Anti-spam / Outbreak scan size

Hi everybody,
I'm looking for advice to determine the maximum message size for Anti-spam and Outbreak scan.
I am currently using a scan size of 1M for Anti-spam and I will add Outbreak filter (more and more spam exceed my spam limit).
My equipment is an ESA C370 with AsyncOS 8.0.1.
I found in the documentation the following lines :
Always scan messages smaller than—The recommended value is 512 Kb or less [...] Cisco advises not to exceed 3 MB for the always scan message size.
Never scan messages larger than—The recommended value is 1024 Kb or less. [...] Cisco advises not to exceed 10 MB for the never scan message size.
For messages larger than the always scan size or smaller than the never scan size, a limited and faster scan is performed.
I didn't find any sentence about recommanded scan size for Outbreak...
Thank you for your help.
Best regards

This is a little older information - but, still would hold true --->
Currently, on the E-mail Security Appliance, the maximum scan size for IPAS is limited to 128K by default (the original default was 256K so many older appliance might have this set as the limit).  Messages larger than this limit are not scanned by IPAS.  Recently, Cisco IronPort did some extensive performance and efficacy testing on an average message load to determine the impact of increase scanning size on the E-mail Security Appliance.
The tests show that when raising the maximum scan size for IPAS the increase in efficacy is significant: a 256K maximum scan size yields a 24% decrease in missed spam, and a 512K maximum scan size yields a decrease of 35% in missed spam.  However, there is a potential performance impact of 24% when going from a maximum scan size of 128K to 512K (depending on the type of hardware platform).  The impact of going from a maximum scan size of 128K to 256K is 12%.  See summary below:
             128K -> 256K scan size limit:
                     12% possible performance reduction, 24% reduction in missed spam
             128K -> 512K scan size limit:
                     24% possible performance reduction, 35% reduction in missed spam
Below table show the performance results of a medium mailbox with a 50:50 ratio of spam and ham. MPS is messages per second.
128K (Baseline)
MPS
256K/
MPS
% diff with baseline
512K/ MPS
% diff with baseline
768K/ MPS
% diff with baseline
1M/ MPS
% diff with baseline
C100
3.45
3.1
10.14%
2.93
15.07%
2.82
18.26%
2.75
20.29%
C150
5.25
4.72
10.10%
4.4
16.19%
4.4
16.19%
4.27
18.67%
C160
12.5
11.1
11.20%
10.4
16.80%
9.99
20.08%
9.79
21.68%
C300
4.42
4.08
7.69%
3.87
12.44%
3.74
15.38%
3.67
16.97%
C350
11.8
10.5
11.02%
9.94
15.76%
9.55
19.07%
9.39
20.42%
C360
30
27
10.00%
25
16.67%
24
20.00%
24
20.00%
C370
29
26
10.34%
23
20.69%
22
24.14%
22
24.14%
C600
8.8
7.86
10.68%
7.46
15.23%
7.17
18.52%
7.06
19.77%
C650
25
22
12.00%
20
20.00%
19
24.00%
19
24.00%
C660
43
38
11.63%
35
18.60%
33
23.26%
33
23.26%
X1000
11.3
10.1
10.62%
9.61
14.96%
9.27
17.96%
9.12
19.29%
X1050
45
40
11.11%
37
17.78%
35
22.22%
35
22.22%
X1060
51
45
11.76%
41
19.61%
40
21.57%
39
23.53%
X1070
59
52
11.86%
48
18.64%
46
22.03%
45
23.73%
Recommendation and Performance measure:
The Cisco IronPort Security Applications Group recommends that all customers review their current stability and performance (see below for some tips on how to measure this) to determine if they can safely raise the maximum scan size for messages sent to IPAS (IronPort Anti-Spam Engine).  It is also recommend that you take a phased approach to the increase.  If maximum scan size for IPAS on your E-mail Security Appliance is currently set to 128K (131072), then first raise the maximum scan size to 256K (262144) and re-evaluate your stability and performance.  If everything is stable then increase the scan size limit to 512K (524288).
Performance of an E-mail Security Appliance depends on the set of features enabled on the appliance such as anti-spam, anti-virus, message filters and content filters along with the load of the appliance based on the no. of msgs/sec scanned and maximum size of a message allowed.
The most effective way to monitor system capacity is to track overall volume, messages in the work queue and incidents of Resource Conservation Mode. The System Capacity page under Monitor > System Capacity provides a detailed representation of the system load, including messages in the work queue, average time spent in the work queue, incoming and outgoing messages (volume, size, and number), overall CPU usage, CPU usage by function, and memory page swapping information.
The System Capacity - system load report shows the overall CPU usage on your IronPort appliance. AsyncOS is optimized to use idle CPU resources to improve message throughput. High CPU usage may not indicate a system capacity problem. If the high CPU usage is coupled with consistent, high-volume memory page swapping, you may have a capacity problem.
This page also shows a graph that displays the amount of CPU used by different functions, including mail processing, spam and virus engines, reporting, and quarantines. The CPU-by-function graph is a good indicator of which areas of the product use the most resources on your system. If you need to optimize your appliance, this graph can help you determine which functions may need to be tuned or disabled. The memory page swapping graph shows how frequently the system must page to disk.
If stability and performance does drop below acceptable limits, you might try a smaller increase.  Any amount greater than the current setting will help efficacy and reduce missed spam.  For instance, if 512K proves to be too much of a burden on your E-mail Security Appliance you might try a value of 384K (393216).
Hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Similar Messages

