[OpenAFS] Windows client interaction with Sophos Antivir

Jeffrey Altman jaltman@your-file-system.com
Fri, 20 Jan 2012 01:11:27 -0500 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig5A829F80678078B9A73D0AED
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I have done no testing with Sophos but since the problem you are seeing
is an interaction with an anti-malware service or filter driver the data
you collected will be of no use in identifying the source of the delay.
  A kernel debugger will need to be connected to an affected system in
order to identify the manner in which Sophos attempts to protect the
system from potential malware.

Taking a wild guess based upon my work with other products, the problem
is going to boil down to a mechanism whereby the sophos service uses an
open handle that only has read attribute permission to attempt a memory
mapping of the file.  This in turn causes the system process to issue
paging requests against afs which cannot be satisfied because the sophos
has no token.  Eventually sophos gives up and the memory map is torn
down and msword is finally able to issue the request with its own
credentials.

But of course this is just a totally random guess.

Jeffrey Altman


On 1/20/2012 12:37 AM, Christof Hanke wrote:
> Hi,
>=20
> we are seeing on Windows7 (32bit) large delays when
> accessing a .docx file > 30MB with "on-access scan" turned  on.
>=20
> Client is 1.7.4.


--------------enig5A829F80678078B9A73D0AED
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJPGQWQAAoJENxm1CNJffh4ze4H/0zycB8/mHnUZfcT8jCyQz8g
4o2s4WrCYHUkoDoeWyodDGWI0LXnD6aqELvK1dU5qih8Gs7e571eo54UvhVE0qqe
d7Ywth7pv9DI0f2DTzOuGI3Iwn3bo8mTtUT7Ipmon9TOa3h9wedpNSL4t9qWjZJO
9DovFIUcphMHv5rSUFqSed/pHMTIwYYj+H2eVHGIaHJX/ryEJBi1wDTShExzYY41
Q7Fm/KJi3QSlF85ybNtXoj73KmFhCZzJ4zhs+h3QTPuH1Itz07PjZqLZmQxH8bhq
hRn1VAW1Os4g9ME/Yvaup42PYm3HaO7HNJ4/HOQl0oV3T9CBS5yKJbHy1mdP/e4=
=p6C4
-----END PGP SIGNATURE-----

--------------enig5A829F80678078B9A73D0AED--