external agent (sophos anitivirus). anyway to throttle ram usage or number of threads? - ORF Forums

external agent (sophos anitivirus). anyway to throttle ram usage or number of threads? RSS Back to forum

1

I just had a spam flood or something and so i noticed cpu time at 99% on the exchange server due to many copies of the antivirus scanner running each consuming 200mb of ram.

i turned it off for now

Reply
by chris low 7 years ago
2

Hello Crhis,

Are you using sav32cli.exe -- the command line version of Sophos anti-virus -- as the external agent?

If so, which command-line options do you use? (Btw. the full list can be found here http://downloads.sophos.com/readmes/readcli.txt)

Reply
by Daniel Novak (Vamsoft) 7 years ago
3

@Daniel Novak (Vamsoft): yes.

{EMAILFILESPEC} -mime -archive -all --stop-scan

the thing here is not that scanning a single email uses 200mb . its just that when i went into task manager, i saw like 10-20 instances each taking 200mb thus causing paging or high cpu consumption

Reply
by chris low 7 years ago
(in reply to this post)

4

@chris low: According to a thread on the Sophos community forum, the sav32cli is a bit different than other AVs. It reserves RAM for overhead to deal with infections - which would explain the high memory usage. However, I am unsure why you have 10 - 20 instances running at the same time. Perhaps something is locking/interfering (e.g. another anti-virus) with the .eml files. Have you excluded the configured "Temporary Email Files" folder - where the copies of the email files are saved - from virus scanning? Do you see any error message logged for the External Agent test in the ORF logs?

Reply
by Daniel Novak (Vamsoft) 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2