HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
Hacks to make HAVP+ClamAV on FreeBSD as smooth as on Linux? http://havp.hege.li/forum/viewtopic.php?f=3&t=357 |
Page 1 of 1 |
Author: | pm5 [ 16 Apr 2008 22:58 ] |
Post subject: | Hacks to make HAVP+ClamAV on FreeBSD as smooth as on Linux? |
Hello everyone, Our company is considering using HAVP in one of our firewall products. Since the product is based on FreeBSD, the performance "penalty" due to the OS's lack of mandatory lock is a prime obstacle for us to adopt it. To me it seems possible to workaround this by patching ClamAV so that each file I/O is protected by advisory record locks. Then HAVP could do a partial locking by advisory locks, too. Given that our product only uses ClamAV and does not try to support multiple scanners, this kind of hack might be acceptable. I'm not sure if this is correct so I think I'd ask someone with more experiences. Is this workaround theoretically correct? Is it feasible? Or does anyone have other suggestions? pm5 |
Author: | hege [ 17 Apr 2008 08:39 ] |
Post subject: | Re: Hacks to make HAVP+ClamAV on FreeBSD as smooth as on Linux? |
It is not possible in a sane fashion. The locking would need to be done inside scanner process, as you can't lock between processes. Furthermore, ClamAV uses mmap() which doesn't care about advisory locking. You would have to disable mmap (#undef HAVE_MMAP) for ClamAV, and that results in unable to scan few formats like BinHex, PDF, and for 0.93, ZIPs. You just have to live with either a small MAXSCANSIZE or some delays for big slow files. Unless you start rewriting ClamAV. |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |