[Mimedefang] Virus-scanning in calling sequence

James Borland castlepoint at gmail.com
Sat Oct 11 17:24:36 EDT 2008

In recent months, our three incoming smtp servers hit sustained high
load averages for several hours during the middle of weekday prime
time with little to no complaints from our customers about excessively
delayed mail. However, until I made a major change (see below)
Tuesday, for at least two weeks prior, the sustained high load
averages persisted round-the-clock with loud complaints about
excessively delayed incoming messages from our business customers.
Lowering MX_MAXIMUM to bring the load averages under sendmail's 12
cutoff seemed to make the problem worse.

We have sendmail call relaydelay first and then mimedefang, which
calls both uvscan, clamav/clamd. and SpamAssassin in addition to its
own checks. The culprit was uvscan, which I reluctantly disabled in
mimedefang.pl. Everything's fine now: the load averages dropped to
well under 1, mqueue size is very manageable, and message delay times
are measured in seconds or less.

But I'm not comfortable running the much less thorough clamd without
running uvscan, too. Just how "good" is clamd/clamav compared to
uvscan? Should I just leave things as they are? If not, then perhaps
it may be worth considering the following in general:

>From what I can tell, mimedefang calls the virus scanners very early
in the sequence at filter_begin. Wouldn't there be far less overhead,
due to arguably far fewer messages to be virus scanned, in calling any
virus scanners after everything else at filter_end?



More information about the MIMEDefang mailing list