > Reply-To: \
ClamAV users ML <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> \
> Date: Monday, March 25, 2019 at 9:37 AM > To: ClamAV users ML \
> <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
> Cc: Mark Allan <markjallan@gmail.com<mailto:markjallan@gmail.com>>
> Subject: Re: [clamav-users] Scan very slow
>
> Cheers Steve,
>
> In the interest of completeness, here's the scan from today (TXT from DNS: \
0.101.1:58:25399:1553509741:1:63:48528:328) showing a marked improvement in scan \
time, although at 6m 7s it's still almost twice what it used to be. >
> Mark
>
> On Mon, 25 Mar 2019 at 12:56, Steve Basford \
<steveb_clamav@sanesecurity.com<mailto:steveb_clamav@sanesecurity.com><mailto:steveb_clamav@sanesecurity.com<mailto:steveb_clamav@sanesecurity.com>>> \
wrote: > On 2019-03-25 10:52, Mark Allan via clamav-users wrote:
> > Hi all,
> >
> te.
> >
> > Hopefully this helps someone to narrow things down a bit.
> >
> > Mark
> >
>
> 18/3/19 10m 49s TXT from DNS:
> 0.101.1:58:25392:1552904941:1:63:48507:328 ***
>
> Here's the changes for the above update:
>
> https://lists.gt.net/clamav/virusdb/75154
>
> You can also check sigs quickly per update:
>
> https://lists.gt.net/clamav/virusdb/
>
>
>
> --
> Cheers,
>
> Steve
> Twitter: @sanesecurity
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net><mailto:clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
DISCLAIMER
The information contained in this email and any attachments are confidential. It is \
intended solely for the individual or entity to whom they are addressed. Access to \
this email by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution or any \
action taken or omitted to be taken in reliance on it, is prohibited and may be \
unlawful. If you have received this communication in error, please notify us \
immediately by responding to this email and then delete it from your system.
The Red Flag Group is neither liable for the proper and complete transmission of the \
information contained in this communication nor for any delay in its receipt.
Any advice, recommendations or opinion contained within this email or its attachments \
are not to be construed as legal advice.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Menlo-Regular;
panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.gmail-m1083919188936004229apple-converted-space
{mso-style-name:gmail-m_1083919188936004229apple-converted-space;}
span.gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space
{mso-style-name:gmail-m_1083919188936004229gmail-m_-2194534236740648265apple-converted-space;}
p.gmail-m1083919188936004229gmail-m-2194534236740648265gmail-m357400773979497807gmail-m5858503483999855451msolistparagraph, \
li.gmail-m1083919188936004229gmail-m-2194534236740648265gmail-m357400773979497807gmail-m5858503483999855451msolistparagraph, \
div.gmail-m1083919188936004229gmail-m-2194534236740648265gmail-m357400773979497807gmail-m5858503483999855451msolistparagraph
{mso-style-name:gmail-m_1083919188936004229gmail-m_-2194534236740648265gmail-m_357400773979497807gmail-m5858503483999855451msolistparagraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:520096583;
mso-list-template-ids:-1290885572;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Mark, Kevin,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I'm glad to hear that your load and scan times are back down to \
reasonable levels. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We'll continue to investigate the best, safest way to add the \
phishing detection in a way that is fast and optional. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Micah<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: \
</span></b><span style="font-size:12.0pt;color:black">clamav-users \
<clamav-users-bounces@lists.clamav.net> on behalf of Mark Allan via \
clamav-users <clamav-users@lists.clamav.net><br> <b>Reply-To: </b>ClamAV users \
ML <clamav-users@lists.clamav.net><br> <b>Date: </b>Thursday, April 18, 2019 at \
6:09 AM<br> <b>To: </b>ClamAV users ML <clamav-users@lists.clamav.net><br>
<b>Cc: </b>Mark Allan <markjallan@gmail.com><br>
<b>Subject: </b>Re: [clamav-users] [External] Re: Scan very \
slow<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Fantastic! I can also confirm that scan times are back to normal \
now - more-or-less back to what they were in early February. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The time for one of our FP test volumes which I've been \
referencing in this thread is back down to 3m 30s, and the total time for our \
<i>full</i> FP test is back down from several hours to just 47 \
minutes.<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thank you!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Mark<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Thu, 18 Apr 2019 at 09:46, Al Varnell via clamav-users <<a \
href="mailto:clamav-users@lists.clamav.net">clamav-users@lists.clamav.net</a>> \
wrote:<o:p></o:p></p> </div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in \
6.0pt;margin-left:4.8pt;margin-right:0in"> <div>
