Why is MS doing spam checks first?

Remco Barendse mailscanner at BARENDSE.TO
Fri Dec 2 17:56:41 GMT 2005


On Thu, 1 Dec 2005, Kai Schaetzl wrote:

> Remco Barendse wrote on         Thu, 1 Dec 2005 13:28:51 +0100:
>
>> I would assume the zipfiles contain a virus / trojan, but why isn't MS
>> doing virus and filename checks first? It would save a lot of cpu cycles
>> on spamass which is putting more and more mail servers to a grinding halt
>
> You can reject almost 100% of all viruses without even Mailscanner working.
> Just reject on MTA level based on zombie and DUHL RBL lists and/or use
> greylisting. The only viruses you will get are those bounced by real
> mailservers.

Unfortunately, in my case I also have batched SMTP from my provider. This 
means that any mail that is not deliverable directly to one of the mail 
servers, it is queued by my provider.

I'm just running a small site, about 2000 mails a day (incl. spam/virii 
etc. which accounts for half of that).

Right now one box (an Athlon XP2600 with 1 Gb of ram and max 2 MailScanner 
threads) is getting hammered with virii. It's taking up to 10K virus mails 
per day now (normal volume is 100-200 mails per day on that 2nd in 
line box).

Continually there are 1300 messages in the mqueue.in directory and load is 
around 3.

In this case the box is hurt really bad by this Worm.Sober and scanning 
for viruses first will drop the load / queue within seconds.

Now it is pulling all the virus mails through SpamAssassin which seems to 
take forever especially because most worms are 75 Kb in size and SA seems 
to look through it all bit by bit.

I guess for high volume sites it levels out because on average, most mails 
will be spam.


(but I wonder what kind of horsepower you would need to process 10-50K of 
mails through MS+SA)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list