Theo Van Dinter wrote: > On Mon, Jun 06, 2005 at 09:41:05PM +0200, wolfgang wrote: > >>assuming the scan-size limit would be changed from default 250k to 1250k, how >>would that affect ressource consumption? > > > It's highly recommended that people do *NOT* increase the max scan size past > the default of 250k. Do so at your own risk. >
It will definitely bump up resource usage. That said, if you've got plenty of ram to spare, you should be able to raise your limit safely. Theo, correct me if I'm wrong, but I can't imagine that SA's memory resource usage penalty for large messages is worse than 16x message size, so make sure you've got at least 16mb * number of spamd children of ram to spare if you're going to add a meg. This does point out a direction that the SA devel team needs to start considering for future releases. Bandwidth is increasing, and SURBL is putting more pressure on spammers to use embedded images instead of web links, so spam message sizes are on the rise. Admittedly this example is unusual (but I did get a run of them), and the largest "common" spam I've seen is 80kb. However, keep in mind that 2 years ago that kind of size was unheard of. Still it would be particularly unfortunate for SA to get caught in a situation where a mass-outbreak of large spam hit and SA couldn't handle scanning it. If nothing else, it would be good to do the scan-size limits based on the text-section message size, as opposed to the raw message size with all attachments that most parts of SA will ignore (all except full rules). To do that you'd need to take measures to make sure the binary sections don't wind up using extra resources inside SA, but that shouldn't be hard and might be true currently.
