Why is MS doing spam checks first?
MailScanner at ecs.soton.ac.uk
Thu Dec 1 14:15:16 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
On 1 Dec 2005, at 14:06, Remco Barendse wrote:
> On Thu, 1 Dec 2005, David H. wrote:
>> Remco Barendse wrote:
>>> I am getting flooded with these stupid "you visit illegal
>>> websites" crap
>>> as well as the login/pass scam mails
>>> All are about 75 Kb in size and contain a zip file with an .exe
>>> The body of those mails is almost empty, there is just this one
>>> zip file.
>>> Still it is causing my mailserver to overflow and spamass starts
>>> to time
>>> I would assume the zipfiles contain a virus / trojan, but why
>>> isn't MS
>>> doing virus and filename checks first? It would save a lot of cpu
>> I am sorry to be an ass. But this has been discussed over and over
>> please check the archives of this mailing list and you shall be
>> answered in
>> abundance :)
> You are excused ;)
> But I think that the last few months SpamAss has turned out to be
> more of a cpu+mem hog than any other check you would be doing on an
> I think that any virusscanner will have scanned the average message
> in less than half a second wheras SpamAss is taking several seconds
> at least
> Sorry if my message was unclear but maybe it's time to switch
This old chestnut...
What is most of your mail? Spam. So what should you reject first? Spam.
Rejecting viruses first only reduces your mail by about 2%, leaving
98% to be spam checked. Which makes virtually no difference to your
Rejecting spam first reduces your mail by about 70%, leaving only 30%
to be virus checked and all the other tests. Which makes considerably
That's all there is to it. Do tests in decreasing order of effect.
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)
-----END PGP SIGNATURE-----
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner