Over the last few weeks I’ve seen the load of our external mail gateways rise steadily. Our MailScanner installation uses two virus scanners to detect malware: Clam AV and a commercial product. The CPU utilization of the machines was going through the roof. This morning I activated Mail::ClamAV, tweaked two settings in MailScanner.conf and the results are impressive. This graph shows the CPU utilization for one of the boxes: Within a few minutes, the machine’s load average immediately dropped to the ground and the CPU utilization has gone back to normal. The reason is obvious: instead of MailScanner forking a new clamscan process for each message, it now loads the signatures once and performs the scan from within the Perl module.