[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Re: Virus Scanner
From: Rick Murphy <rick () tis ! com>
Date: 1997-07-29 9:52:58
[Download RAW message or body]
>Basil Mccrea Wrote:
>It works and is fine for email or maybe even command
>line base ftp but in a browser environment we have problems. What happens
>is; the users clicks on his link and gets an hour glass and then nothing more
>happens until the scanner is completely finished scanning, which with larger
>files can take some time and most users disconnect
Think about it - when you start a download of a potentially infected file, it's
diverted to the CVP server for vetting. Until the file is completely downloaded,
nothing is sent to the requester because you've got to have the whole file
in order to complete the virus scanning. The behavior you're seeing is the way
CVP is designed to work. (The only alternative would be to start feeding the
file unscanned to the browser, which would then start to show progress - but then
how do you notify them that they've just downloaded a virus??)
In response, Jerry Huyghe wrote:
>This problem can be fixed in 2 ways: 1)a more powerful CVP server (the
>anti-virus CVP machine should always be independent from the firewall
>machine, and should have at least 64 MB RAM and Pentium 200+ processor for
>good performance. In this setup, the user sees NO noticeable difference.
Sorry, the speed of the CVP processor doesn't help the initial delay.
Download a 10Mb file through your CVP-aware firewall with scanning disabled and
you get immediate feedback from the browser that says the transfer is in progress.
Download the same file when it's being scanned and you get no progress indication
until the file is completely downloaded to the firewall and scanned, then you get
a rapid download. The speed of the CVP scanner has some impact on the total time,
but the initial delay is entirely caused by the network delays in getting the
file.
-Rick
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic