On Tue, Mar 16, 2010 at 08:58:27PM +0100, Henrik Nordström wrote:
> mån 2010-03-15 klockan 18:47 +0200 skrev Henrik K:
>
> > If you don't want this limitation, you can use HAVP. It scans the file while
> > it's being transferred to client, while keeping small part of it buffered
> > (in case of virus, it is not transferred so client can't open incomplete
> > file). It's as close to transparent as you can get.
>
> That's also one of the three modes supported by c-icap clamav service.
Such comment can only be made when one doesn't understand what HAVP does. It
is NOT the same thing.
http://www.server-side.de/documentation.htm
While one can speculate about the usefulness of scanning huge files at HTTP
level, HAVP with mandatory locking does it much more efficiently.
C-icap will only call the scanner after a file is completely received,
resulting in additional wait and a load spike.
HAVP starts scanning the file immediately as it is received from the server
and gradually unlocked. When c-icap has just started scanning the file, HAVP
has already scanned most (if not all) of it and is sending final bytes to
client. If a virus had happened to be found, HAVP would have already stopped
the unnecessary download without wasting time on the whole file. This also
works on ZIP files as it first tries to download the header at end of the
file using Range request.
Received on Wed Mar 17 2010 - 03:24:48 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 17 2010 - 12:00:04 MDT