On 1/30/06, Bill King <[EMAIL PROTECTED]> wrote: > Thanks! This is working. However I am thinking of trying to skip the scan > of large messages as I am not sure if it is worth the CPU ticks. Does > anyone have ideas about whether or not this is a good plan?
There are two schools of thought on this: 1. Your target for mail scanning should be restricted to blocking viral worms which are almost all sending relatively small attachments in order to spread quickly and efficiently. 2. Your target should be any incoming infected file. If you believe in (1) and that your desktop AV software will protect you from (2) then put in an attachment size restriction. The standard mimedefang-filter has an example of this in place for SpamAssassin scanning, restricted to 100K for the same reasons as (1) above. If you believe in (2) then you have to throw hardware at it. IMHO ClamAV isn't terribly efficient at scanning large files and appears to have particular issues with documents that it parses such as XML and MS Office filetypes. Throwing CPUs at it and increasing your timeout limits works ok though. You could also consider prioritising smaller messages if you have limited resources. -- des -- http://frommars.org/ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
