Virus Scan Time

Questions and answers about how to do stuff
Post Reply
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

Virus Scan Time

Post by nicola.piazzi »

After a lot o work I find useful 3 antiviruses for linux :
1) Clamd that is included
2) Sophos that is free
3) Esets, that costs 100$ year

Each of these AV is useful to find viruses and have a good detection rate

Clamd uses the daemon to scan and libraies are not loaded for each scan so scanning of a file is cpu unexpensive

Sophos and Esets not so, they loads library each time and spend 7 secs (sophos) and 4 secs (esets)

To save cpu in My MailScanner.conf i put a line like this :
#Virus Scanning = yes
Virus Scanning = %rules-dir%/scan.messages.virus.rules
# Avoid virus scan from internal network save a lot of cpu
And this is the content :
From: 10. no
From: 192.168. no
FromOrTo: default yes

In this way i save scanning on my submitted mails going to uotside and i spent only in incoming

But I suppose that sophos and esets scan all incoming messages and not only messages that have attachments

Is possible to say MailScanner to scan only messages that have attachments ?
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Virus Scan Time

Post by henk »

Hi Nicola,
scan only messages that have attachments ?
No idea, but to cut down scan time, the shortcut option is still the way to go, I think.
You need to define your trusted_networks https://spamassassin.apache.org/full/3. ... _Conf.html

(If trusted_networks is not set and internal_networks is, the value of internal_networks will be used for this parameter.
If trusted_networks is set and internal_networks is not, the value of trusted_networks will be used for this parameter.

If neither trusted_networks nor internal_networks is set, no addresses will be considered local; in other words, any relays past the machine where SpamAssassin is running will be considered external.

Every entry in internal_networks must appear in trusted_networks; in other words, internal_networks is always a subset of the trusted set.)

Code: Select all

trusted_networks 192.168/16           # all in 192.168.*.*
trusted_networks 10.0.0.0/8           # all in 10.*
127/8 and ::1 are always included in trusted_networks, regardless of your config

/etc/mail/spamassassin/local.cf

Code: Select all

ifplugin Mail::SpamAssassin::Plugin::Shortcircuit

# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
shortcircuit ALL_TRUSTED on
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
#  the opposite; blacklisted mails can also save CPU
shortcircuit USER_IN_BLACKLIST       on
shortcircuit BAYES_99                spam
shortcircuit BAYES_00                ham
Using priorities:https://svn.apache.org/repos/asf/spamas ... circuit.cf
priority SYMBOLIC_TEST_NAME n

Assign a specific priority to a test. All tests, except for DNS and Meta tests, are run in increasing priority value order (negative priority values are run before positive priority values). The default test priority is 0 (zero).

The values <-99999999999999> and <-99999999999998> have a special meaning internally, and should not be used.

Some additional shortcut options https://wiki.apache.org/spamassassin/Sh ... ingRuleset
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Post Reply