我目前正在尝试将 ClamAV 的 LTS 0.103.2 版本部署到 Ubuntu 18.04 LTS 服务器上。ClamAV 一开始似乎运行良好,但当我对不同的文件进行一些测试扫描时,我注意到一种奇怪的行为。
ClamAV 似乎需要几乎相同的时间来进行任何类型的扫描?!即使是非常大的文件?!
命令:clamscan myarchive1.zip,命令输出如下:
/srv/bla/bla/bla/bla/bla/bla/myarchive1.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 8579279
Engine version: 0.103.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 25485.31 MB (ratio 0.00:1)
Time: 13.142 sec (0 m 13 s)
Start Date: 2021:11:23 08:23:51
End Date: 2021:11:23 08:24:04
命令:clamscan -r .,命令输出如下:
/srv/bla/bla/bla/bla/bla/bla/myarchive1.zip: OK
/srv/bla/bla/bla/bla/bla/bla/myarchive2.zip: OK
/srv/bla/bla/bla/bla/bla/bla/myarchive3.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 8579279
Engine version: 0.103.2
Scanned directories: 1
Scanned files: 3
Infected files: 0
Data scanned: 0.00 MB
Data read: 71528.48 MB (ratio 0.00:1)
Time: 13.194 sec (0 m 13 s)
Start Date: 2021:11:23 08:29:37
End Date: 2021:11:23 08:29:51
请查看Data scanned、Data read和Time值。
我不认为 ClamAV 在 13.194 秒内读取了 71528.48 MB,因为我的机器不可能那么快。
该机器使用普通的 3.6GHz Intel Core i3-4160 CPU、4TB Seagate Enterprise SATA HDD(最大读/写速度约为 200MiB/s)和 1 个 8GB ECC RAM DIMM。
即使在最佳条件下,我的机器也需要至少 5 分钟才能从硬盘驱动器读取 71528.48 MB(200 MiB/s)。
最糟糕的是,ClamAV 似乎也需要相同的时间来扫描非常小的文件。(1KiB 的小文件也需要大约 12 到 13 秒的“扫描时间”。)
clamconf -n(由 yang mandi 请求)
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
MaxConnectionQueueLength = "15"
MaxThreads = "12"
ReadTimeout = "180"
SendBufTimeout = "200"
SelfCheck = "3600"
User = "clamav"
BytecodeTimeout = "60000"
ScanMail disabled
MaxScanTime = "120000000"
MaxScanSize = "4194304000"
MaxFileSize = "4194304000"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"Checks = "2"
DatabaseMirror = "http://10.200.0.1/clamav"
MaxAttempts = "5"
*** SafeBrowsing is DEPRECATED ***
clamav-milter.conf not found
Software settings
-----------------
Version: 0.103.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT
Database information
--------------------
Database directory: /var/lib/clamavdaily.cld: version 26420, sigs: 1970864, built on Wed Jan 12 10:26:28 2022
main.cld: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021
Total number of signatures: 8618383
Platform information
--------------------
uname: Linux 4.15.0-166-generic #174-Ubuntu SMP Wed Dec 8 19:07:44 UTC 2021 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Ubuntu 18.04.6 LTS
zlib version: 1.2.11 (1.2.11), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: haswell, Little-endian
platform id: 0x0a217b7b0807050001070500
Build information
-----------------
GNU C: 7.5.0 (7.5.0)
GNU C++: 7.5.0 (7.5.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config-3.9' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ol9PT3/clamav-0.103.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security'
sizeof(void*) = 8
Engine flevel: 123, dconf: 123