Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "Isilon Support Forum".
On VNX, you can control this behavior with the "viruschecker.conf" file on the VNX - by excluding the Microsoft-specific temp files with a regular expression that includes "~$*", the CAVA service skips those files. In the old days with Office 2007, you had an eight-character tmp file specifically for Word, Excel and Powerpoint, so you used "????????" (eight question marks) in the exclude list.
With McAfee, you should be able to emulate the same effect with the exclude list there. Can you give that a try and let us know if that helps?
As I understand it though is the OP has confirmed that when he excludes them (within OneFS), it resolves the issue; however, he would prefer not to exclude them. We know how to exclude but was wondering if there is any way not to? Or is this the recommendation to exclude them which is straight-forward within OneFS.
As I read it, I thought the OP was talking about ".tmp" files in general, as in "all temp files". MS Office files create their temp files with a specific pattern, starting with "~$", and ending with the normal extension (.docx, .xlsx, etc.). The MS temp files are removed when Office saves the finalized document out.
We ended up jsut excluding .tmp files in One FS after talking to Mcafee. The temp file created by word and Excel have a.tmp extensiion, not the normal .docx, .xlsx,etc.
So now we are using a policy of scan on open using an exclusion list and seting the max file size to scan to 2 TB. Mcafee stated that they typically see customers using scan on close and using the inclusion list supplied by EMC with a size limit of 50 mb or so. For whatever reason our AV team refuses to conform to what Mcafee states they typically see Isilon users doing.
What are others typically using? While this method appears to not be casuing performance issues on the Isilon in question (Only about 300 users and a couple TB of space being used) , wea re planning on moving 1000's of uers and mutlitiple TB of data to another Isilon we have. I'm concerned that if we continue to use scan on open we may end up facing serious performance issues.
Thanks for all the clarification! Do you have any performance metrics you can provide your AV team? Maybe if you can demonstrate how badly performance is affected today, you can demonstrate that as you add users, things will only get worse, and not better?
I'll have to see what kind of historical data I can get from InsightIQ. Unfortuantely, for me anyway, we curretnly do not have any apparent perfomrance issues. We've only had the scanning running for a little over a week and have heard no complaints from users. I emailed our AV team last week about reduicing the file size limit and there response was, we'd rather leave it at 2GB until we hear it becomes an issue. The problem with that is once that time comes I am going to be the one getting calls saying stuff is slow and have to figure out why, not the AV team. As I said, my main concern is the Isilon we plan on moving a much larger number of user's and data too. It's very possible that the current settings might be fine on the current Isilon due to the relatively low numbers of users and data.
The Isilon we plan on moving more data to is in a 10 GB network wheras the one we have been dealing with is only in a 1GB network, so that should help. We have a conference call with our AV team and some Isilon support staff tomorrow so helpfully they will be able to shed some light. Thanks for your replies. At this point I'm just kind of trying to get some kind of concensus on what others are doing. I know, as often times in our field, "it depends on the situation". The primary directoires that we are ging to be scanning is typical user and shared data.
christopher_ime
4 Operator
•
2K Posts
0
December 6th, 2013 15:00
Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "Isilon Support Forum".
Isilon Support Forum
umichklewis
3 Apprentice
•
1.2K Posts
0
December 9th, 2013 09:00
On VNX, you can control this behavior with the "viruschecker.conf" file on the VNX - by excluding the Microsoft-specific temp files with a regular expression that includes "~$*", the CAVA service skips those files. In the old days with Office 2007, you had an eight-character tmp file specifically for Word, Excel and Powerpoint, so you used "????????" (eight question marks) in the exclude list.
With McAfee, you should be able to emulate the same effect with the exclude list there. Can you give that a try and let us know if that helps?
Karl
christopher_ime
4 Operator
•
2K Posts
0
December 13th, 2013 14:00
Karl,
As I understand it though is the OP has confirmed that when he excludes them (within OneFS), it resolves the issue; however, he would prefer not to exclude them. We know how to exclude but was wondering if there is any way not to? Or is this the recommendation to exclude them which is straight-forward within OneFS.
umichklewis
3 Apprentice
•
1.2K Posts
0
December 15th, 2013 10:00
As I read it, I thought the OP was talking about ".tmp" files in general, as in "all temp files". MS Office files create their temp files with a specific pattern, starting with "~$", and ending with the normal extension (.docx, .xlsx, etc.). The MS temp files are removed when Office saves the finalized document out.
ryan_meyers
1 Rookie
•
17 Posts
0
December 16th, 2013 06:00
We ended up jsut excluding .tmp files in One FS after talking to Mcafee. The temp file created by word and Excel have a.tmp extensiion, not the normal .docx, .xlsx,etc.
So now we are using a policy of scan on open using an exclusion list and seting the max file size to scan to 2 TB. Mcafee stated that they typically see customers using scan on close and using the inclusion list supplied by EMC with a size limit of 50 mb or so. For whatever reason our AV team refuses to conform to what Mcafee states they typically see Isilon users doing.
What are others typically using? While this method appears to not be casuing performance issues on the Isilon in question (Only about 300 users and a couple TB of space being used) , wea re planning on moving 1000's of uers and mutlitiple TB of data to another Isilon we have. I'm concerned that if we continue to use scan on open we may end up facing serious performance issues.
umichklewis
3 Apprentice
•
1.2K Posts
0
December 16th, 2013 07:00
Thanks for all the clarification! Do you have any performance metrics you can provide your AV team? Maybe if you can demonstrate how badly performance is affected today, you can demonstrate that as you add users, things will only get worse, and not better?
ryan_meyers
1 Rookie
•
17 Posts
0
December 16th, 2013 08:00
I'll have to see what kind of historical data I can get from InsightIQ. Unfortuantely, for me anyway, we curretnly do not have any apparent perfomrance issues. We've only had the scanning running for a little over a week and have heard no complaints from users. I emailed our AV team last week about reduicing the file size limit and there response was, we'd rather leave it at 2GB until we hear it becomes an issue. The problem with that is once that time comes I am going to be the one getting calls saying stuff is slow and have to figure out why, not the AV team. As I said, my main concern is the Isilon we plan on moving a much larger number of user's and data too. It's very possible that the current settings might be fine on the current Isilon due to the relatively low numbers of users and data.
The Isilon we plan on moving more data to is in a 10 GB network wheras the one we have been dealing with is only in a 1GB network, so that should help. We have a conference call with our AV team and some Isilon support staff tomorrow so helpfully they will be able to shed some light. Thanks for your replies. At this point I'm just kind of trying to get some kind of concensus on what others are doing. I know, as often times in our field, "it depends on the situation". The primary directoires that we are ging to be scanning is typical user and shared data.
Rdamal
2 Intern
•
165 Posts
0
March 8th, 2014 19:00
Do you have an insight of what extensions does the inclusion list contain supplied by EMC and what is the size limit about ?