[unisog] New virus - not caught by central servers (fwd)

Frank Bulk bulkf at dordt.edu
Tue Jul 27 20:11:30 GMT 2004


Your point is well taken.  In our environment it only takes only up to
an hour to get caught up when mail processing gets stuck behind for
several hours.  In our GroupWise system it's GWIA, then Guinvere (our
antivirus solution), then GEE (our anti-spam solution), and then to the
domain and on to each of the post offices.  It's usally GEE that dies in
our case, so it's the last step.
 
That brings up an interesting point, and perhaps people could comment. 
For every hour of email processing down, how long does it take for your
queue to get processed once things are back up?  And what would you
guess your bottleneck to be, the spam gateway/virus gateway/messaging
system/bandwidth?  
 
Regards,
 
Frank

>>> Valdis.Kletnieks at vt.edu Tuesday, July 27, 2004 12:53:02 pm >>>
On Mon, 26 Jul 2004 19:04:56 CDT, Frank Bulk < bulkf at dordt.edu > said:
> Has anyone considered a policy such that if a virus alert is medium
or
> higher, to shut down email flow (or, at least let it queue up at the
> edge) until the virus definitions for the campus' email antivirus
> solution has been updated?

Some of us are doing a million messages a day under normal loads - if
we do a
stand-down for 8 or 12 hours, it will be several *days* before we get
the
backlog squared away (as we've found out the hard way when we've had a
several-hour outage). And quite often, restarting isn't trivial (after
one
outage, we got into an oscillation state - we'd come up, everybody with
queued
mail would pound us, we'd die, we'd come up.. lather rinse repeat).

Now consider that there's an alert every several days......



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20040727/a986de28/attachment.htm


More information about the unisog mailing list