<p class="MsoNormal">Looks like all <span \
style="font-size:8.5pt;font-family:"Menlo-Regular",serif">Phish.Phishing.REPHISH_ID_...</span> signatures \
were dropped by daily-25423 today. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-Al-<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Apr 17, 2019, at 04:02, Al Varnell <<a \
href="mailto:alvarnell@mac.com" target="_blank">alvarnell@mac.com</a>> \
wrote:<o:p></o:p></p> </div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">There are still 2515 "Phish.Phishing.REPHISH_ID_...." \
signatures in daily.ldb <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-Al-<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Apr 17, 2019, at 03:36, Maarten Broekman <<a \
href="mailto:maarten.broekman@gmail.com" \
target="_blank">maarten.broekman@gmail.com</a>> wrote:<o:p></o:p></p> </div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">Are the \
"Phish" REPHISH signatures still in the daily or were they removed as well? \
Those were causing part of the issue. <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> </div>
<div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> </div>
<div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica">--Maarten<o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">On Wed, Apr \
17, 2019 at 5:24 AM Al Varnell via clamav-users <<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>> wrote:<o:p></o:p></span></p> \
</div> <blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in \
0in 6.0pt;margin-left:4.8pt;margin-right:0in"> <div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">An \
additional 3968 </span><span \
style="font-size:8.5pt;font-family:"Menlo-Regular",serif">Phishtank.Phishing.PHISH_ID_???????<span \
class="gmail-m1083919188936004229apple-converted-space"> </span></span><span \
style="font-size:9.0pt;font-family:Helvetica">signatures were dropped by daily-25417 \
on 12 April, and I can't seem to locate any more. <o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> </div>
<div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica">-Al-<o:p></o:p></span></p> <div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica"><br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">On Apr 17, \
2019, at 02:01, Mark Allan via clamav-users <<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>> wrote:<o:p></o:p></span></p> \
</div> <p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> <div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">Hi Micah,
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">Sorry to \
pester you, but have you any update on when the remaining Phishtank signatures will \
be getting removed? It would be really great to get scan times properly back to \
normal.<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> </div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">Best \
regards<o:p></o:p></span></p> </div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica">Mark<o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> <div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">On Tue, 9 \
Apr 2019 at 16:32, Micah Snyder (micasnyd) <<a href="mailto:micasnyd@cisco.com" \
target="_blank">micasnyd@cisco.com</a>> wrote:<o:p></o:p></span></p> </div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in \
6.0pt;margin-left:4.8pt;margin-right:0in"> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Mark,<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"><br> Yes, the plan is still to remove \
the rest of the Phishtank signatures. We wanted to get things back to relative \
normal and resolve the immediate crisis. We'll remove the rest of them \
soon.<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Best,<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Micah <span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><o:p></o:p></span></p>
<p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <div \
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
style="font-size:12.0pt;font-family:Helvetica">From:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></span></b><span \
style="font-size:12.0pt;font-family:Helvetica">Mark Allan <<a \
href="mailto:markjallan@gmail.com" target="_blank">markjallan@gmail.com</a>><br> \
<b>Date:<span class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Tuesday, \
April 9, 2019 at 6:26 AM<br> <b>To:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>"Micah \
Snyder (micasnyd)" <<a href="mailto:micasnyd@cisco.com" \
target="_blank">micasnyd@cisco.com</a>><br> <b>Cc:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>ClamAV \
users ML <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Subject:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Re: \
[External] Re: [clamav-users] Scan very slow</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">The scan times are definitely better \
than they were - in fact, they're back to how they were before last week's inclusion \
of the Phishtank signatures. They're still almost double what they used to be \
though, and as far as I can see, there are still almost 4000 Phishtank signatures in \
