Speed, speed, speed, speed, speed - or the lack thereof


Time to scan 1 X 1MB file

AVG - 4 seconds
CAV - 1 minute 38 seconds

Time to scan 1 folder (24.0 MB - 13 files)
AVG - 6 seconds
CAV - 1 minute 34 seconds

The bulk of the time taken for the CAV scans appears to be taken loading the scan engine and the memory scan that takes place before every scan.

Why does the scan engine have to be loaded? I would have thought that the real time file monitor component had already loaded the scan engine. If not, what is it using? If so, why does the on-demand component reload the engine?

Why the memory scan before scanning a file system object? Of course, I understand that this method ensures that the scanning is operating in a known environment but shouldn’t that have been taken care of by the realtime monitoring component?

If “Memory Scan” is an OPTION within the main application, why is it compulsory in a file system object scan? Should this be a user configurable option? Is it really necessary?

CAV seems quite good so far - I haven’t been able to sneak any virus past it so far (50+ test infections - all captured and killed successfully), but the speed of on demand scanning is beyond belief. This really needs to improve before the app is ready for mass market usage. “Joe and Joan User” are not renowned for their patience (and their kids are usually worse) and an AV app that takes too much of his/her/their time simply will not find acceptance.

Is this the most appropriate place to post suggestions/findings on CAV?

cya l8r,
Ewen :slight_smile:

G’day again,

If you want an example of ultra quick memory and file system scanning, have a look at Arovax Antispyware (www.arovaxantispyware.com). This app is relatively new and it is still expanding its spyware database, but its scanning engine is remarkable!!!

ewen :slight_smile:

For me engine loading does not take more than 6 sec. Memory scanning time depends on number of process running and number of submodule loaded into memory.

On-Demand is a separate process and each instance of on-demand scanner loads scanner into its own process address space.

Memory scanning with on-demand scanner is user’s choice. User can deselect it when he dont want memory should be scanned with on-demand scanning. Factory default setting selects as per security issues, as On-demand should not depend on on-access. As individual file scanning also comes under On-demand scanning it takes the setting of on-demand and scans the memory if user has not deselected it.
But it seems to be valid practical query and should be taken into consideration to skip for files scanning or right file click scanning.

Why does it need to be loaded in the first place? wouldn’t the real time monitoring component have loaded it already? Shouldn’t the already loaded instance be available across the various modules of CAV?

Re. memory scanning - mea culpa, mea culpa, mea maxima culpa - once I engaged my brain I found the option to disable memory scanning in the on demand component. DOH!!

On-Demand is a separate process and each instance of on-demand scanner loads scanner into its own process address space.
Does it need to be a separate process? Even if it has to be a separate process, how come it can't use the already loaded instance of the scan engine?

ewen :slight_smile: