First, use the basic tools to check what is causing the slowness: Use top and vmstat.

• Check that your system is not swapping extensively.
  • If it is, check where the memory is consumed (hit M in top).
  • fsoasd can easily have virtual size of 50 MB.
• Where is the CPU time spent?
  • Is fsavd usually the topmost process in top display? This might indicate that there is some file that is often accessed and that is time-consuming to scan. Read about how to exclude files below.
• Is your DNS working?
  • F-Secure Management Agent (FSMA) will periodically connect to your Policy Management Server (FSPMS). If you have configured the address of your PMS as a DNS name, FSMA will make a DNS query to resolve the name to an IP address. If the DNS query takes a long time, FSMA will hang waiting for the reply and during that time it cannot serve requests from other programs which need their settings.
  • Either make sure the DNS query for your PMS address returns quickly or enter an IP address for the PMS.

Second, check some of the performance statistics of the real-time scanner:

In the Policy Manager Console, you can find them under FSAV Linux Client/Server Security / Statistics / Real-time Statistics / Object Counters.

In the standalone mode, use /opt/f-secure/fsma/bin/chtest g 44.2.40.13.N. (replace 44 with 45 if you have Server security).

The statistics are valid from the last restart of the product. Time is reported in "ticks". One "tick" is 1/100 seconds.

Usually the cache miss percentage should quickly go down to less than 10%. Average scan time should be less than 10 ticks.

If there is a certain file that is accessed often and it is reported as the file that takes the longest time to scan, you might consider excluding that file from virus scanning and/or removing it from Integrity Checking Baseline. The file can be added to the "Directories excluded from scanning" setting (files are ok too.)