Mailscanner process mail too slow

Steve Freegard steve.freegard at fsl.com
Wed Dec 24 11:40:17 GMT 2014 

On 24/12/14 02:48, Carlos R Laguna wrote:
> i am not sure if the change to clamd work or not.

The speed difference between the two is huge:

[root at mail1-ec2 ~]# clamdscan -c /etc/clamd.d/scan.conf  /tmp/test.eml
/tmp/test.eml: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.016 sec (0 m 0 s)

.vs.

[root at mail1-ec2 ~]# clamscan /tmp/test.eml
/tmp/test.eml: OK

----------- SCAN SUMMARY -----------
Known viruses: 4687566
Engine version: 0.98.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 18.914 sec (0 m 18 s)

So 18.9 seconds .vs. 0.016 seconds.

That would allow MailScanner to scan only 3000 messages per hour (with 
15 children: (3600/18)*15 = 3000 that 200 messages per child) whereas 
with clamd that would be 3,375,000 messages.   However that doesn't take 
into consideration the overhead of unpacking the messages, SpamAssassin 
scans (usually 3 seconds each minimum) and all the other stuff that 
MailScanner does, but you get the idea; the difference between the two 
is massive.

MailScanner --lint should tell you if clamd is working or not as it 
should report that it found 'clamd' and detect the Eicar test:

[root at mta41 ~]# MailScanner --lint
Trying to setlogsock(unix)
ConfigSQL configuration loaded with serial 594, next check in 900 seconds
Reading ruleset allowexternal for keyword allowexternal
<snip>
Checking version numbers...
Version number in MailScanner.conf (4.77.10) is correct.

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
I have found clamd f-prot-6 scanners installed, and will use them all by 
default.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamd, f-prot-6
===========================================================================
Filename Checks: Blocked Filename Detected (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
Virus Scanning: Clamd found 1 infections
Scanning: -
  at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2338
Virus Scanning: F-Prot6 found 1 infections
Infected message 1 came from 10.1.1.1
Infected message 1.message->eicar.com came from
Virus Scanning: Found 2 viruses
===========================================================================

If any of your virus scanners (clamd,f-prot-6)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

Regards,
Steve.

More information about the MailScanner mailing list