Re: amavisd/SA load too high

7 Jun 2004 17:25:51 -0000 

Hello Anton,

Sunday, June 6, 2004, 9:19:14 AM, you wrote:

AK> SA/Amavisd load is getting too high cause all the rules that are in place
AK> and I was wondering if somebody could tell me if some of this rules might be
AK> a subset of rules contained somewhere else or in another file so that I
AK> could remove them.

AK> Here is a list of the rules I have:

AK> -rw-r--r--    1 root     root          31K May 31 19:24 70_sare_adult.cf
AK> -rw-r--r--    1 root     root         3.8K Apr 24 16:05 
70_sare_bayes_poison_nxm.cf
AK> -rw-r--r--    1 root     root          15K May 30 21:50 
70_sare_header_abuse.cf
AK> -rw-r--r--    1 root     root          87K May 31 11:58 70_sare_html.cf
AK> -rw-r--r--    1 root     root         9.7K May 25 14:36 70_sare_oem.cf
AK> -rw-r--r--    1 root     root          16K Jun  2 17:40 70_sare_random.cf
AK> -rw-r--r--    1 root     root          13K May 16 11:57 70_sare_ratware.cf
AK> -rw-r--r--    1 root     root         6.0K Jun  2 12:05 70_sare_spoof.cf
AK> -rw-r--r--    1 root     root          13K May 11 22:39 
72_sare_bml_post25x.cf
AK> -rw-r--r--    1 root     root         9.9K May  1 20:04 
99_sare_fraud_post25x.cf
AK> -rw-r--r--    1 root     root          14K Apr 28 12:22 antidrug.cf

AK> -rw-r--r--    1 root     root          68K Jun  1 09:50 bigevil.cf
AK> -rw-r--r--    1 root     root         228K Jun  2 00:54 blacklist-uri.cf
Neither of these two is a subset of the other, but they overlap
significantly.  bigevil.cf is more efficient (last I looked), so I'd
suggest dropping blacklist-uri.cf; this will probably gain you the
most, since these uri checks on hundreds of domains tend to be
expensive.

AK> -rw-r--r--    1 root     root         800K Jun  2 00:53 blacklist.cf
AK> -rw-r--r--    1 root     root          82K Jun  1 12:05 
bogus-virus-warnings.cf
AK> -rw-r--r--    1 root     root          24K Mar 15 18:22 chickenpox.cf
AK> -rw-r--r--    1 root     root          16K May  5 22:23 evilnumbers.cf
AK> -rw-r--r--    1 operator 11            56K Jun  5 14:28 mangled.cf

AK> -rw-r--r--    1 root     root         1.1K Apr  9 08:04 mr_wiggly.cf
Replace Mr Wiggly with the new 70_sare_specific.cf

AK> -rw-r--r--    1 root     root         4.8K May 25 11:03 random.cf
Older version of 70_sare_random.cf above.  Drop random.cf

AK> -rw-r--r--    1 root     root          18K Mar  3 09:02 triplets.txt
AK> -rw-r--r--    1 root     root          56K Apr  2 16:34 tripwire.cf
I believe triplets was an earlier version of tripwire, and since it's
named *.txt, it's probably not being used.

Bob Menschel

Reply via email to