<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3132" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
}
o\:* {
BEHAVIOR: url(#default#VML)
}
w\:* {
BEHAVIOR: url(#default#VML)
}
.shape {
BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: Tahoma;
}
@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: black; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: black; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: black; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
PRE {
FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; COLOR: black; FONT-FAMILY: "Courier New"
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal
}
SPAN.EmailStyle19 {
COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue bgColor=white>
<DIV dir=ltr align=left><SPAN class=303250210-26062007><FONT face=Arial
color=#0000ff size=2>Another alternative is to try out ClamAV
0.91RC2.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=303250210-26062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=303250210-26062007><FONT face=Arial
color=#0000ff size=2>It's lightning-fast on startup.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=303250210-26062007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=303250210-26062007><FONT face=Arial
color=#0000ff size=2>Phil</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=303250210-26062007></SPAN><FONT
size=2>--<BR>Phil Randal<BR>Network Engineer<BR>Herefordshire
Council<BR>Hereford, UK </FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B>
mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] <B>On Behalf Of
</B>Alistair Carmichael<BR><B>Sent:</B> 26 June 2007 10:53<BR><B>To:</B>
MailScanner discussion<BR><B>Subject:</B> RE: Mailscanner message delays /
load issue<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi,<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks for all the fast responses,
a bit of further testing using clamscan at the command line on very small
files takes a very long time and we will look at changing either to clamd or
the clamavmodule. Is it possible to use the clamavmodule without installing
new packages other than the vendors distributions / new versions the reason I
ask is that we manage all software packages centrally with a strict policy on
what’s installed. I guess that I would need to modify the virus.scanners.conf
and create a wrapper as the path for clamavmodule is currently /bin/conf
whilst all others are paths to the av wrapper file or does the clamavmodule
when defined in the main config get called in a different
way.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks
again<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Al<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<DIV>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT
face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt; COLOR: windowtext">
<HR tabIndex=-1 align=center width="100%" SIZE=2>
</SPAN></FONT></DIV>
<P class=MsoNormal><B><FONT face=Tahoma color=black size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: windowtext; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT
face=Tahoma color=black size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: windowtext; FONT-FAMILY: Tahoma">
mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] <B><SPAN
style="FONT-WEIGHT: bold">On Behalf Of </SPAN></B>Julian Field<BR><B><SPAN
style="FONT-WEIGHT: bold">Sent:</SPAN></B> 26 June 2007 10:00<BR><B><SPAN
style="FONT-WEIGHT: bold">To:</SPAN></B> MailScanner discussion<BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: Mailscanner message delays /
load issue</SPAN></FONT><FONT color=black><SPAN
style="COLOR: windowtext"><o:p></o:p></SPAN></FONT></P></DIV>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt">My best advice would be to upgrade to 4.61.3 and use
the direct clamd support. If you don't want to upgrade then use clamavmodule.
Download my clam+SA package and install it, just tell it not to install ClamAV
when it asks you. This will install the support for clamavmodule.<BR><BR>The
current version of Clam is *very* slow at starting up, while it loads the
virus database.<BR><BR>Alistair Carmichael wrote:
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi,<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><U1:P> </U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Over the past few months we have
noticed a steady increase in the load on our 2 mail scanner servers and in the
last few days messages have been substantially delayed between being collected
from the inbound mailqueue to the outbound mailqueue. We are running
mailscanner version mailscanner-4.53.8-1 on centos running linux kernel
2.6.9-55 and using sendmail 8.13 as the MTA and clamav as the anti-virus
software and spamassassin as the anti spam
software.<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">We receive approximately 30,000
messages each day which are handled by a cluster of 2 servers via DNS round
robin, the load on both machines is steadily at about 5,5,5 with clamscan
processes constantly being at the top of the process list in terms of cpu
usage. We are also seeing log entries similar to this constantly appearing in
the maillog.<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">MailScanner[31171]: Commercial
scanner clamav timed out!<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">MailScanner[31171]: Virus
Scanning: Denial Of Service attack is in message
l5Q7bntD008994<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Both servers are high powered
machines only running the mailscanner software (xeon 2.8 cpu and 2gb ram in
each machine)<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Is there a reason that the load
would be so high as there’s not a huge quantity of email going through the
servers for what I would expect them to handle, or if there are any
configuration tuning that can be done in mailscanner to resolve this (we’ve
fine tuned the time out settings in sendmail to minimise message delays but
this hasn’t lowered the load or message delivery
time)<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><U1:P> </U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks for any
help<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN lang=EN-GB
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Al<U1:P></U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial color=black size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><U1:P> </U1:P></SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt"><BR>This email and any files transmitted with it are
confidential and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email in error please
notify the system manager. This message contains confidential information and
is intended only for the individual named. If you are not the named addressee
you should not disseminate, distribute or copy this
e-mail.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt"><BR><BR><o:p></o:p></SPAN></FONT></P><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Jules<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">-- <o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Julian Field MEng CITP<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><A href="http://www.MailScanner.info">www.MailScanner.info</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Buy the MailScanner book at <A href="http://www.MailScanner.info/store">www.MailScanner.info/store</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">MailScanner customisation, or any advanced system administration help?<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Contact me at <A href="mailto:Jules@Jules.FM">Jules@Jules.FM</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">For all your IT requirements visit <A href="http://www.transtec.co.uk">www.transtec.co.uk</A><o:p></o:p></SPAN></FONT></PRE>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt"><BR>This email and any files transmitted with it are
confidential and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email in error please
notify the system manager. This message contains confidential information and
is intended only for the individual named. If you are not the named addressee
you should not disseminate, distribute or copy this
e-mail.<o:p></o:p></SPAN></FONT></P></DIV><BR>This email and any files
transmitted with it are confidential and intended solely for the use of the
individual or entity to whom they are addressed. If you have received this
email in error please notify the system manager. This message contains
confidential information and is intended only for the individual named. If you
are not the named addressee you should not disseminate, distribute or copy
this e-mail. </BLOCKQUOTE></BODY></HTML>