Performance and accuracy issues

Michael Dahlberg dahlberg at BUCKNELL.EDU
Fri Feb 13 17:28:44 GMT 2004 

Julian Field [mailscanner at ECS.SOTON.AC.UK] wrote:
> At 16:08 13/02/2004, you wrote:
> >At 16:04 13/02/2004, you wrote:
> >>Michael Dahlberg wrote:
> >>>I've noticed that when running the SAVI engine (Virus Scanner =
> >>>sophossavi), rather than `sweep` (Virus Scanner = sophos) it
> >>>takes about 3x as long with the SAVI engine (approx. 3 min to scan 100
> >>>messages using SAVI versus 1 min with sweep).  Also when I use the
> >>>SAVI engine, more MyDoom-infected email messages are found and
> >>>removed.
>
> Check your /usr/local/Sophos/lib directory to ensure that the links are
> pointing to the right (latest) versions of the library in there. Sounds
> like sweep is using a different version to SAVI.
> When you built Perl-SAVI did you remember to make the mods to Makefile.PL?
> Is your Sophos installation done with my Sophos.install script?
> --

  The Sophos installation is done using the (mostly unmodified)
  /opt/MailScanner/bin/Sophos.install script (I needed to change the
  DISTRIB var from solaris.sparc.tar to solariss.tar since we install
  it from the CD distribution).

  The links in /usr/local/Sophos/lib point to the correct libraries
  (libsavi.so is a symlink to libsavi.so.2 which is a symlink to
  libsavi.so.3.2.07.054).  The modifications were made in the
  Makefile.PL file for SAVI-Perl-0.15 to link the libraries from
  /usr/local/Sophos/lib.

  With regards to your previous comment about batch mode and queue
  mode, we run MailScanner on a separate system from the main campus
  mailserver.  All mail goes to the MailScanner system which is then
  delivered to the main mail server (listed as a SMARTHOST in
  sendmail).  We found that running in batch mode with >1 MailScanner
  process would, at times swamp the main mail server with sendmail
  connections.  Therefore we have left it in queue mode.  If we change
  that my guess is that we'd see the same effect.

  However, the slow down isin't on the outbound queue side, it's on
  the inbound queue side.  The number of messages in the
  /var/spool/mqueue.in directory keeps growing and we're slowly
  getting a real backlog.

  Thanks for the help.

  Mike

More information about the MailScanner mailing list