Why is MS doing spam checks first?

Julian Field MailScanner at ecs.soton.ac.uk
Thu Dec 1 14:15:16 GMT 2005


On 1 Dec 2005, at 14:06, Remco Barendse wrote:

> On Thu, 1 Dec 2005, David H. wrote:
>> Remco Barendse wrote:
>>> I am getting flooded with these stupid "you visit illegal  
>>> websites" crap
>>> as well as the login/pass scam mails
>>> All are about 75 Kb in size and contain a zip file with an .exe
>>> The body of those mails is almost empty, there is just this one  
>>> zip file.
>>> Still it is causing my mailserver to overflow and spamass starts  
>>> to time
>>> out
>>> I would assume the zipfiles contain a virus / trojan, but why  
>>> isn't MS
>>> doing virus and filename checks first? It would save a lot of cpu  
>>> cycles
>> I am sorry to be an ass. But this has been discussed over and over  
>> again,
>> please check the archives of this mailing list and you shall be  
>> answered in
>> abundance :)
> You are excused ;)
> But I think that the last few months SpamAss has turned out to be  
> more of a cpu+mem hog than any other check you would be doing on an  
> e-mail.
> I think that any virusscanner will have scanned the average message  
> in less than half a second wheras SpamAss is taking several seconds  
> at least
> Sorry if my message was unclear but maybe it's time to switch  
> priorities?

This old chestnut...

What is most of your mail? Spam. So what should you reject first? Spam.
Rejecting viruses first only reduces your mail by about 2%, leaving  
98% to be spam checked. Which makes virtually no difference to your  
load whatsoever.
Rejecting spam first reduces your mail by about 70%, leaving only 30%  
to be virus checked and all the other tests. Which makes considerably  
more difference.

That's all there is to it. Do tests in decreasing order of effect.
- -- 
Julian Field
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Version: PGP Desktop 9.0.3 (Build 2932)


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list