Over the last few weeks I’ve seen the load of our external mail gateways rise
steadily. Our MailScanner installation uses two virus scanners to detect
malware: Clam AV and a commercial product. The CPU utilization of
the machines was going through the roof. This morning I activated
Mail::ClamAV, tweaked two settings in MailScanner.conf and the results
are impressive. This graph shows the CPU utilization for one of the boxes:
Within a few minutes, the machine’s load average
immediately dropped to the ground and the CPU utilization has gone back to
normal. The reason is obvious: instead of MailScanner forking a new
clamscan process for each message, it now loads the signatures once and
performs the scan from within the Perl module.