the DB:<span class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">$ sigtool --find Phishtank | wc \
-l<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>3968<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Can I request that those ones also be \
removed please?<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Best regards<o:p></o:p></span></p> \
</div> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Mark <o:p></o:p></span></p> </div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">On Sun, 7 Apr 2019 at 14:43, Micah \
Snyder (micasnyd) <<a href="mailto:micasnyd@cisco.com" \
target="_blank">micasnyd@cisco.com</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in \
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt"> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Tim,<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">There are a couple of ways for users to \
drop specific categories of signatures at this time. Sadly, they wouldn't have \
helped this last week. These include bytecode signatures, PUA (potentially \
unwanted applications) signatures, Email.Phishing and HTML.Phishing signatures, and \
the Safebrowsing database. <o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">If we had named the Phishtank.Phishing \
sigs to HTML.Phishing.Phishtank or Email.Phishing.Phishtank then they could have been \
disabled with the clamscan option `--phishing-sigs=no` (clamd.conf: \
`PhishingSignatures no`).<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Maybe a better option would be for us \
to create a new optional database for phishing signatures. However, the names for the \
databases are hardcoded into freshclam, so it is non-trivial to add a new database \
and would require a few changes to ClamAV's code. We have talked about making the \
databases easier to add/remove in the future so users can have more categories to \
enable/disable. In this light, it ties in well with existing \
plans.<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Of note the Phishtank sigs from \
Friday's daily were removed yesterday and scan times should be back to \
normal.<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Regards,<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Micah<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <div \
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
style="font-size:12.0pt;font-family:Helvetica">From:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></span></b><span \
style="font-size:12.0pt;font-family:Helvetica">Tim Hawkins <<a \
href="mailto:tim.hawkins@redflaggroup.com" \
target="_blank">tim.hawkins@redflaggroup.com</a>><br> <b>Date:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Friday, \
April 5, 2019 at 6:06 PM<br> <b>To:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>ClamAV \
users ML <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>>, Mark Allan <<a \
href="mailto:markjallan@gmail.com" target="_blank">markjallan@gmail.com</a>><br> \
<b>Cc:<span class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>"Micah \
Snyder (micasnyd)" <<a href="mailto:micasnyd@cisco.com" \
target="_blank">micasnyd@cisco.com</a>><br> <b>Subject:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Re: \
[External] Re: [clamav-users] Scan very slow</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:12.0pt;font-family:Helvetica;color:#1F497D">Hi Micah</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span \
style="font-size:12.0pt;font-family:Helvetica;color:#1F497D"><br> Does clamav \
partition the database so that signatures that are mainly associated with email \
scanning can be dropped out for folks only needing filesystems scans, none of \
our systems use email, and we dont make use of the mailer extension.<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<br>
Having to load all the email focused signatures could as you have observed impact \
performance.</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> </div>
<div id="gmail-m_1083919188936004229gmail-m_-2194534236740648265gmail-m_357400773979497807gmail-m_5858503483999855451signature-x">
<p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:12.0pt;font-family:Helvetica;color:#1F497D">Sent from<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="http://www.9folders.com/" target="_blank"><span \
style="color:#009BDF;text-decoration:none">Nine</span></a></span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> </div>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span \
style="font-size:9.0pt;font-family:Helvetica"> <hr size="0" width="100%" noshade="" \
style="color:#E1E1E1" align="center"> </span></div>
<div>
<p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
style="font-size:9.0pt;font-family:Helvetica">From:</span></b><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"><span \
style="font-size:9.0pt;font-family:Helvetica"> </span></span><span \
style="font-size:9.0pt;font-family:Helvetica">"Micah Snyder (micasnyd) via \
