We're attempting to troubleshoot long execution times of the savscan binary under Linux. The binary gives a version number of 4.57.0 [Linux/Intel].
On a 32-bit RHEL4 machine, when we run the command standalone, with no files passed, it takes ~15s for the "help" message to show up. strace tells us the majority of this time is spend opening and seeking through various *.ide files.
If I run readahead on these *.ide files first, the execution time trops to ~5s.
I've also noticed that on some clients, there are no *.ide files at all -- and the savscan binary only has to process through approximately 77 *.vdb files before loading up.
Right now I'm only trying to troubleshoot the slow execution of this binary and am not familiar with the internals of the Sophos client.
- Are the *.ide files updated signatures? Why do some clients not have any?
- Is there a more efficient way to read the files of significance in /opt/sophos-av/lib/sav than how it's being done now? I assume the long-running daemon (savscand) caches this information somehow? Why couldn't savscan talk to savscand?
Thanks,
Ray
This thread was automatically locked due to age.
