Unsolved
This post is more than 5 years old
1 Message
0
818
Does copy to/from Isilon cluster trigger open/close events
Hello,
We have Symantec ICAP Engines configured for our Isilon cluster and every time a file is opened from the cluster, user feels a delay. Which is expected as we have configured the AV settings to scan on open and close.
What we would like to know:
1. Does a file open event is triggered when a file copied out of the cluster? This can help us to understand if there is a delay in copy performance.
2. Similarly. Does a file close event is triggered when a file is copied to the cluster? This will help us decide is we have to continue keeping the scan on open option enabled, if we have completed a full offline manual scan of the cluster.
This is primarily focused on Isilon read performance.
sluetze
300 Posts
0
August 21st, 2017 05:00
Speaking of SMB2 (don’t know about NFS):
In each operation on the file you have an CREATE Handle (=open); ; CLOSE Handle
To answer your questions:
1) Yes (create, read many times, close handle)
2) yes (create handle, write many times, close handle)
from my understanding
scan on close enables you to detect “dangerous content” as it gets into the file.
Scan on open enables you to detect “dangerous content”, that is already in the file.
So imho if you have done a complete scan of your files, afterwards scan on close is enough to detect “new dangerous content”
But securityguys may have other paranoia levels.
Rgds
--sluetze