Re: [Qmail-scanner-general]Clamd on remote server?

[Cody Baker]

I will agree with Jason, I doubt you'll really see that much improvement 
by moving clamd to another server.  Clamd is really a pretty efficient 
beast.  In addition to making sure that it's not spamassassin, I would 
suggest that you make sure you're actually running clamdscan, and not 
the single instance clamscan.  You can find this on the 9th line of 
qmail-scanner-queue.pl; it looks something like "--scanners "clamdscan"".

If it truly is are running clamd, then my believe is probably that 
running qmail-scanner-queue.pl is probably generating more processor 
traffic than actually scanning the messages.  We coped with this by 
creating sentry like machines which would scan the incoming mail, and 
relay it to our central mail server.  You could accomplish something 
similar by:

1. Taking that machine which you wanted to run clamd on (your 
virus_relay server), installing qmail, qmail-scanner, and clamd on it.

2. Then set "my_domain:my_main_mail_server.my_domain.com"  in the 
/var/qmail/control/smtproutes file of your virus_relay server.

3. On the vpopmail, main mail server, set the QMAILQUEUE variable to 
qmail-queue rather than qmail-scanner-queue.pl, for the IP address of 
your virusproxy server.

4. Give the new virus relay server an MX record of the same precedence 
as the main mail server.

The two will share the load of virus scanning.  The beauty of the this 
setup is that it's very scalable.  When you main mail server starts to 
get crushed under the weight again, add another virus relaying server, 
remove clamd and qmail-scanner from the main mail server, take away it's 
MX record, and life is golden.

Thank you,
Cody Baker
[EMAIL PROTECTED]
330.934.0659
http://www.wilkshire.net
Jason Haar wrote:
On Sat, Sep 25, 2004 at 08:45:33AM +1000, Michael Bellears wrote:
Load on one of our qmail,vpopmail,qmail+scanner,clamd server is
averaging ~7 - Is it possible to run clamd on remote server?
Is that where your problem lies?
I mean, what is taking most of the CPU? Is it actually clamd? You're not
running SpamAssassin are you? That is normally the largest loader in a
typical Qmail-Scanner environment.
If you are sure it is clamd, then yes - read the documentation for clamAV -
as support for reading files over TCP/IP is supported - so you could do what
you want. But you have to realise that means there is a fair amount of extra
I/O required on your currently overloaded system in order to send the file
over the network - so ensure the "clamd server" in on the same 100M/Gb
switch to minimize network latency effects/etc.


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general