[OpenAFS] Windows client interaction with Sophos Antivir

Jeffrey Altman jaltman@your-file-system.com
Fri, 20 Jan 2012 01:11:27 -0500

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I have done no testing with Sophos but since the problem you are seeing
is an interaction with an anti-malware service or filter driver the data
you collected will be of no use in identifying the source of the delay.
  A kernel debugger will need to be connected to an affected system in
order to identify the manner in which Sophos attempts to protect the
system from potential malware.

Taking a wild guess based upon my work with other products, the problem
is going to boil down to a mechanism whereby the sophos service uses an
open handle that only has read attribute permission to attempt a memory
mapping of the file.  This in turn causes the system process to issue
paging requests against afs which cannot be satisfied because the sophos
has no token.  Eventually sophos gives up and the memory map is torn
down and msword is finally able to issue the request with its own

But of course this is just a totally random guess.

Jeffrey Altman

On 1/20/2012 12:37 AM, Christof Hanke wrote:
> Hi,
> we are seeing on Windows7 (32bit) large delays when
> accessing a .docx file > 30MB with "on-access scan" turned  on.
> Client is 1.7.4.

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)