efa-project.org


https://forum.efa-project.org/

Virus Scan Time

https://forum.efa-project.org/viewtopic.php?t=3320

Page 1 of 1

Virus Scan Time

Posted: 16 Jan 2019 07:58
by nicola.piazzi
After a lot o work I find useful 3 antiviruses for linux :
1) Clamd that is included
2) Sophos that is free
3) Esets, that costs 100$ year

Each of these AV is useful to find viruses and have a good detection rate

Clamd uses the daemon to scan and libraies are not loaded for each scan so scanning of a file is cpu unexpensive

Sophos and Esets not so, they loads library each time and spend 7 secs (sophos) and 4 secs (esets)

To save cpu in My MailScanner.conf i put a line like this :
#Virus Scanning = yes
Virus Scanning = %rules-dir%/scan.messages.virus.rules
# Avoid virus scan from internal network save a lot of cpu
And this is the content :
From: 10. no
From: 192.168. no
FromOrTo: default yes

In this way i save scanning on my submitted mails going to uotside and i spent only in incoming

But I suppose that sophos and esets scan all incoming messages and not only messages that have attachments

Is possible to say MailScanner to scan only messages that have attachments ?

Re: Virus Scan Time

Posted: 16 Jan 2019 11:37
by henk
Hi Nicola,
scan only messages that have attachments ?
No idea, but to cut down scan time, the shortcut option is still the way to go, I think.
You need to define your trusted_networks https://spamassassin.apache.org/full/3. ... _Conf.html

(If trusted_networks is not set and internal_networks is, the value of internal_networks will be used for this parameter.
If trusted_networks is set and internal_networks is not, the value of trusted_networks will be used for this parameter.

If neither trusted_networks nor internal_networks is set, no addresses will be considered local; in other words, any relays past the machine where SpamAssassin is running will be considered external.

Every entry in internal_networks must appear in trusted_networks; in other words, internal_networks is always a subset of the trusted set.)

Code: Select all

trusted_networks 192.168/16           # all in 192.168.*.*
trusted_networks 10.0.0.0/8           # all in 10.*
127/8 and ::1 are always included in trusted_networks, regardless of your config

/etc/mail/spamassassin/local.cf

Code: Select all

ifplugin Mail::SpamAssassin::Plugin::Shortcircuit

# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
shortcircuit ALL_TRUSTED on
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
#  the opposite; blacklisted mails can also save CPU
shortcircuit USER_IN_BLACKLIST       on
shortcircuit BAYES_99                spam
shortcircuit BAYES_00                ham
Using priorities:https://svn.apache.org/repos/asf/spamas ... circuit.cf
priority SYMBOLIC_TEST_NAME n

Assign a specific priority to a test. All tests, except for DNS and Meta tests, are run in increasing priority value order (negative priority values are run before positive priority values). The default test priority is 0 (zero).

The values <-99999999999999> and <-99999999999998> have a special meaning internally, and should not be used.

Some additional shortcut options https://wiki.apache.org/spamassassin/Sh ... ingRuleset
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited