We currently use etrust antivirus 8.1 from Computer Associates. Using two HP DL 380's as virus scanners (redundancy and load balancing). The product works pretty good but does tend to have some odd issues.
1. Sometimes complaining that it cannot update the virus definitions. - This situation caused a denial of service to CIFS files on the filer a couple of times. (even with "vscan options mandatory_scan = off") - This DOS happened with version 7. - Have upgraded to version 8, the update issue just re-occurred yesterday. - Mitigation, we have a *NIX script that monitors the filer's syslog. If the script detects that one of the virus scanners has disconnected, the script issues a "vscan off" command to the filer. Usually a reboot of the scanner box that is having problems fixes this. I have found when this starts happening, I need to go look for a driver update on CA's site and get it installed. When the newer driver is installed, the problem goes away for several months.
2. Configuration options are limited. - cannot exclude files that are greater than $Size - Old version had problems scanning big files. 100 meg or so. PPT files were especially bad. - New version has similar issues. Have had to exclude .zip .tar .rar as well as .ppt from scanning. Run Norton corporate AV on the desktops which limits our exposure slightly. - Alerting is difficult to configure - product is very noisy by default.
3. Product also complains about being unable to scan files when it's trying to scan things like Microsoft Word droppings - those ~file.tmp files that office creates. The weird thing is that it only complains about this once in a while. When it dos complain, it complains a lot. The error message is also odd too something like "File Infected with <space character> detected".
Over all, the product works okay. If I have my say, I would prefer using something else. Our organization bought it because it was cheap. You get what you pay for.
PS. Current vscan options vscan options timeout: 10 sec vscan options abort_timeout: 10000 sec vscan options mandatory_scan off vscan options client_msgbox off
NOTICE - This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and co-operation.
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Neis, Mark Sent: Friday, July 11, 2008 9:42 AM To: toasters@mathworks.com Subject: CIFS virus scan
Hi guys,
We have been using the Symantec scan engine for NetApp for several years now, but we've met more and more problems as of late. As the next license upgrade will be due in a couple of months, that might be a good opportunity to replace it by a different brand altogether.
Hence my question to the list: Which antivirus product do you use and how satisfied are you with it?
Kind regards, Mark Neis