[Mimedefang] Truncated connections causing multiple resends onincoming mail

Kimmo Jaskari kimmo.jaskari at eget.fi
Fri May 4 11:26:10 EDT 2007 

On Fri, 2007-05-04 at 09:37 -0400, David F. Skoll wrote:
> Kimmo Jaskari wrote:
> 
> > Does this then mean that anything that isn't scanned and processed by
> > the server in about 2 minutes or less causes an error?
> 
> Not necessarily.  It depends on the client timeout, which is beyond
> your control.

Quite so. However, a scan time below 2 minutes definitely seems
advisable then to maximize the chances of having few disturbances. 

> Clamd has problems on Solaris, I believe.  And it also has a huge number
> of signatures now.  We find Clamd to be very CPU-intensive.

Yeah, I actually didn't do nearly enough testing of how it compares to
the old uvscan-centered solution, but after some quick tests now I
realize exactly why I'm having problems now. 

A file that uvscan handles in something like 8-10 seconds max takes
clamscan (ie non-deamonized) 90 seconds on this machine, and even using
clamdscan with an already loaded database we're looking at 80+. Yikes. 

The short-term fix at least for me is taking Clam out of the equation
and using uvscan. Already implemented and the difference is night and
day, the two 6MB files got scanned in a fraction of the time required.

> > Granted we're only talking
> > about a 440mhz UltraSPARC IIi here with half a gig of memory that I
> > probably should retire,
> 
> Wow!  For CAD $600, you can get an AMD64 box at a couple of Ghz with
> 1GB of RAM.  Time to upgrade!

Yeah, but so far these old boxes have performed admirably considering
how low-powered they really are. They also sip power compared to the
newer generations of machines, and produce negligible amounts of heat.
Getting rid of all that waste heat is becoming a bigger issue than
actually supplying the power these days. They've been sufficient for the
task since mail volume has been fairly low so there hasn't been a big
rush to get something beefier.

But yes, they are the oldest machines we have still in use, and it
definitely is time to move on. 

> > but even so - shouldn't that be able to handle
> > scanning a couple of measly 6MB attachments without choking?
> 
> Apparently not. :-(  Clamd is hungry...  You really don't want to run
> a production MIMEDefang setup on such an underpowered machine.

Yup, that is becoming increasingly clear. 

In other words the only problem I have at the moment is lack of CPU
power coupled with the fact that clamd seems require a lot of it. Then
again, clam does seem to catch stuff that uvscan let through.

/Kimmo

More information about the MIMEDefang mailing list