Scanning Order

Julian Field MailScanner at ecs.soton.ac.uk
Mon Sep 19 11:41:27 IST 2005 

Most of your mail (say 75%) is spam. Relatively, very little of it  
(say 5%) is a virus.
So if you do spam checks first, then delete all the spam, you don't  
need to do anything further with 75% of your incoming mail. So the  
overhead of all further processing of 75% of your mail never happens.  
That includes all the expensive checks like the phishing net, as well  
as the straight virus scanning.

On 18 Sep 2005, at 04:16, Chris Russell wrote:

> Hi All,
>
>   This is more than likely a question for Julian but I`ll throw it  
> open.
>
>   Is there a specific reason MailScanner does MCP/Spam checks  
> before AV ?
>
>   Ok, Reasoning:
>
>     I was looking into our systems this evening, and from our  
> stats, Pretty much 100% of our virus infected email is simply  
> deleted. For the most part theres very little reason to actually  
> look at these messages as they are often the result of mass-mailing  
> virus's etc.
>
>     With this in mind, would it be more efficient to virus scan the  
> email first ? This would cut out spam/mcp scanning for infected  
> messages (dependant on the action), and cut down on the number of  
> messages required to be spam/MCP scanned, which seems to take the  
> longest time/ add the most significant load to the process.
>
>     I've looked into /usr/sbin/MailScanner and thanks to Julian's  
> coding, it doesn't look too difficult to change (** highly  
> preliminary findings here!), so does anyone have any thoughts on  
> whether AV->MCP/SPAM may be a better approach to take ?
>
> Cheers,
>
> Chris
>
>
>
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list