clamav-users" <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Sent:</b><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span>Saturday, \
April 6, 2019 03:18<br> <b>To:</b><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span>ClamAV \
users ML; Mark Allan<br> <b>Cc:</b><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span>Micah \
Snyder (micasnyd)<br> <b>Subject:</b><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span>[External] \
Re: [clamav-users] Scan very slow<o:p></o:p></span></p> </div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Regarding slow scan times today (and \
slow scan times in general), it appears that the signatures we generate based on \
PhishTank's feed for phishing URLs are resulting in very slow load and scan \
times.<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Today's daily update saw 7448 new \
Phishtank signatures (much higher than usual) coinciding with the immediate \
performance drop for load time and scan time. One user reported that the load \
time today on some of his slower machines was slow enough to exceed the timeout for \
service startup (<a href="https://bugzilla.clamav.net/show_bug.cgi?id=12317" \
target="_blank">https://bugzilla.clamav.net/show_bug.cgi?id=12317</a>).<o:p></o:p></span></p>
<p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">In limited testing on my own machine I \
saw the following change after dropping the Phishtank.Phishing signatures from \
daily.cvd's daily.ldb file:<o:p></o:p></span></p>
<ul type="disc">
<li class="gmail-m1083919188936004229gmail-m-2194534236740648265gmail-m357400773979497807gmail-m5858503483999855451msolistparagraph" \
style="mso-list:l0 level1 lfo1"> <span \
style="font-size:9.0pt;font-family:Helvetica">Database load time on my laptop went \
from 75.43203997612 seconds down to 14.859203100204468 \
seconds<o:p></o:p></span></li><li \
class="gmail-m1083919188936004229gmail-m-2194534236740648265gmail-m357400773979497807gmail-m5858503483999855451msolistparagraph" \
style="mso-list:l0 level1 lfo1"> <span \
style="font-size:9.0pt;font-family:Helvetica">Scan time (for an arbitrary pdf) went \
from 1.798 sec to 0.644 sec.<o:p></o:p></span></li></ul> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">After some discussion between the teams \
that work on ClamAV and ClamAV signature content and deployment, we've agreed to drop \
PhishTank signatures from the database until we can determine a way to craft \
Phishtank signatures without incurring such a significant performance \
hit.<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">The daily update tomorrow will have the \
change.<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">-Micah<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"><br> Micah Snyder<br>
ClamAV Development<br>
Talos<br>
Cisco Systems, Inc.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <div \
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
style="font-size:12.0pt;font-family:Helvetica">From:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></span></b><span \
style="font-size:12.0pt;font-family:Helvetica">clamav-users <<a \
href="mailto:clamav-users-bounces@lists.clamav.net" \
target="_blank">clamav-users-bounces@lists.clamav.net</a>> on behalf of \
"Micah Snyder (micasnyd) via clamav-users" <<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Reply-To:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>ClamAV \
users ML <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Date:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Friday, \
April 5, 2019 at 1:08 PM<br> <b>To:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Mark \
Allan <<a href="mailto:markjallan@gmail.com" \
target="_blank">markjallan@gmail.com</a>>, ClamAV users ML <<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Cc:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>"Micah \
Snyder (micasnyd)" <<a href="mailto:micasnyd@cisco.com" \
target="_blank">micasnyd@cisco.com</a>><br> <b>Subject:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Re: \
[clamav-users] Scan very slow</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Hi Mark,<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Sorry about the delay in \
responding. I hadn't looked at my clamav-users filter this morning. Just \
investigating now. Will respond when I know more.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">-Micah<o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <div \
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
style="font-size:12.0pt;font-family:Helvetica">From:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></span></b><span \
style="font-size:12.0pt;font-family:Helvetica">Mark Allan <<a \
href="mailto:markjallan@gmail.com" target="_blank">markjallan@gmail.com</a>><br> \
<b>Date:<span class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Friday, \
April 5, 2019 at 9:12 AM<br> <b>To:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>ClamAV \
users ML <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>>, "Micah Snyder \
(micasnyd)" <<a href="mailto:micasnyd@cisco.com" \
target="_blank">micasnyd@cisco.com</a>><br> <b>Subject:<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span></b>Re: \
[clamav-users] Scan very slow</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Also CC'ing Micah directly as the \
mailing list would appear to be offline (at least<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="http://lists.clamav.net/" target="_blank">lists.clamav.net</a><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span>isn't
responding to http requests anyway)<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">It looks like scan times have gone \
through the roof. As Oya said, they're still considerably higher than they were a \
couple of months ago, but today's scan time is insane.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Yesterday's scan \
using<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">0.101.2:58:25409:1554370140:1:63:48554:328<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">took 7m 3s<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">On the same hardware, scanning the same \
read-only disk image, with today's scan using<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">0.101.2:58:25410:1554452941:1:63:48557:328<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">the scan time has jumped to 26m \
15s<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">This is the longest it has ever taken \
to scan this volume (cf my previous email of 25th March)<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Is there anything that can be \
excluded?<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> </div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Best regards<o:p></o:p></span></p> \
</div> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Mark<o:p></o:p></span></p> </div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica"> <o:p></o:p></span></p> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">On Mon, 1 Apr 2019 at 17:11, Micah \
Snyder (micasnyd) via clamav-users <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in \
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt"> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:9.0pt;font-family:Helvetica">Thanks Oya for the update. We \
will continue to investigate the signature performance issue.<span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<br>
Regards,<br>
Micah<br>
<br>
On 3/28/19, 9:50 AM, "clamav-users on behalf of Tsutomu Oyamada" <<a \
href="mailto:clamav-users-bounces@lists.clamav.net" \
target="_blank">clamav-users-bounces@lists.clamav.net</a><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span>on
behalf of<span class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="mailto:oyamada@promark-inc.com" target="_blank">oyamada@promark-inc.com</a>> \
wrote:<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>Hi \
Micah<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>It \
seems that the scanning slow down issue of this time has been solved<br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>at \
some level with CVD Update of the other day.<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>However, there \
is still big discrepancy in between the current condition and<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>the last \
condition in one month ago.<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>Date \
Files \
Scan time<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>2019/02/15 \
2550338 08:53:57<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>2019/03/15 \
2612792 19:22:54<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>2019/03/26 \
2634489 18:13:56<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>2019/03/27 \
2637201 18:10:05<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>We \
know the improvement of this time is due to the details of CVD, because<br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>we \
did not make any change on the user's system.<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>We are going to \
try some tuning for scanning.<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>We \
like to know if you still have some room to make further improvement<br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>for \
this slow down issue.<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>Thank you for \
your help, in advance.<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>Best \
regards,<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>Oya<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>On \
Mon, 25 Mar 2019 15:45:02 +0000<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>"Micah \
Snyder \(micasnyd\) via clamav-users" <<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>> wrote:<br> <br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
Hi Mark, all:<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
I'm disappointed to hear that it is still slow for you.<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
We found that the target-type of signatures used for PhishTank.Phishing signatures \
were causing a significant slowdown. We have dropped them as of this past \
Saturday (<a href="https://lists.gt.net/clamav/virusdb/75279" \
target="_blank">https://lists.gt.net/clamav/virusdb/75279</a><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span>)
and in the last two updates have been re-adding them with more specific scan target \
types. We're now investigating some other optimizations we can make for the \
next major ClamAV release to improve scan times but at present we don't have any \
other leads for signatures that may be slowing down scans.<br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
Regards,<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> Micah<br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
From: clamav-users <<a href="mailto:clamav-users-bounces@lists.clamav.net" \
target="_blank">clamav-users-bounces@lists.clamav.net</a>> on behalf of Mark Allan \
via clamav-users <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> Reply-To: \
ClamAV users ML <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> Date: \
Monday, March 25, 2019 at 9:37 AM<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> To: ClamAV \
users ML <<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> Cc: Mark \
Allan <<a href="mailto:markjallan@gmail.com" \
target="_blank">markjallan@gmail.com</a>><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> Subject: \
Re: [clamav-users] Scan very slow<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
Cheers Steve,<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
In the interest of completeness, here's the scan from today (TXT from DNS: \
0.101.1:58:25399:1553509741:1:63:48528:328) showing a marked improvement in scan \
time, although at 6m 7s it's still almost twice what it used to be.<br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
Mark<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
On Mon, 25 Mar 2019 at 12:56, Steve Basford <<a \
href="mailto:steveb_clamav@sanesecurity.com" \
target="_blank">steveb_clamav@sanesecurity.com</a><mailto:<a \
href="mailto:steveb_clamav@sanesecurity.com" \
target="_blank">steveb_clamav@sanesecurity.com</a>>> wrote:<br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
On 2019-03-25 10:52, Mark Allan via clamav-users wrote:<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> > Hi \
all,<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> ><br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
te.<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> ><br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
> Hopefully this helps someone to narrow things down a bit.<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> ><br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
> Mark<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> ><br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
18/3/19 10m 49s TXT \
from DNS:<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> \
0.101.1:58:25392:1552904941:1:63:48507:328 ***<br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
Here's the changes for the above update:<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="https://lists.gt.net/clamav/virusdb/75154" \
target="_blank">https://lists.gt.net/clamav/virusdb/75154</a><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
You can also check sigs quickly per update:<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="https://lists.gt.net/clamav/virusdb/" \
target="_blank">https://lists.gt.net/clamav/virusdb/</a><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
--<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> Cheers,<br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
Steve<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>> Twitter: \
@sanesecurity<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
_______________________________________________<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
clamav-users mailing list<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a><mailto:<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="https://lists.clamav.net/mailman/listinfo/clamav-users" \
target="_blank">https://lists.clamav.net/mailman/listinfo/clamav-users</a><br> \
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>> \
Help us build a comprehensive ClamAV guide:<br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="https://github.com/vrtadmin/clamav-faq" \
target="_blank">https://github.com/vrtadmin/clamav-faq</a><br> <span \
class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>><span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="http://www.clamav.net/contact.html#ml" \
target="_blank">http://www.clamav.net/contact.html#ml</a><br> <br>
<br>
<br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>_______________________________________________<br>
<br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>clamav-users \
mailing list<br> <span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a><br> <span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="https://lists.clamav.net/mailman/listinfo/clamav-users" \
