[OpenAFS] Question on virus-scanning

Rodney M Dyer rmdyer@uncc.edu
Thu, 19 Jun 2003 17:16:35 -0400 

At 03:27 PM 6/19/2003 -0400, you wrote:
>Set up a recursive loop early in the AFS tree that points
>to a dedicated honeypot AFS server and then talk to the
>owners of any laptops that communicate to this server on
>a regular basis?

This is funny.  Most sites use AFS for Unix file storage, while PC/Windows 
file storage was added later.  Because of this almost all Unix 
subdirectories have some form of recursion caused by poorly written unix 
software that uses symlinks pointing back to a parent directory.  This can 
send most PC applications that recurse subdirectories into spasms because 
they don't look for symlinks, they just see them as subdirectories.

We setup McAfee virus scanner on all our XP PC's.  We've used McAfee's 
filter to exclude many of our AFS directories from being scanned.  Managing 
user's laptops without acutally "owning" the user's OS is very 
problematic.  I would say there's no real solution here.

Good luck,

Rodney


>-derek
>
>Garance A Drosihn <drosih@rpi.edu> writes:
>
> > We are soon going to have students who will have laptops with
> > openafs installed.  In previous years we had students connect
> > to a unix machine running samba, and that machine gave them
> > access to the AFS cell at RPI.  I'm the guy who keeps an eye
> > on our samba server machine.
> >
> > One thing I noticed is that every once-in-awhile some student
> > gets their laptop setup so their virus-checker program is
> > scanning all of AFS space for viruses.  I can see these as a
> > single SMB process which keeps chewing 20% of a CPU for hours
> > and hours (for days, if I don't do something about it).
> >
> > Luckily this only happens on less than 1% of the laptops, but
> > it can still be annoying.  Does anyone notice problems with
> > this for WinXP machines which have OpenAFS installed on it?
> > Any good way to minimize the impact, or at least rapidly
> > notice what's happening on the file-server side?
> >
> > --
> > Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
> > Senior Systems Programmer           or  gad@freebsd.org
> > Rensselaer Polytechnic Institute    or  drosih@rpi.edu
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
>
>--
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info