mike at TC3NET.COM
Mon Sep 19 21:57:27 IST 2005
Well, in my setup, scanning for viruses first would probably be
beneficial sometimes. I drop the virus infected emails immediately,
while for spam, I actually just score them, since we have a opt-in
system, and I use generated procmail rules to deal with the mail based
on the score. If it was checking viruses first, I would save the
overhead of spamassassin for some messages, which I would discard as
viruses immediately. It's not a big deal, I'm sure I could move virus
scanning to a milter or something, but would lose the MailScanner
batching, and having viruses and spam handled through the same config.
> Most of your mail (say 75%) is spam. Relatively, very little of it
> (say 5%) is a virus.
> So if you do spam checks first, then delete all the spam, you don't
> need to do anything further with 75% of your incoming mail. So the
> overhead of all further processing of 75% of your mail never happens.
> That includes all the expensive checks like the phishing net, as well
> as the straight virus scanning.
> On 18 Sep 2005, at 04:16, Chris Russell wrote:
> > Hi All,
> > This is more than likely a question for Julian but I`ll throw it
> > open.
> > Is there a specific reason MailScanner does MCP/Spam checks
> > before AV ?
> > Ok, Reasoning:
> > I was looking into our systems this evening, and from our
> > stats, Pretty much 100% of our virus infected email is simply
> > deleted. For the most part theres very little reason to actually
> > look at these messages as they are often the result of mass-mailing
> > virus's etc.
> > With this in mind, would it be more efficient to virus scan the
> > email first ? This would cut out spam/mcp scanning for infected
> > messages (dependant on the action), and cut down on the number of
> > messages required to be spam/MCP scanned, which seems to take the
> > longest time/ add the most significant load to the process.
> > I've looked into /usr/sbin/MailScanner and thanks to Julian's
> > coding, it doesn't look too difficult to change (** highly
> > preliminary findings here!), so does anyone have any thoughts on
> > whether AV->MCP/SPAM may be a better approach to take ?
> > Cheers,
> > Chris
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner