external agent (sophos anitivirus). anyway to throttle ram usage or number of threads? RSS


I just had a spam flood or something and so i noticed cpu time at 99% on the exchange server due to many copies of the antivirus scanner running each consuming 200mb of ram.

i turned it off for now

by chris low 2 years ago

Hello Crhis,

Are you using sav32cli.exe -- the command line version of Sophos anti-virus -- as the external agent?

If so, which command-line options do you use? (Btw. the full list can be found here http://downloads.sophos.com/readmes/readcli.txt)

by Daniel Novak (Vamsoft) 2 years ago

@Daniel Novak (Vamsoft): yes.

{EMAILFILESPEC} -mime -archive -all --stop-scan

the thing here is not that scanning a single email uses 200mb . its just that when i went into task manager, i saw like 10-20 instances each taking 200mb thus causing paging or high cpu consumption

by chris low 2 years ago
(in reply to this post)


@chris low: According to a thread on the Sophos community forum, the sav32cli is a bit different than other AVs. It reserves RAM for overhead to deal with infections - which would explain the high memory usage. However, I am unsure why you have 10 - 20 instances running at the same time. Perhaps something is locking/interfering (e.g. another anti-virus) with the .eml files. Have you excluded the configured "Temporary Email Files" folder - where the copies of the email files are saved - from virus scanning? Do you see any error message logged for the External Agent test in the ORF logs?

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed