Avoid scanning local mail (& the daemon debate)

Julian Field mailscanner at ecs.soton.ac.uk
Sun Jul 28 12:02:46 IST 2002 

At 08:52 28/07/2002, you wrote:
>I'm running MailScanner 3.13-2 and Kaspersky AV on my primary mail server.
>I also
>send out about 5500 pieces of mail (Quotes of the Day by subscription) every
>night. I save two text files to the server, one is the body of the text
>version,
>the other is the HTML version, along with lists of subscribers to each
>version. A
>pair of Perl scripts mails the copy to each address in turn using
>"/usr/sbin/sendmail -t" - which I think would count as invoking sendmail
>directly
>from the command line rather than via SMTP.

How many recipients are you using per message? You should be able to do 100
recips per message quite happily. MailScanner will then only have to scan
the message once for 100 users. If you are invoking sendmail separately for
each recipient, then it's no wonder your scanning load is so high!

>Contrary to what the FAQ says I should expect, the delivered mail is being
>scanned.

You must be using sendmail 8.12, where the way sendmail queuing is done has
changed.

>  This is a particular problem since MailScanner uses the command-line
>version of Kaspersky instead of the daemonized version

I have very recently speed tested one (sorry, but I'm not going to get in a
flame war by telling you which one) of the very big commercial virus
scanners, who provide a daemon and a command-line scanner. Obviously the
only time the speed difference between the 2 matters is when the message
batch size has grown quite large (i.e. when the server is battling to keep up).

I ran with a test set of 10,000 messages. The command-line approach took 11
seconds (processing in batches of about 50-100, whereas the daemon took 39
seconds. The difference is mostly down to the communication overhead in
talking to the daemon. You have to generate an HTTP GET request for each
individual file, sending that to a socket. The daemon then scans the file
and sends back XML saying whether the file was infected, again
communicating via the socket.

All that communication overhead is much slower than starting up the
command-line scanner a few times.

If you want any more reasons why I don't support daemon scanners, then
please read the Installation FAQ on the website, which contains some more info.

>  - by the time I've sent a
>couple of hundred messages my load average is up to 6, and the mailrun
>takes at
>least three times as long as before I installed MailScanner.

How many recipients per message? 5,500 subscribers shouldn't generate more
than about 55 messages.
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list