  • Sophos AV max scanning size / timeout

    Hi,
    I haven't found any changeable settings for max. scanning size or scanning timeout on a S160 v7.1.3 with Sophos AV.
    In the GUI under "Security Services-->Anti-Maleware"  it shows  "Object Scanning Limits: Max. Object Size:  32 MB".
    I'm not able to change it. This parameter seems not to belong to the Sophos AV.
    I can change it only after enableing Webroot or McAfee first.
    The CLI has no commands for adjusting AV settings.
    How can I control the max. scanning size or scanning timeout with Sophos-AV?
    Has it fixed values for it?
    Does anyone have an idea, how it works?
    Kind regards,
    Manfred

    With administrator rights, the value should be editable.  The object size is applied to all scanners which have been licensed and enabled on the appliance.
    ~Tim

  • HP Office jet pro scanning size issue

    I have a HP Officejet Pro 8500
    When scanning to my computer to a .pdf it always results in an 8.5x14 document not an 8.5x11 document
    (and this happens regardless of whether I scan a book page with the scanning lid open or an 8.5x11 single page original with the scanning lid closed)
    Using the HP solution center Scan Settings - I cannot find any possible place to change the default settings to force it to scan to an 8.5x11 size
    I have looked at the Adobe help which tells me to find the place to change my scanning default settings (under File -> Create) but I do not have a Create option under my File menu in Adobe (I believe I just have the basic Adobe reader)
    And I cannot see how to change the properties of  .pdf in Adobe to change the size from 8.5x14 to 8.5x11
    I have no idea where else to look to figure out how to fix this
    Anyone have any other ideas?
    (and I am running an HP computer with Windows 8.1)
    Thanks.

    Hello there! Welcome to the forums @SKMgherkin ,
    I read about how you cannot scan in letter size and only in legal size from your Officejet 8500 model. I will certainly do my best to help you out!
    I would like to ask if you could post me back a screen shot of the scan size settings you are able to see in the Solution Center software.
    Also try running the Print and Scan Doctor tool to see if the tool will correct the settings in the software.
    Hope to hear from you!
    R a i n b o w 7000I work on behalf of HP
    Click the “Kudos Thumbs Up" at the bottom of this post to say
    “Thanks” for helping!
    Click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution!

  • HT203200 Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone el

    Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??

    Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??

  • Selection boxes in Barracuda Anti Spam and Virus Firewall do not appear in 7.0. They appeared in previous versions, and in IE.

    Selection boxes in Barracuda Anti Spam and Virus Firewall do not appear in 7.0. They appeared in previous versions, and in IE.

    FIXED!
    I reverted back to 3.6.23 and all works fine. From everything I can tell; number of problems submitted, breadth of issues, no access to versions 4, 5, 6 (rapid version turnover with no support), and now beta being released for 8, it seems FF is having the user base do all it's alpha/beta testing without consent. Being in product marketing myself, I probably would have lost a significant percentage of my customer base by now. When FF begins to support a new mainstream release, then I'll be interested again.

  • Nation members - share your feedback on IronPort Anti-Spam!

    IronPort Anti-Spam customers,
    On a monthly basis, we like to collect information on customer satisfaction levels with IronPort’s spam defenses. If possible, please click on the below link and fill out the brief, IronPort survey.
    Benefits include:
    • All respondents are entered into a raffle to receive $100 in cash
    • This survey shouldn’t take more than 1 minute to fill out.
    • The feedback you provide goes a long way in helping us understand customer needs and concerns.
    Please be sure to complete this brief survey by no later than Thursday, June 7th.
    Please DO NOT complete this survey if you are running Brightmail Anti-Spam.
    Thanks in advance!
    Dave Mayer, IronPort Anti-Spam Product Manager
    https://www.surveymonkey.com/s.aspx?sm=w7b1FUslBFlsAPcaSLPTlw%3d%3d

    Who is Dave Mayer? Is this a real invitation from IronPort?
    Hi Pat,
    Dave M. is a product manager here at IronPort, and yes, the survey is real.
    Thanks!
    Garrett (IronPort Technical Publications)

  • When entering the digits from an Anti Spam Image they are not accepted by the host web site why

    In e-bay when required to enter the digits from an anti spam image, ebay rejects the entered digets.
    This only occurs when using Firefox, Internet explorer works fine.
    Any body know why?

    hi john, you probably have to go trough your list of addons once (in the firefox ''menu ≡ > addons > extensions'') and disable them one by one to find out which in particular might be causing the problem.

  • Is there anti-spam software for Ipad2?

    I have anti-spam software on my laptop and desk top.  But, seemingly, there is no anti-spam software for my iPad and/or iPhone.
    Or is there?

    You don't need such software, thus none is available.

  • How to configure anti-spam in hub transport

    i have run the powershell commands to enable anti-spam on my hub transport. i do not have an edge transport.. are there any specific commands or configs i need to make other than enabling anti-spam? Im getting spam inside my organization from ip's that are
    blacklisted on the internet, so that leads me to believe anti-spam is not working..
    any assistance appreciated!

    The anti-spam features that are enabled on hub transports are very basic.:
    http://technet.microsoft.com/en-us/library/bb201691(v=exchg.141).aspx
    You should use 3rd party or a cloud provider for "real" anti-spam functionality.
    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

  • Can't set internal SMTP servers, breaking anti-spam

    Hi, in our on-premise Exchange there is a PowerShell setting,
    Set-TransportConfig -InternalSMTPServers , which is used to inform Forefront Protection for Exchange ("FPE") of any non-Exchange SMTP servers that might be handling messages before they arrive at Exchange. This setting is necessary to ensure
    that the anti-spam functionality of FPE can properly look back through the message header and determine which internet host actually delivered the message, and determine if that host is on a blacklist, or whatnot.
    In Exchange Online Protection, though, it seems that there is no argument under Set-TransportConfig to establish such settings. I *can* see the setting under Get-TransportConfig, but I can't set it.
    This is a problem for us because we route mail internally first via on-premise, non-Exchange mail gateways before the messages are routed to Exchange Online. Exchange online always believes that our internal mail gateways are the originating server, when
    in fact, it's one hop back. The result is that Exchange Online's anti-spam functionality is not working correctly.
    How can I address this issue? I can't really re-route my MX record directly to the cloud yet.

    Hi Jouni, thanks for your response.
    Turns out that the Citrix Access Gateway wasn't set up until yesterday evening and by then I had stopped trying for the day. It is now set up and external access is available.
    Further to this, my colleague forgot to inform me of the change of I.P. address of the Exchange server. This meant that Webmail requests were pointing to an I.P. address that didn't exist.
    I have reconfigured the firewall this morning and external access for Webmail is also working correctly.

  • Anti malware / anti spam / virus protection

    Greetings,
    With the introduce of Exchange Server 2013 along with its architecture, Microsoft has moved Transport services / roles to Mailbox Server Role. well, when it comes to anti malware / anti spam and viruses , Microsoft recommends deploying them on Mailbox Server
    role, while on CAS, not necessarily be deployed as long as messages are not inspected on CAS Servers.
    While some articles say the opposite, and mention configuration of Anti malware ,etc.. on CAS Servers.
    What is the best practice for deploying anti malware / spam / virus  Software on CAS, and what is the best recommended software for messaging and OS level protection, say Symantec for example.
    Thanking you
    Jamil

    Hi,
    Based on my knowledge, in Exchange 2013, the CAS server acts as a stateless proxy for all inbound and outbound external SMTP traffic, it does not inspect message content and does not queue any messages locally. Moreover, as you know, in Exchange 2013, 
    the Transport service, which runs on all Mailbox servers, is almost identical to the Hub Transport server role in previous versions of Exchange.
    Thus, anti-spam agents in Exchange 2013 run on Mailbox servers. And here is a reference about enabling Anti-Spam on Mailbox Servers:
    http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx
    Thanks,
    Angela Shi
    TechNet Community Support

  • Actually I have a problem is this when i submit my articles on Website the error is showin ANTI SPAM USER ID or 2nd one is this IMAGE CODE not showing Please please help me

    IMAGE CODE NOT SHOWING AND WHEN I POST ARTICLES ON WEBSITE SO THE ERROR WAS SHOWS ( ANTI SPAM USER ID ) EVEN I HAVE ALREADY LOGIN THAT WEBSITE ....
    KINDLY TELL ME ABOUT THIS PROBLEM
    == This happened ==
    Every time Firefox opened
    == Everytime when i visit websites

    Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
    See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
    See also [[Images or animations do not show]] and http://kb.mozillazine.org/Images_or_animations_do_not_load

  • Send connector - e-mails from two domains to distinct anti-spam IPs

    I have an Exchange enviroment that has two domains. I want that e-mails sent from a domain do the relay to an anti-spam, and e-mails sent from another domain do the relay to another anti-spam.
    Example:
    I need to config send connector to send the e-mails from "test1.com" to IP 10.160.190.66 and from "test2.com" to IP 10.160.190.69
    How do I do?
    I need this because each domain uses distincts anti-spam
    Tks.

    Hi,
    Before going on, I would like to confirm the following information.
    What's the version of the Exchange?
    Whether the two domains have their own Exchange or share one Exchange?
    Thanks
    Allen

  • Anti spam codes for website forms are not being accepted on my imac or iPad

    anti spam codes for website forms are not being accepted on my imac or iPad

    In Safari go to preferences click on privacy and on Block Cookies tick the never box

  • Anti-spam Forefront for exchange

    Hello,
    I am having an issue with the anti-spam. I have a 2010 exchange and forefront for exchange version 11.0.713.0. We have been just using filter lists to identify spam and then send them to a junk-mail box. I was looking through he Forefront settings and enabled
    the anti-spam and all I would get is a loading bar then eventually it will error out and close. I was able to disable it via command line but now my filter lists are not stopping the spam anymore. I just need one of the methods to work the users are getting
    a lot more spam since all this. Any help would be greatly appreciated.

     I was looking through he Forefront settings and enabled the anti-spam and all I would get is a loading bar then eventually it will error out and close.
    Hi,
    What's the error you encountered? Could you please upload a screenshot?
    Any changes that you make to the antispam settings with the user interface will not work unless antispam functionality is enabled successfully.
    Have you tried to use command line to enable spam filtering?
    http://technet.microsoft.com/en-us/library/dd639377.aspx
    Best Regards,
    Joyce
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

Maybe you are looking for

  • How can I save .mov file as another .mov file after trim from Pre9?

    I would have thought this would be simple.  Just like I can crop a still image in Photoshop and save it with a new name (or the same name), I expected to be able to trim or split an .mov file in Premiere Elements 9 and save the resulting file(s) unde

  • Bitmaps vs. Vector Shapes

    So I'm making a site(duh). And I have read multiple times that a vector shape has all the advantages. Their sizeable, and faster loading and just gerenerally better for web design. I have read that alot. Did I really read that? Are Vector Shapes real

  • Repair Permissions Error

    Greetings, I have had numerous problems since upgrading to Snow Leopard. I get this error when repairing permissions: "Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will

  • Multiple Movies on logic??

    hi there!! Can i use many movies on a same logic song?, when I open a second movie, I lost the first...thx!! Powermac G4 867 dual 1.5gb RAM   Mac OS X (10.4.7)   logic pro

  • TCS2 Trial Version Crash

    Has anyone seen this crash error message and quickly resolved the issue to continue using the Trial version? AppName: robohtml.exe AppVer: 8.0.0.203 ModName: msvcrt.dll ModVer: 7.0.2600.5512 Offset: 00037fd4 Charles