I've got 2C30s + 1C300 on an ISP network and these are being used for both incoming and outgoing mails. Recently, we started having performances issues where the workqueue was paused several times daily(reason paused on antivirus,antispam,etc). This eventually causes the workqueue to backup like 10k-20k and the units don't process mails rapidly. I also noted some viruses(i.e: MyTob) being detected and was wondering whether IronPort/Sophos engine is not being able to scan the messages properly, thus resulting in this huge performance issue.
We also get lots of sophos timeouts daily. it's set to 120 seconds. RAM comes up to 60%, even if traffic is not that huge.
Very large messages or deeply nested messages can take slightly longer to scan. If the appliance receives a string of large/deeply nested messages, it can cause the workqueue to pause for a few minutes. For an ISP or an enterprise company with high mail volume, a backup of 10-20K messages would not be out of the question under these circumstances.
You can check out the mail logs to determine what size/type of messages is causing the unscannables/timeouts.
I would like to inform you that the logs above are outbound. Meaning, from subscribers going out to Internet. We don't have SBRS configured on the relaylist for subscribers because lots of subscribers have bad SBRS(as they are on ADSL) and they will be blocked.
We do have some loads on the boxes: Incoming: approx 270k per hour and 5-5.5 million/day on each box Outgoing: approx 18-20k per day
Also, what worries me is this part of the log: Warning: MID 233665168: scanning error (name=u'doc.scr', type=executable/exe): viewer bailed out
This is a scanning error which is perhaps causing the workqueue to pause on antivirus service.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...