[OpenAFS] Question on virus-scanning

Paul Blackburn mpb@acm.org
Thu, 19 Jun 2003 21:37:39 +0100


Garance A Drosihn wrote:

> We are soon going to have students who will have laptops with
> openafs installed.  In previous years we had students connect
> to a unix machine running samba, and that machine gave them
> access to the AFS cell at RPI.  I'm the guy who keeps an eye
> on our samba server machine.
>
> One thing I noticed is that every once-in-awhile some student
> gets their laptop setup so their virus-checker program is
> scanning all of AFS space for viruses.  I can see these as a
> single SMB process which keeps chewing 20% of a CPU for hours
> and hours (for days, if I don't do something about it).
>
> Luckily this only happens on less than 1% of the laptops, but
> it can still be annoying.  Does anyone notice problems with
> this for WinXP machines which have OpenAFS installed on it?
> Any good way to minimize the impact, or at least rapidly
> notice what's happening on the file-server side?
>
Hello  Garance,

I can see that it is annoying to have cycle wasted on file and database 
servers.
To the client running such a virus-scan, the annoyance factor must be 
higher.
Such a client has to trawl gigabytes of data through their AFS client cache
which would degrade system performance and IO on their client machine.

This is one reason why I would avoid implementing "gateway" machines
such as NFS/AFS translators or SAMBA/AFS gateways because
they become a "bottle-neck".

I think that a strategy of configuring enough file/database server power
linked with a planned program of server upgrades would be able to
handle the odd "traverse the whole of  AFS" episode.

Remember, AFS flexibility on the server side enables you to
add more resources to your "forest" of AFS file and database servers
thus distributing the load and providing a scalable solution.

In the end, clients which attempt to sift through huge amounts of data
will suffer more than the servers.

I would speculate that if your network staff monitor volumes if data flow
then it could be feasible to identify such "trawl-all" clients.
-- 
cheers
paul                                   http://acm.org/~mpb