target="_blank">https://lists.clamav.net/mailman/listinfo/clamav-users</a><br> <br>
<br>
<span class="gmail-m1083919188936004229apple-converted-space"> </span>Help \
us build a comprehensive ClamAV guide:<br> <span \
class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="https://github.com/vrtadmin/clamav-faq" \
target="_blank">https://github.com/vrtadmin/clamav-faq</a><br> <br>
<span class="gmail-m1083919188936004229gmail-m-2194534236740648265apple-converted-space"> </span><a \
href="http://www.clamav.net/contact.html#ml" \
target="_blank">http://www.clamav.net/contact.html#ml</a><br> <br>
<br>
<br>
_______________________________________________<br>
<br>
clamav-users mailing list<br>
<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a><br> <a \
href="https://lists.clamav.net/mailman/listinfo/clamav-users" \
target="_blank">https://lists.clamav.net/mailman/listinfo/clamav-users</a><br> <br>
<br>
Help us build a comprehensive ClamAV guide:<br>
<a href="https://github.com/vrtadmin/clamav-faq" \
target="_blank">https://github.com/vrtadmin/clamav-faq</a><br> <br>
<a href="http://www.clamav.net/contact.html#ml" \
target="_blank">http://www.clamav.net/contact.html#ml</a><o:p></o:p></span></p> \
</blockquote> </div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span \
style="font-size:9.0pt;font-family:Helvetica"><br> <br>
</span><b><span style="font-size:8.0pt;font-family:Helvetica">DISCLAIMER</span></b><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> <p><span \
style="font-size:8.0pt;font-family:Helvetica">The information contained in this email \
and any attachments are confidential. It is intended solely for the individual or \
entity to whom they are addressed. Access to this email by anyone else is \
unauthorized.</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> <p><span \
style="font-size:8.0pt;font-family:Helvetica">If you are not the intended recipient, \
any disclosure, copying, distribution or any action taken or omitted to be taken in \
reliance on it, is prohibited and may be unlawful. If you have received this \
communication in error, please notify us immediately by responding to this email and \
then delete it from your system.</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> <p><span \
style="font-size:8.0pt;font-family:Helvetica">The Red Flag Group is neither liable \
for the proper and complete transmission of the information contained in this \
communication nor for any delay in its receipt.</span><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p> <p><span \
style="font-size:8.0pt;font-family:Helvetica">Any advice, recommendations or opinion \
contained within this email or its attachments are not to be construed as legal \
advice.</span><span style="font-size:9.0pt;font-family:Helvetica"><o:p></o:p></span></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica"><br>
_______________________________________________<br>
<br>
clamav-users mailing list<br>
<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a><br> <a \
href="https://lists.clamav.net/mailman/listinfo/clamav-users" \
target="_blank">https://lists.clamav.net/mailman/listinfo/clamav-users</a><br> <br>
<br>
Help us build a comprehensive ClamAV guide:<br>
<a href="https://github.com/vrtadmin/clamav-faq" \
target="_blank">https://github.com/vrtadmin/clamav-faq</a><br> <br>
<a href="http://www.clamav.net/contact.html#ml" \
target="_blank">http://www.clamav.net/contact.html#ml</a><o:p></o:p></span></p> \
</div> </blockquote>
</div>
<p class="MsoNormal"><span \
style="font-size:9.0pt;font-family:Helvetica"><o:p> </o:p></span></p> </div>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica"><br>
_______________________________________________<br>
<br>
clamav-users mailing list<br>
<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a><br> <a \
href="https://lists.clamav.net/mailman/listinfo/clamav-users" \
target="_blank">https://lists.clamav.net/mailman/listinfo/clamav-users</a><br> <br>
<br>
Help us build a comprehensive ClamAV guide:<br>
<a href="https://github.com/vrtadmin/clamav-faq" \
target="_blank">https://github.com/vrtadmin/clamav-faq</a><br> <br>
<a href="http://www.clamav.net/contact.html#ml" \
target="_blank">http://www.clamav.net/contact.html#ml</a><o:p></o:p></span></p> \
</blockquote> </div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
<br>
clamav-users mailing list<br>
<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a><br> <a \
href="https://lists.clamav.net/mailman/listinfo/clamav-users" \
target="_blank">https://lists.clamav.net/mailman/listinfo/clamav-users</a><br> <br>
<br>
Help us build a comprehensive ClamAV guide:<br>
<a href="https://github.com/vrtadmin/clamav-faq" \
target="_blank">https://github.com/vrtadmin/clamav-faq</a><br> <br>
<a href="http://www.clamav.net/contact.html#ml" \
target="_blank">http://www.clamav.net/contact.html#ml</a><o:p></o:p></p> \
</blockquote> </div>
</div>
</div>
</body>
</html>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--===============2267444468925868633==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic