Hi all, I just put in production a server to filter all imcoming e-mail using SA. I use postfix, and everything works smooth except that some messages take an extremely long time to scan (over 8 minutes). So far, I'm pretty much convinced these are only malformed messages, but I don't have conclusive evidence. I run som tests in the server and another similar box with identical results.
These messages are of varying size, in the 50-80 Kb. range, and all seem to have been previoulsly scanned (and cleaned) with RAV antivirus. All had attachments. One had a JPEG image, and there seems to be a removed MIDI attachment. When I run a similar sized message by SA, it was scanned in less than 2 seconds. I run another message with 6 Mb. in attachments and it was scanned almost as fast. When I checked the internal structure of these strange messages, I found large sections of it blank (RAV?). On closer inspection, I realized there were all these blank lines. These messages are about 60.000+ lines long (as reported by wc -l). But the 6 Mb file had about the same number of lines. During the scanning of these large messages, CPU load goes to 100% steady, and as more of these messages start piling on the queue, memory gets exhausted, and paging becomes an issue. The entire mail systems stops relaying messages to the main mail server once there are 10 of these messages being scanned (I presume because spamd won't spawn any more child processes). System load grows in excess of 14. And the mail queue grows until I go and manually remove the offending messages from the queue. I've looked around the net, but nothing comes up on google or some FAQ's I'v beet through. Has anyone experienced this behaveiour? I'm completely puzzled byt this, and have received several of these messages in the last few days. If you want a copy of these messages, write me and I'll send you a copy privately, so as not to overload the list. Thanks, -- Javier Gostling Ingeniero de Sistemas Virtualia S.A. [EMAIL PROTECTED] Fono: +56 (2) 202-6264 x 130 Fax: +56 (2) 342-8763 Av. Kennedy 5757, of 1502 Las Condes Santiago Chile
msg09681/pgp00000.pgp
Description: PGP signature
