simon at simonandkate.net
Mon Mar 22 04:41:14 CET 2021
----- Message from Patrick Ben Koetter <p at sys4.de> ---------
Date: Sun, 21 Mar 2021 21:15:50 +0100
From: Patrick Ben Koetter <p at sys4.de>
Subject: Re: Ramdisk question
To: amavis-users at amavis.org
> * Simon Wilson <simon at simonandkate.net>:
>> I've configured a 2GB ramdisk and mounted it at /var/spool/amavisd/tmp,
>> owned by amavis user. Amavis is using this, I see folders appearing as
>> amavisd runs. With a maximum email size of 25M, I'm assuming this is big
>> enough, but is there a definitive measure? And will amavisd use it for
>> unpacking called scans - e.g. clam?
> there is no definite measure. In general the formula would be
> max. message size x max. concurrent amavis processes = max.
> required space
Max processes = 3; max email size = 25M; 3x25 = 75MB
> but there are a few unknown factors to tell if that is sufficient, because
> - attachments are usually base64 encoded. When they become base64-decoded and
> written as files to disk, their size *decreases* about by 1/3rd.
> - when extracted, file sizes in archives *increase*. How much depends on the
> file type and the packers efficiency that packed file in the first.
> - if you have $preserve_evidence enabled amavis will not remove a message and
> all of its parts after a failed scan attempt to allow for inspection. The
> files will remain there until you remove them manually.
> Personally I think you are best off, if you double the RAM disk the size of
> the formula I mentioned in the first. Enable $preserve_evidence for debugging
> purposes only and monitor the RAM discs size and create an alarm if size
> shrinks too much.
Thanks, will keep an eye on this.
> As for you question regardings "unpacking called scans": Amavis will unpack a
> message into a subdirectory of /var/spool/amavisd/tmp. It will create a
> separate file for each (MIME) message part contained in the mail message.
> Additionally – and only if you've configured amavis to put a copy of
> the whole
> message into the subdirectory using @keep_decoded_original_maps – it
> will also
> put the complete message in there. Only after it has prepared the message for
> inspection it will call other scanners, such as clamd, to inspect the message
> and its parts.
@keep_decoded_original_maps = (new_RE(
qr'^MAIL$', # let virus scanner see full original message
qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable
# qr'^Zip archive data', # don't trust Archive::Zip
More clamd than amavis - if /var/spool/amavisd/tmp is mounted to a
ramdisk and amavisd unpacks there, does clam scan from there also, or
copy to its own location to scan?
Surely does. Thank you.
> p at rick
----- End message from Patrick Ben Koetter <p at sys4.de> -----
M: 0400 12 11 16
More information about the amavis-users