[Mimedefang] clamdscan vs clamd under mimedefang
David F. Skoll
dfs at roaringpenguin.com
Wed Jan 14 22:06:39 EST 2004
On Tue, 13 Jan 2004, Jon R. Kibler wrote:
> Question: Why not run clamdscan instead of clamd under mimedefang?
Because running clamdscan involves a fork/exec, whereas talking
directly to clamd over its socket does not.
On a mildly busy mail server, you won't notice the difference. On a
very busy one, you will.
> 1) clamdscan appears to always be at least 2 orders of magnitude
> faster than clamscan.
That's probably true, because it doesn't have to read the virus signatures.
> 2) mimedefang running clamdscan does not appear to be significantly
> faster than mimedefang using clamd via clamd's socket (within the
> limits of the experiments I could run).
Try it on a very heavily-loaded server. :-)
> 3) the setup to run clamdscan under mimedefang is trivial (change
> references to clamscan to be clamdscan) compared to the setup to run
> clamd (running under a different user, getting freshclam to notify it
> of database updates, etc.)
That's true; maybe it's worth doing?
> Which brings up another question: Why even offer clamscan as a
> mimedefang option -- why not just always use clamdscan?
Well, on the opposite side of the ring from the performance freaks are
the stability nuts, for whom *not* having yet another long-running
daemon process (especially one that gets interrupted every now and
then by freshclam) is attractive.
I like giving people choices. :-)
Regards,
David.
More information about the MIMEDefang
mailing list