# new clamscan very slow

## jagdpanther

I just upgraded clamav from 0.90 to 0.90.2 (~amd64).

Each e-mail message that is scanned (I am using clamscan not calmdscan.) takes many times longer (15 seconds) than clamscan did when I was using clamav-0.90. 

Any idea why the new clamscan is so slow?

----------

## ryanmr

I've been experiencing the same problem (also amd64). Upgrading to newest clamav punted my mailserver's load up to 100% and kept it there until I backed it up to version 0.90. Anyone know why or if there's a fix?

----------

## jagdpanther

Because I only received a small amount of e-mail, I was using clamscan.  I switched to using clamd and clamdscan and now scanning is back up to speed.  I have no idea why clamscan is still so slow with the new release.

fyi:  by default starting clamd  (/etc/init.d/clamd) will also start a 'freshclam -d' running.

----------

## rapsure

me too. If a bug hasn't been filed it should be done. I switched to using clamdscan instead.

----------

## networkorg

Hello,

I use clamd but it is really slow after the update. Also there is a problem with the internal delivery now with 0.90.2 because our postfix queue shows the errors :

```

connect to 127.0.0.1[127.0.0.1]: server dropped connection without sending the initial SMTP greeting

or

connect to 127.0.0.1 [127.0.0.1]: read timeout

```

It is stupid because after "flushing the queue" it works again for a time but if there are around 30+ mails in the queue the problem will be the same. So we must flush the queue each hour or after each chinese-spam-fu**er the queue that the mails will be delivered to our customers because the clam will stop working for a time.

Maybe someone has a idea

bye alex

----------

## mossmann

I had the same problem.  Downgrading to 0.90.1-r1 didn't help.  What did help was to unmerge, remove /var/lib/clamav, and emerge.  This worked both with 0.90.1-r1 and with 0.90.2.  A good test is:

```
$ /usr/bin/clamscan - </dev/null

stdin: OK

----------- SCAN SUMMARY -----------

Known viruses: 110918

Engine version: 0.90.2

Scanned directories: 0

Scanned files: 1

Infected files: 0

Data scanned: 0.00 MB

Time: 5.350 sec (0 m 5 s)

real    0m5.359s

user    0m5.008s

sys     0m0.168s
```

This was taking more that 20 seconds prior to re-emerging.  I still don't know what the cause is, but I suspect it has something to do with reading the virus database.

----------

## networkorg

Hello,

thx for the test info. So I've read a little bit and have seen that my amavisd will use /usr/bin/clamscan (but I use clamd - so I think it should be a misconfiguration in amavisd) to scan the email  and this will be need with the command arround 30 to 60 seconds   :Crying or Very sad: 

```

# /usr/bin/clamscan - </dev/null

stdin: OK

----------- SCAN SUMMARY -----------

Known viruses: 215418

Engine version: 0.90.2

Scanned directories: 0

Scanned files: 1

Infected files: 0

Data scanned: 0.00 MB

Time: 34.445 sec (0 m 34 s)

```

But I found out that there will be also a /usr/bin/clamdscan which will need like nothing for the same on the same machine but don't have that summary as the /usr/bin/clamscan

```

# /usr/bin/clamdscan - </dev/null

stream: OK

----------- SCAN SUMMARY -----------

Infected files: 0

Time: 0.002 sec (0 m 0 s)

```

I know that clamdscan is a Daemon job. But why would it be so fast ?? Can anybody tell me or know what is the real difference of clamscan and clamdscan or maybe will clamdscan don't check so deep in detail ??

Surely the version 0.90-r1 don't had this problem but I don't want to move to clamdscan if it don't check in same way as clamscan. Surely a Daemon will be faster in loading the module if needed but .... I don't know ...

bye alex

----------

## networkorg

Hello,

here is the original BUG https://bugs.gentoo.org/show_bug.cgi?id=174375 for the security update to 0.90.2 where I've posted the question about the time for scanning.

bye alex

----------

## jagdpanther

re-installing clamav after deleting /var/lib/clamav worked for me also.  clamscan is back back up-to-speed. 

Thanks

----------

## Urgo

I just wanted to chime in and say that mossmann's fix of unmerging, removing (or moving) /var/lib/clamav, and then remerging did the trick for me too.

Thanks mossmann and jagdpanther.

----------

## halfgaar

It didn't help me, so I just use clamdscan now... Perhaps it was faster after removing the data files, but not fast enough. With clamdscan, it takes 0 seconds to scan 0 bytes of data, as it should  :Smile:  With clamscan, "clamscan - < /dev/null" takes 7.6 seconds, on my Athlon X2 3800+.

----------

## networkorg

I also use clamdscan now instead of clamscan with my new amavisd-new. Clamd is primary and for security clamscan as secondary   :Cool: 

bye alex

----------

