delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2006/01/14/14:03:52

X-Spam-Check-By: sourceware.org
From: "Hannu E K Nevalainen" <_garbage_collector_ AT telia DOT com>
To: <cygwin AT cygwin DOT com>
Subject: RE: stat(2) triggers on-demand virus scan
Date: Sat, 14 Jan 2006 20:06:09 +0100
Message-ID: <JAEBIEIILHAGMJNFODIEMEDHCDAA._garbage_collector_@telia.com>
MIME-Version: 1.0
In-reply-to: <43C8927B.9010902@earthlink.net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

------=_NextPart_000_0005_01C61945.F5A8DC40
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

pmcferrin wrote:
> The stat(2) system call runs very slowly because it is constantlt
> triggering the McAfee on-demand virus scanner to scan the file that
> is being stat'ed. This may not seem like a big thing but I frequently
> stat thousands of files at a batch.  I find that the stat runs much
> faster when I temporarily disable the on-demand virus scanner.

Judging from previous messages on this list it *seems* that one of the
slowest
things you can do in cygwin is accessing files; stat(), fopen() and the
like.


In general...
FWIW/IMO; If you have the option to replace M*Af**[1] with a just as good an
AV, then do
that - I suggest to avoid Sym*ntec[2] products too as they seem to have
similar problems.

OTOH, I have good experience with what you find at f-secure dot com - I've
had this one
installed since cygwin 1.3.x was current, and prior to that.

I've always considered S. and M. AV's to be CPU hogs in general terms - and
have found f-secure to be much lighter in this respect. Now I wonder how M.
and S. AV's compare to what I have done in a simple (attached) comparasion
with fsecure V5.30 ON/OFF
(Use e.g. NOTEPAD, and a monospace font to view it)

/H

[1] I've got previous experience with having it on my private PC.
[2] I'm forced to live with such a thing at work.
--

------=_NextPart_000_0005_01C61945.F5A8DC40
Content-Type: text/plain;
	name="AV_fsecure-impact.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="AV_fsecure-impact.txt"

Test object:
 Windows partition with some additional SW installed
 Included on this disk is a huge cygwin installation.

 Test run several times prior taking these samples.
Also making sure it ran without interference from other
running software
 - this was to ensure somewhat persistent timings.

AV ON	      	       	      		AV OFF

find =3Dprints=3D> 201195 (files+dirs)

real	30.089	28.165	27.875		real	27.547	28.113	27.988
user	 5.576 	 5.498 	 5.779 		user	 5.529 	 5.732 	 5.451
sys	23.966	22.123	21.638		sys	21.562	21.842	21.874

find - per file/dir, microseconds calculated from the above file/dir count
	150	140	139			137	140	139


du -s =3Dprints=3D> 7431252
=09=09=09=09=09=09=09=09
real	87.608	88.285	87.523		real	43.355	41.916	41.815
user	 8.155 	 8.03  	 7.89  		user	 7.358 	 8.015 	 7.624=20
sys	77.156	77.905	77.734		sys	33.531	32.062	32.312

du - per file/dir, microseconds calculated from the above file/dir count
	435	439	435			215	208	208


From this it seems that "du" does something that triggers the f-secure AV
in some way (AV doing the same as "du"?).
 This has the impact of doubling the scan time per file/dir.

****
It would be interesting to see similar measurements done with McAFee and
Symantec antivirus packages.
****


-- actual test session log follows --

$ cd W:  # Sempron 2800+, 1G RAM - has Win2K and related files on W:=20

 --- AV enabled --
$ for (( i=3D0; i<3 ;i++ )) ;do time find 2>/dev/null -printf "%f\n" | wc -=
l ;done
201195

real    0m30.089s
user    0m5.576s
sys     0m23.966s
201195

real    0m28.165s
user    0m5.498s
sys     0m22.123s
201195

real    0m27.875s
user    0m5.779s
sys     0m21.638s
201195

-- AV disabled --
$ for (( i=3D0; i<3 ;i++ )) ;do time find 2>/dev/null -printf "%f\n" | wc -=
l ;done
201195

real    0m27.547s
user    0m5.529s
sys     0m21.562s
201195

real    0m28.113s
user    0m5.732s
sys     0m21.842s
201195

real    0m27.988s
user    0m5.451s
sys     0m21.874s
201195

$ for (( i=3D0; i<3 ;i++ )) ;do time du -s 2>/dev/null ;done
7431252 .

real    0m43.355s
user    0m7.358s
sys     0m33.531s
7431252 .

real    0m41.916s
user    0m8.015s
sys     0m32.062s
7431252 .

real    0m41.815s
user    0m7.624s
sys     0m32.312s
7431252 .

-- AV enabled --
$ for (( i=3D0; i<3 ;i++ )) ;do time du -s 2>/dev/null ;done
7431252 .

real    1m27.608s
user    0m8.155s
sys     1m17.156s
7431252 .

real    1m28.285s
user    0m8.030s
sys     1m17.905s
7431252 .

real    1m27.523s
user    0m7.890s
sys     1m17.734s
7431252 .

$ uname -a
CYGWIN_NT-5.0 amd 1.5.19s(0.149/4/2) 20051229 16:10:48 i686 unknown unknown=
 Cygwin



------=_NextPart_000_0005_01C61945.F5A8DC40
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
------=_NextPart_000_0005_01C61945.F5A8DC40--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019