[Esa-l]Performance a problem?

Don G Barber barberg at marietta.edu
Mon May 21 07:57:43 PDT 2001


I implemented the scanner campus wide at Marietta College
(http://www.marietta.edu) the day the ILOVEYOU virus took off.  It was
simply a matter of necessity, I had been considering it for several weeks.

It is only 2500 users, nothing near your 30,000, but we are also running it on
a 5 year old Alphaserver 4100 thats also doing all ftp, sql, web page, and user
shell services, and isn't exactly sexy on the specs.

With 30,000 users, you should have plenty of money to beef up your servers;
I'm quite jealous (Notice our main server is 5 years old).

You can always put in some ulimit commands to limit memory usage too.  We
haven't needed to.

Regarding the social impact on campus, the users took some time getting used
to it, but once they learned those DEFANGED attachments protected them from
viruses, they were actually emailing us (the IT department) to thank us for
filtering them out.  In fact, I can only remember one complaint, and that was
because they couldn't double click on the little icon of Kyle from Southpark
anymore(IIRC, that was the happy99 virus). The response was definetly not what
I expected from the users.

On a somewhat related note, on larger scales, the SECURITY_NOTIFY_RECIPIENT
option becomes unmanageable because the user always ends up asking me who it
was from and what the attachment name was. When this happens for the 25th
time in one day, and its not even lunchtime yet, you quickly turn off
SECURITY_NOTIFY_RECIPIENT.  Would there be a way to add the sender and the
attachment name to the notify message?  Or has this already been added in
the past couple of versions, and I've simply been out of the loop?

Also, on larger scales, you'll probably want to modify "contact your system
administrator" message to "contact your help desk or system
administrator."  Perhaps even add an if statement so it will include a phone
number if it is an internal domain. 

-- 
Don Barber
barberg at marietta.edu
Marietta College Internet Systems Manager
finger barberg at marietta.edu for GnuPG key

On Mon, May 21, 2001 at 09:20:07AM -0500, Brian D. Hanna wrote:
> Russell Fulton <r.fulton at auckland.ac.nz> is curious if any large-volume
> users are having problems with the sanitizer. Anyone?
> 
> Thanks,
> 
> Brian
> 
> ----- Forwarded message from Russell Fulton <r.fulton at auckland.ac.nz> -----
> 

<snip>

> 
> HI Brian,
> 	 Thanks for taking the trouble to respond to my questions.  
> What I really would like to find is someone who is doing this on a 
> campus wide basis.  We are investigating it but are a bit nervous about 
> the overhead we have around 30,000 users on about 4 major servers.

<snip>



More information about the esd-l mailing list