HowTo Tune MailEnable's Antivirus Plug-in And The MTA


How to fine tune the MTA agent when integrating with antivirus command line scanners.


MailEnable's antivirus plugin creates a process for each attachment that is passed through the MTA. Hence, if a message contains 3 attachments, the MTA will extract the attachments to the Scratch folder and run the antivirus scanning process for each attachment.

Because a new process is created for each, the performance hit is significant and the MTA should be tuned accordingly. The default settings for the number of concurrent MTA transfer threads is 64. This setting can be modified in the MailEnable Administration program in the following location;

Servers > localhost > MTA Properties > Maximum Threads

If this setting is not available, it is recommended to upgrade to the current version of the product.

Having 64 threads configured in the MTA could result in 64 messages being scanned for viruses at any one time. A percentage of these messages are likely to contain at least one attachment, therefore there may be up to 10 instances of the antivirus scanning software being run at any instant. This could cause the antivirus software to fail and return an error code (which some antivirus scanners actually use to denote whether a virus is present).

The value of the "Maximum Transfer Threads" setting should vary depending on the capability of the server MailEnable is running on. If you are running antivirus  and pickup events, it may be worthwhile to reduce this setting to something that seems reasonable (suggestion: 10 transfer threads).

Other than the Maximum Transfer Threads setting, there are two other registry settings that are relevant with respect to Tuning the Mail Transfer Agent.  Use regedit to review or change these values. These settings exist for each connector but they are most relevant for the SMTP connector.

Root: HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Connectors\SMTP
Value Type: DWORD
Value Name: Poll Interval
Default Value: 1
Purpose: Specifies the number of seconds that the MTA should wait before it polls the directory to determine if more messages should be processed.

Note: If this value is increased to 3 (seconds), the MTA will only check the Inbound Message Queue for new messages every 3 seconds. This will of course slow the processing down, but this can be compensated for by increasing the maximum number of transfer threads. This will potentially have the effect of reducing the amount of Disk I/O while the Mail Transfer Agent Scans the directory. This becomes particularly relevant there are a large number of messages in the queues.

Root: HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Connectors\SMTP
Value Type: DWORD
Value Name: Post Pickup Delay
Default Value: 1
Purpose: Specifies the number of milliseconds that the MTA waits after a message processing thread has been created. It also therefore determines how long the MTA must wait before the next message processing thread is created. Increasing this value will significantly slow the MTA down and will reduce the amount of CPU that it uses in general. Slowing down the MTA will reduce contention for system resources, hence increasing stability.

If the following antivirus timeout error occurs in the filtering log files; 

AttachmentInfected::Error - Command Line Scanner Process needed to be forcefully terminated.

this error usually indicates that there are antivirus command line processes timing out. This may be caused by the timeout process registry setting being to low. Or possibly by the MTA thread setting being too high. Thread settings usually depend on what system hardware is being used in the server. The higher the thread setting on the MTA, the higher I/O usage the server will use, thus causing timeouts on processes.
To resolve the issue, raise this timeout setting to specify how long the process should wait for the antivirus command line scanner before timing out. The registry setting found in this regkey location: 

HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters.

Select filters and in the right hand side preview pane locate the regkey "Process timeout". The process timeout value is calculated in milliseconds.