Is it possible to

Philip Parsons pparsons at techeez.com
Thu Sep 8 17:21:48 UTC 2016 

If anyone is interested the issue seems to have been the extra rule sets added to the scanning of clamav. After removal of all of the extra databases the system was able to handle the loads 100%.  

Couple of items I had to change.

I had to drop the Max Children = setting in Mailscanner.conf to 3 as these systems only has 3 gigs ram and then I was able to add the Sanesecurity extra rule sets back with no issues..

As soon as I added the Securiteinfo: rules back into the mix the system started to have problems.



-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces+pparsons=techeez.com at lists.mailscanner.info] On Behalf Of Steve Basford
Sent: September 2, 2016 12:27 AM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: RE: Is it possible to


On Fri, September 2, 2016 2:06 am, Philip Parsons wrote:
> I believe I am using all of them.  I have removed some and tried that 
> but I think I it is a good Idea to remove then all I will try it with 
> nothing just clamav databases.  The funny thing is I now have a second 
> system different customer that is also having the same issue.  This is 
> all related to these .zip files

Note: might be an idea to move this off-list or to clamav-users or to sanesecurity list but for now....

This is a slightly unfair test but I scanned a small file with each database and all returned an OK but here are the timings for each database...

If you are using any of the ones marked [Possible Performance Issue] then removed them first and see what happens.

Securiteinfo:

spam_marketing.ndb                 230250 ms [Possible Performance Issue]
javascript.ndb                     23109 ms [Possible Performance Issue]
securiteinfo.hdb                   11781 ms [Possible Performance Issue]
securiteinfoascii.hdb              1532 ms
securiteinfohtml.hdb               1469 ms

Sanesecurity mirrored:

scamnailer.ndb                     8547 ms
phish.ndb                          4750 ms
junk.ndb                           2391 ms
spear.ndb                          1985 ms
phishtank.ndb                      1844 ms
scam.ndb                           1641 ms
badmacro.ndb                       1500 ms
winnow_phish_complete.ndb          1484 ms
winnow_phish_complete_url.ndb      1484 ms
jurlbl.ndb                         1391 ms
winnow_malware_links.ndb           1344 ms
jurlbla.ndb                        1313 ms
blurl.ndb                          1313 ms
porcupine.ndb                      1296 ms
foxhole_filename.cdb               1282 ms
bofhland_malware_attach.hdb        1266 ms
foxhole_all.cdb                    1266 ms
foxhole_generic.cdb                1266 ms
lott.ndb                           1266 ms
winnow_extended_malware.hdb        1266 ms
winnow_malware.hdb                 1266 ms
winnow_spam_complete.ndb           1266 ms
bofhland_phishing_URL.ndb          1265 ms
bofhland_cracked_URL.ndb           1250 ms
bofhland_malware_URL.ndb           1250 ms
crdfam.clamav.hdb                  1250 ms
doppelstern.ndb                    1250 ms
doppelstern-phishtank.ndb          1250 ms
rogue.hdb                          1250 ms
spam.ldb                           1250 ms
spamattach.hdb                     1250 ms
spamimg.hdb                        1250 ms
spearl.ndb                         1250 ms
winnow.attachments.hdb             1250 ms
winnow_bad_cw.hdb                  1250 ms
winnow.complex.patterns.ldb        1235 ms
doppelstern.hdb                    1234 ms
foxhole_js.cdb                     1234 ms
winnow_extended_malware_links.ndb  1234 ms

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity



--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list