[OpenAFS] Windows client interaction with Sophos Antivir

Christof Hanke christof.hanke@rzg.mpg.de
Fri, 20 Jan 2012 07:18:20 +0100


ok. What do you think is the best way to proceed?
Me trying to attach a kernel-debugger (nerver done that).
or you trying to test Sophos ?

I guess the latter will be far more efficient.
I can check here if we can either give you a copy of the sophos (i doubt 
that) or access to a machine where it is installed. (more likely)

Christof




Am 20.01.2012 07:11, schrieb Jeffrey Altman:
> I have done no testing with Sophos but since the problem you are seeing
> is an interaction with an anti-malware service or filter driver the data
> you collected will be of no use in identifying the source of the delay.
>    A kernel debugger will need to be connected to an affected system in
> order to identify the manner in which Sophos attempts to protect the
> system from potential malware.
>
> Taking a wild guess based upon my work with other products, the problem
> is going to boil down to a mechanism whereby the sophos service uses an
> open handle that only has read attribute permission to attempt a memory
> mapping of the file.  This in turn causes the system process to issue
> paging requests against afs which cannot be satisfied because the sophos
> has no token.  Eventually sophos gives up and the memory map is torn
> down and msword is finally able to issue the request with its own
> credentials.
>
> But of course this is just a totally random guess.
>
> Jeffrey Altman
>
>
> On 1/20/2012 12:37 AM, Christof Hanke wrote:
>> Hi,
>>
>> we are seeing on Windows7 (32bit) large delays when
>> accessing a .docx file>  30MB with "on-access scan" turned  on.
>>
>> Client is 1.7.4.
>

-- 
The future is all around us, waiting in moments of transition to be born
in moments of revelation. No one knows the shape of that future or where
it will take us. We know only that it is always born in pain.
   -- G'Quan
Let's update the servers!
-----------------------------------------------------------------
Christof Hanke                 		e-mail hanke@rzg.mpg.de
RZG (Rechenzentrum Garching)		phone +49-89-3299-1041
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut für Plasmaphysik (IPP)