LinuxSA Mailing list archives

  From: Jim O <Jim@kendle.com.au>
  To  : David Lloyd <lloy0076@adam.com.au>
  Date: Wed, 29 Jan 2003 09:12:37 +1030

RE: Anti-virus & Anti-spam on sendmail

David,

I'm not complaining about Amavis as such, I accept that doing a proper job
of virus scanning email and attachments is a resource intensive job.  We
already run Amavis in daemon mode, but the McAfee scanner we run doesn't
have a daemon mode we can use.  At the end of the day, the Amavis + McAfee
solution we run is well worth it.  I can't tell you the number of times its
prevented virus infections both internally and with our clients.  

I guess the point I was making (and perhaps could have articulated a little
better) was that virus scanning does add some considerable overhead (as
you've explained).  We process 600+ messages a day on a P75 and sendmail
will periodically stop accepting connections due to high load average.
Hence my comment that performance was "borderline acceptable".  There is no
significant delay in email delivery most of the time, only when the server
gets hit with a couple of large emails at a time and the load average soars.


On the weekends, we process 100-200 messages a day and we have no problems
with load.  So if Matthew is evaluating Anti-Virus solutions, he may need to
take hardware requirements into account as well if he's running comparably
ancient equipment like we (and some others on this list) run.  My statements
weren't meant as a criticism of Amavis in any way (I think its a brilliant
product), more to make the original poster aware of my experiences on (very)
low end hardware in case that was relevant to his environment.

Jim.

PS: I've recently contributed patches to the logwatch project
(www.logwatch.org) which will report on the number of messages per day
scanned by Amavis and load average events in the sendmail logs, to assist
with monitoring these things.  These patches were included in version 4.3 of
logwatch released about a week ago.

-----Original Message-----
From: David Lloyd [mailto:lloy0076@adam.com.au]
Sent: Tuesday, 28 January 2003 22:37
To: Jim O'Halloran
Cc: mwestern@affairs.net.au; linuxsa@linuxsa.org.au
Subject: Re: Anti-virus & Anti-spam on sendmail



Jim et al,

> We use Amavis with McAfee on our mail server...  Amavis is a
> performance bottleneck, but that's mainly because its processing an
> average of 600 messages a day on a Pentium 75 with 32mb of RAM. 
> Performance is barely acceptable under load, but if you have
> respectable hardware it'd be fine.  

I'm not sure any solution could do much better than AmaVis. Conceptually
AmaVis:

1) unrolls all messages into a spooling directory
 - i.e extracts the message and all MIME parts

2) invokes a virus scanner on the parts

3) works out results

4) deals with the message appropriately

Now, AmaVis can be run in daemon mode and I suspect that a virus scanner
could be run in daemon mode which would avoid a lot of process creation
but the above step, especially (1) and (2) take a long time.

No matter what you run.

And you can't really expect AmaVis to put (1) into memory because the
"real viruses" (such as the love bug) generally bombard mail servers. So
you sort of have to plan for the worst.

*sigh*


DSL

(Bill should write a little virus checker into Windows that says "You
are running a GPL program - this will taint the Windows Kernel!")

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject