Why is MS doing spam checks first?

Thu Dec 1 14:15:16 GMT 2005

-----BEGIN PGP SIGNED MESSAGE-----

On 1 Dec 2005, at 14:06, Remco Barendse wrote:

> On Thu, 1 Dec 2005, David H. wrote:
>
>> Remco Barendse wrote:
>>> I am getting flooded with these stupid "you visit illegal  
>>> websites" crap
>>> as well as the login/pass scam mails
>>>
>>> All are about 75 Kb in size and contain a zip file with an .exe
>>>
>>> The body of those mails is almost empty, there is just this one  
>>> zip file.
>>>
>>> Still it is causing my mailserver to overflow and spamass starts  
>>> to time
>>> out
>>>
>>> I would assume the zipfiles contain a virus / trojan, but why  
>>> isn't MS
>>> doing virus and filename checks first? It would save a lot of cpu  
>>> cycles
>>
>> I am sorry to be an ass. But this has been discussed over and over  
>> again,
>> please check the archives of this mailing list and you shall be  
>> answered in
>> abundance :)
>
> You are excused ;)
>
> But I think that the last few months SpamAss has turned out to be  
> more of a cpu+mem hog than any other check you would be doing on an  
> e-mail.
>
> I think that any virusscanner will have scanned the average message  
> in less than half a second wheras SpamAss is taking several seconds  
> at least
>
> Sorry if my message was unclear but maybe it's time to switch  
> priorities?

This old chestnut...

What is most of your mail? Spam. So what should you reject first? Spam.
Rejecting viruses first only reduces your mail by about 2%, leaving  
98% to be spam checked. Which makes virtually no difference to your  
load whatsoever.
Rejecting spam first reduces your mail by about 70%, leaving only 30%  
to be virus checked and all the other tests. Which makes considerably  
more difference.

That's all there is to it. Do tests in decreasing order of effect.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBQ48Fdvw32o+k+q+hAQEf3wgApeD4GgBQvAPvTwSLRwIaUIsaeE71YC9l
BcdwBerrr6/oFDdL5uuNSogiJcG7sshzqxiEY8ked8SyZzv5FBB2PjxSUtSrRcUn
GAJsMZ7lRS51VrwNmeKpotKORRLCcfZMJVig0AOqKlpK3YaNUg8itnvfVh/2dQD9
8wV5p/zvMmV7QNlQ28XpUrqA0fSPXk4XuTa0PIEkZIH3MzVq01UsSaBr5C5lHP3T
e6dh3whku0ku2sasnoasOjdV23MKumQHEvALix7k8OWG8aA8pDi8uEYVWEFL3Z0W
YcK34DI+OQbY+yHNomTgkfw4PEPo3So8nRxRDtrQAN+qLJE3DmizCg==
=ATH+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!