Why is Web access slow when the ProxyAV scans an rpm file?

Solutions ID:    KB4394
Version:    1.0
Status:    Published
Published date:    04/21/2011

Problem Description

All web access through the ProxySG will be slow when a client downloads  "firefox-3.6.13-2.el5.centos.i386.rpm".

"firefox-3.6.13-2.el5.centos.i386.rpm" is a compressed package which contain more than 10000 files. When the ProxyAV appliance decompresses the rpm file and performs a virus scan it is under heavy load, which causes a slowness in the ProxyAV response. 

The performance resumes to normal when the scan is completed.


To prevent this slowness, you have a few options:

Option 1: Create policy to instruct the ProxySG to not scan rpm files as follows:

define condition FileExtension1
end condition FileExtension1

    condition=FileExtension1 request.icap_service(no)


Option2 : Reduce ProxyAV setting "Maximum archive layers" value from 16 to lower number.  e.g. "1"
"firefox-3.6.13-2.el5.centos.i386.rpm"  has 3 layers of archived files and by making this change you can reduce the depth of archives that the AV engine scan within a file.

For example, if the "Maximum archive layers" value is 3, the AV engine scans files that are part of a three-embedded zipped file (zipped files in a zipped file in a zip file).

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question