[Building Sakai] Antivirus integration in Sakai

David Horwitz david.horwitz at uct.ac.za
Thu Jan 13 04:55:18 PST 2011 

  Hi Dave,

We're running the scan on upload (since December) and haven't seen an 
issue yet - its something we're monitoring as the term starts

D

On 01/13/2011 02:34 PM, Dave Ross wrote:
> Anyone else doing scan on write? Our filer is doing this on the sakai 
> content share and we haven't had any throughput issues.
>
> On Thu, Jan 13, 2011 at 4:29 AM, David Horwitz 
> <david.horwitz at uct.ac.za <mailto:david.horwitz at uct.ac.za>> wrote:
>
>     One of the issues with this model is a workflow like assignment
>     submission - once a file is accepted in an assignment submission it
>     can't be deleted - it has to be rejected in band with the
>     submission or
>     accepted and never removed.
>
>     D
>
>     On 01/13/2011 11:24 AM, Jose Rabal Sastre wrote:
>     >   Hi Tony, thanks for your answer.
>     >
>     > I think that move the AV scanning away from the HTTP upload is a
>     good
>     > possible solution. The file could be uploaded, scanned in a
>     background
>     > task, and deleted later if the scanning finds a virus. This
>     would open
>     > multiple Sakai possible variations like disabling the
>     downloading of the
>     > file while the process is running, show a "Scanning.." message,
>     > notifying user via email on possitive with the virus name, etc.
>     > Maybe a new JIRA improvement can be opened.
>     >
>     > José Rabal Sastre
>     > University of Murcia
>     >
>     > El 12/01/2011 9:36, Tony Stevenson escribió:
>     >
>     >> On Wed, Jan 12, 2011 at 09:14:13AM +0100, Jose Rabal Sastre wrote:
>     >>
>     >>>    Hi All,
>     >>>
>     >>> We are evaluating the possibility of integrating ClamAV
>     antivirus in
>     >>> Sakai. Initially, we are seeing that the time to upload a file is
>     >>> increased too much because the scan of a 6 MB file takes over
>     a minute.
>     >>> The PC where we provisionally hosted the antivirus daemon is a
>     2.50Mhz
>     >>> dual core with 3 GB of RAM.
>     >>>
>     >> José, AV clients are notorious for not being threaded.  In
>     other words it's a one in, one out operation.
>     >> Also, streaming a file through an AV, during upload requires
>     you to have a collection of machines to pass the AV off too.  If
>     you don't want to have a queue form on a prodcution platform.
>     >>
>     >> have you considered uploading the file to a chroot type jail on
>     the system, and scanning once on disk.  This can be a background
>     task, and will not affect the HTTP upload, as this is what you are
>     suffering from, you have two choices:
>     >>
>     >> 1) Extend your HTTP tcp lifetime session timeout value
>     (dangerousm in that you can easily invoke a DoS style attack by
>     opening lots of sessions and waiting for the longer timeout to expire)
>     >>
>     >> 2) Move the AV scanning away from the HTTP upload, like I
>     suggest earlier.
>     >>
>     >>
>     >>
>     >>
>     >>
>     >>> Has anyone tried to integrate ClamAV in Sakai with an acceptable
>     >>> performance?
>     >>>
>     >>> Thanks.
>     >>>
>     >>> José Rabal Sastre
>     >>> University of Murcia
>     >>>
>     >>> _______________________________________________
>     >>> sakai-dev mailing list
>     >>> sakai-dev at collab.sakaiproject.org
>     <mailto:sakai-dev at collab.sakaiproject.org>
>     >>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>     >>>
>     >>> TO UNSUBSCRIBE: send email to
>     sakai-dev-unsubscribe at collab.sakaiproject.org
>     <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
>     subject of "unsubscribe"
>     >>>
>     > _______________________________________________
>     > sakai-dev mailing list
>     > sakai-dev at collab.sakaiproject.org
>     <mailto:sakai-dev at collab.sakaiproject.org>
>     > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>     >
>     > TO UNSUBSCRIBE: send email to
>     sakai-dev-unsubscribe at collab.sakaiproject.org
>     <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
>     subject of "unsubscribe"
>     >
>     _______________________________________________
>     sakai-dev mailing list
>     sakai-dev at collab.sakaiproject.org
>     <mailto:sakai-dev at collab.sakaiproject.org>
>     http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
>     TO UNSUBSCRIBE: send email to
>     sakai-dev-unsubscribe at collab.sakaiproject.org
>     <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
>     subject of "unsubscribe"
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20110113/7e6320d5/attachment.html

More information about the sakai-dev mailing list