Performance and accuracy issues

Julian Field mailscanner at ecs.soton.ac.uk
Sat Feb 14 15:23:37 GMT 2004 

At 17:28 13/02/2004, you wrote:
>Julian Field [mailscanner at ECS.SOTON.AC.UK] wrote:
> > At 16:08 13/02/2004, you wrote:
> > >At 16:04 13/02/2004, you wrote:
> > >>Michael Dahlberg wrote:
> > >>>I've noticed that when running the SAVI engine (Virus Scanner =
> > >>>sophossavi), rather than `sweep` (Virus Scanner = sophos) it
> > >>>takes about 3x as long with the SAVI engine (approx. 3 min to scan 100
> > >>>messages using SAVI versus 1 min with sweep).  Also when I use the
> > >>>SAVI engine, more MyDoom-infected email messages are found and
> > >>>removed.
> >
> > Check your /usr/local/Sophos/lib directory to ensure that the links are
> > pointing to the right (latest) versions of the library in there. Sounds
> > like sweep is using a different version to SAVI.
> > When you built Perl-SAVI did you remember to make the mods to Makefile.PL?
> > Is your Sophos installation done with my Sophos.install script?
> > --
>
>   The Sophos installation is done using the (mostly unmodified)
>   /opt/MailScanner/bin/Sophos.install script (I needed to change the
>   DISTRIB var from solaris.sparc.tar to solariss.tar since we install
>   it from the CD distribution).
>
>   The links in /usr/local/Sophos/lib point to the correct libraries
>   (libsavi.so is a symlink to libsavi.so.2 which is a symlink to
>   libsavi.so.3.2.07.054).  The modifications were made in the
>   Makefile.PL file for SAVI-Perl-0.15 to link the libraries from
>   /usr/local/Sophos/lib.
>
>   With regards to your previous comment about batch mode and queue
>   mode, we run MailScanner on a separate system from the main campus
>   mailserver.  All mail goes to the MailScanner system which is then
>   delivered to the main mail server (listed as a SMARTHOST in
>   sendmail).  We found that running in batch mode with >1 MailScanner
>   process would, at times swamp the main mail server with sendmail
>   connections.  Therefore we have left it in queue mode.  If we change
>   that my guess is that we'd see the same effect.

Fair enough. There is a good reason to leave it in after all :-)


>   However, the slow down isin't on the outbound queue side, it's on
>   the inbound queue side.  The number of messages in the
>   /var/spool/mqueue.in directory keeps growing and we're slowly
>   getting a real backlog.

Set
         Debug = yes
         Debug SpamAssassin = yes
and then stop MailScanner, then run check_MailScanner once. You may well be
seeing pauses in the SpamAssassin output, which should tell you where the
problem is. May well be Razor or Bayes.



>   Thanks for the help.
>
>   Mike

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list