SUMMARY
How to fine tune the MTA agent when integrating with antivirus command line scanners.
DETAIL
MailEnable's antivirus plugin creates a
process for each attachment that is passed through the MTA. Hence, if a message
contains 3 attachments, the MTA will extract the attachments to the Scratch
folder and run the antivirus scanning process for each attachment.
Because a new process is created for each, the performance hit
is significant and the MTA should be tuned accordingly. The default
settings for the number of concurrent MTA transfer threads is 64. This setting can be modified in the MailEnable
Administration program in the following location;
Servers > localhost > MTA Properties > Maximum Threads
If this setting is
not available, it is recommended to upgrade to the current version of the product.
Having 64
threads configured in the MTA could result in 64 messages being scanned
for viruses at any one time. A percentage of these messages are likely to contain
at least one attachment, therefore there may be up to 10 instances of
the antivirus scanning software being run at any instant. This could cause the antivirus software to
fail and return an error code (which some antivirus scanners actually use to denote
whether a virus is present).
The value of the "Maximum Transfer Threads" setting should
vary depending on the capability of the server MailEnable is running on. If you
are running antivirus
and pickup events, it may be worthwhile to
reduce this setting to something that seems reasonable (suggestion: 10 transfer
threads).
Other than the Maximum Transfer Threads setting, there
are two other registry settings that are relevant with respect to Tuning
the Mail Transfer Agent. Use regedit to review or change these values. These
settings exist for each connector but they are most relevant for the SMTP
connector.
Root: HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail
Enable\Connectors\SMTP
Value Type: DWORD
Value Name: Poll
Interval
Default Value: 1
Purpose: Specifies the number of seconds that
the MTA should wait before it polls the directory to determine if more messages
should be processed.
Note: If this
value is increased to 3 (seconds), the MTA will only check the Inbound Message Queue
for new messages every 3 seconds. This will of course slow the processing down,
but this can be compensated for by increasing the maximum number of
transfer threads. This will potentially have the effect of reducing the amount of Disk
I/O while the Mail Transfer Agent Scans the directory. This becomes
particularly relevant there are a large number of messages in the queues.
Root:
HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Connectors\SMTP
Value
Type: DWORD
Value Name: Post Pickup Delay
Default Value: 1
Purpose: Specifies the number of milliseconds that the MTA waits after
a message processing thread has been created. It also therefore determines how
long the MTA must wait before the next message processing thread is
created. Increasing this value will significantly slow the MTA down and will
reduce the amount of CPU that it uses in general. Slowing down the MTA will
reduce contention for system resources, hence increasing
stability.
If the following antivirus timeout error occurs in the filtering log files;
AttachmentInfected::Error
- Command Line Scanner Process needed to be forcefully
terminated.
this error usually
indicates that there are antivirus command line processes timing out.
This may be caused by the timeout process registry setting being to
low. Or possibly by the MTA thread setting being too high.
Thread settings usually depend on what system hardware is being used
in the server. The higher the thread setting on the MTA, the higher
I/O usage the server will use, thus causing timeouts on
processes.
To resolve the issue, raise this timeout setting to
specify how long the process should wait for the antivirus command line
scanner before timing out. The registry setting found in this regkey
location:
HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters.
Select filters and in the right hand side preview pane locate the regkey "Process timeout". The process timeout value is calculated in milliseconds.
MORE INFORMATION
Global/Mailbox Filtering - Troubleshooter: http://www.mailenable.com/kb/content/article.asp?ID=ME020356
Antivirus Scratch directory contains orphaned files: http://www.mailenable.com/kb/content/article.asp?ID=ME020362
Testing MailEnable Anti-virus: http://www.mailenable.com/kb/content/article.asp?ID=ME020085
Which antivirus solution to use with MailEnable: http://www.mailenable.com/kb/content/article.asp?ID=ME020144
How to configure MailEnable Professional's antivirus plug-in: http://www.mailenable.com/kb/content/article.asp?ID=ME020199
How to debug the antivirus support and the Mail Transfer Agent: http://www.mailenable.com/kb/content/article.asp?ID=ME020121
How does antivirus filtering work and how to configure it: http://www.mailenable.com/kb/content/article.asp?ID=ME020056
Product: | MailEnable (Pro-Any Pro-1.X Ent-Any Ent-1.X) |
Category: | Configuration |
Article: | ME020147 |
Module: | MTA Filtering |
Keywords: | AV,MTA,Filtering,Antivirus,threads,Error,Command,Line,Scanner,Process,needed |
Class: | HOWTO: Product Instructions |
Created: | 20/06/2003 6:15:00 PM |
Revised: | Wednesday, May 4, 2016 |
Author: | MailEnable |
Publisher: | MailEnable |