[Building Sakai] Antivirus integration in Sakai
Tony Stevenson
tony at caret.cam.ac.uk
Wed Jan 12 00:36:00 PST 2011
On Wed, Jan 12, 2011 at 09:14:13AM +0100, Jose Rabal Sastre wrote:
> Hi All,
>
> We are evaluating the possibility of integrating ClamAV antivirus in
> Sakai. Initially, we are seeing that the time to upload a file is
> increased too much because the scan of a 6 MB file takes over a minute.
> The PC where we provisionally hosted the antivirus daemon is a 2.50Mhz
> dual core with 3 GB of RAM.
José, AV clients are notorious for not being threaded. In other words it's a one in, one out operation.
Also, streaming a file through an AV, during upload requires you to have a collection of machines to pass the AV off too. If you don't want to have a queue form on a prodcution platform.
have you considered uploading the file to a chroot type jail on the system, and scanning once on disk. This can be a background task, and will not affect the HTTP upload, as this is what you are suffering from, you have two choices:
1) Extend your HTTP tcp lifetime session timeout value (dangerousm in that you can easily invoke a DoS style attack by opening lots of sessions and waiting for the longer timeout to expire)
2) Move the AV scanning away from the HTTP upload, like I suggest earlier.
>
> Has anyone tried to integrate ClamAV in Sakai with an acceptable
> performance?
>
> Thanks.
>
> José Rabal Sastre
> University of Murcia
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
--
Cheers,
Tony
The sheep that fly over your head are soon to land.
---------------------------------------
Tony Stevenson
tony at pc-tony.com // pctony at apache.org
tony at caret.cam.ac.uk
http://blog.pc-tony.com
GPG - 1024D/51047D66
--------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 203 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20110112/d2c89a5c/attachment.bin
More information about the sakai-dev
mailing list