[Maia-users] process-quarantine.pl performance and extra rules
Ryan Delany
ryan at rynogear.com
Tue Aug 15 09:04:30 PDT 2006
Chris,
I use the following rulesets and they work very well. I specifically had
performance problems with the Blacklist rulesets you listed below.
TRUSTED_RULESETS="TRIPWIRE ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1
RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF
SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER SARE_HTML
SARE_SPECIFIC SARE_OBFU SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_HIGHRISK
SARE_UNSUB SARE_URI0 SARE_URI1 SARE_WHITELIST"
Regards,
Ryan
> David Morton wrote:
>> Chris Black wrote:
>>
>>> together it seems reasonable that perhaps sa->init takes MUCH longer
>>> when processing 3rd-party rulesets. Is this a reasonable conclusion?
>>
>> It takes much longer when processing some specific rulesets. Some of
>> the
>> rulesets are ridiculously huge. Don't use them :)
>>
>> We have published a list of recommended SARE rules several times to the
>> list...
>>
>> Shoot, I don't see it in the FAQ, but it should be...
>
> Please do add this to the FAQ.
>
> We've got a Maia 1.0.1 setup with two amavisd servers (Postfix content
> filter
> load balances between the two). I experimented last night by removing all
> RulesDuJour rules from one server, and on the other, I left the following
> rules:
> ANTIDRUG BLACKLIST BLACKLIST_URI
>
> av1.mx2.anu.net runs with no extra rules, av2.mx2.anu.net has the above
> RulesDuJour rules.
>
> Aug 15 17:53:31 av1.mx2.anu.net /usr/sbin/amavisd[24890]: (24890-05)
> TIMING
> [total 1327 ms]
> Aug 15 17:53:22 av2.mx2.anu.net /usr/sbin/amavisd[12576]: (12576-10)
> TIMING
> [total 39749 ms] ...
>
> You can see the difference these rules make to performance... The hardware
> is
> very similar on the two servers, in fact, av2.mx2 is slightly faster
> hardware.
>
> Has someone experimented and found a good combination of rules that
> provides
> both accuracy and reasonable performance?
>
> --
> Chris Wik
> ANU Internet Services
> W: http://www.anu.net/
> E: chris at anu.net
> T: +44 (0)117 9118820
> _______________________________________________
> Maia-users mailing list
> Maia-users at renaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>
More information about the Maia-users
mailing list