Ramdisk question

Simon Wilson simon at simonandkate.net
Mon Mar 22 04:41:14 CET 2021 

----- Message from Patrick Ben Koetter <p at sys4.de> ---------
    Date: Sun, 21 Mar 2021 21:15:50 +0100
    From: Patrick Ben Koetter <p at sys4.de>
Subject: Re: Ramdisk question
      To: amavis-users at amavis.org


> Simon,
>
> * Simon Wilson <simon at simonandkate.net>:
>> I've configured a 2GB ramdisk and mounted it at /var/spool/amavisd/tmp,
>> owned by amavis user. Amavis is using this, I see folders appearing as
>> amavisd runs. With a maximum email size of 25M, I'm assuming this is big
>> enough, but is there a definitive measure? And will amavisd use it for
>> unpacking called scans - e.g. clam?
>
> there is no definite measure. In general the formula would be
>
>     max. message size x max. concurrent amavis processes = max.  
> required space
>

Max processes = 3; max email size = 25M; 3x25 = 75MB

> but there are a few unknown factors to tell if that is sufficient, because
>
> - attachments are usually base64 encoded. When they become base64-decoded and
>   written as files to disk, their size *decreases* about by 1/3rd.
> - when extracted, file sizes in archives *increase*. How much depends on the
>   file type and the packers efficiency that packed file in the first.
> - if you have $preserve_evidence enabled amavis will not remove a message and
>   all of its parts after a failed scan attempt to allow for inspection. The
>   files will remain there until you remove them manually.
>
> Personally I think you are best off, if you double the RAM disk the size of
> the formula I mentioned in the first. Enable $preserve_evidence for debugging
> purposes only and monitor the RAM discs size and create an alarm if size
> shrinks too much.

Thanks, will keep an eye on this.

>
> As for you question regardings "unpacking called scans": Amavis will unpack a
> message into a subdirectory of /var/spool/amavisd/tmp. It will create a
> separate file for each (MIME) message part contained in the mail message.
> Additionally – and only if you've configured amavis to put a copy of  
> the whole
> message into the subdirectory using @keep_decoded_original_maps – it  
> will also
> put the complete message in there. Only after it has prepared the message for
> inspection it will call other scanners, such as clamd, to inspect the message
> and its parts.

*from amavis.conf:

@keep_decoded_original_maps = (new_RE(
   qr'^MAIL$',                # let virus scanner see full original message
   qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable
   qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));

More clamd than amavis - if /var/spool/amavisd/tmp is mounted to a  
ramdisk and amavisd unpacks there, does clam scan from there also, or  
copy to its own location to scan?

>
> HTH,

Surely does. Thank you.

>
> p at rick


----- End message from Patrick Ben Koetter <p at sys4.de> -----



-- 
Simon Wilson
M: 0400 12 11 16

More information about the amavis-users mailing list