Kbase P88831: Windows: Application is very slow because of an anti virus
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
12/14/2004 |
|
Status: Unverified
FACT(s) (Environment):
Windows
SYMPTOM(s):
Application is very slow
Performance Problems
Poor performances
Doing a proshut or promon requires about 5s to start
Client connections are very slow and sometimes fails (timeout)
CAUSE:
An anti virus is active, stopping it makes suddenly everything go fast.
This case has been seen with ETrust Anti Virus.
FIX:
Configure your anti virus to not affect the performances of Progress. (see documentation of your anti-virus Vendor). Indeed, the installation of an anti-virus software on your machine protects it from viruses, but without further configuration it can have a serious impact on performance and other operations (like database management) that run on the server.
The following discusses the most common problems and gives you some configuration tips for anti-virus software. Norton Antivirus, Computer Associates InoculateIT (formerly Inoculan), McAfee VirusScan, ETrust and Sophos Anti-virus all have similar options, although they might be named differently:
By default, most anti-virus programs install with the option to scan all files, continuously, at medium level security. This means that all files will be scanned every time they are accessed, either by a read or a write action.
Scanning for viruses can considerably slow down any application, including Progress. Even opening a Word document on the server could take as long as 30 seconds. Depending on the security you require and the tasks the server is handling (other than Progress) you can change the following options:
-Scheduled vs. continuous:
If your security needs are low, you can turn off the continuous scan and schedule a full server scan every night when activity is low. You can do this either during the backup procedure (if your 3rd party backup allows integration with anti-virus software) or outside of the backup window (preferably before, so you can be sure your backup is virus free).
-Scanning incoming, outgoing or both:
This means that a file is scanned when it is written to the server (incoming) or read from the server (outgoing) or both. Since the files should be virus free once they are written to disk, there is no chance of infection once they reside on the disk. Therefore it is essentially overkill to re-scan a file every time it is read from the disk. Progress suggests you use "incoming only".
-Scanning all files, using include or exclude list:
By default, all files are scanned, including loads of files that run a very low risk of ever being infected (like temp files). Using include- or exclude lists you can select to scan all .EXE, .DOC, .XLS etc. files, or exclude all .TMP .p .r .w etc files or complete directories (such as \temp or \progress).
-Scanning Quick scan, full Scan, or Heuristic scan:
By default, most scans run a Full scan, scanning the file from beginning to end. Since viruses generally infect the beginning or the end of a file, you can use the Quick option to only scan these areas of a file. A Heuristic scan runs a full scan and additional tests to see if there are any stealth or morfing viruses hiding in a file.
-Small, medium or large definition file:
Often the virus definition file contains more than 15,000 different viruses, and comparing against this list can take some time. "In the wild", perhaps only a few hundred viruses are actually active, others having been eradicated or only discovered in test laboratories. The use of a smaller definitions list can increase performance.
Other options to keep in mind while deciding on your anti-virus strategies are:
-Auto Download and Distribution:
In order to keep your antivirus software up to date, you can configure your server to connect to the website of your anti-virus software maker and download the latest virus definition file automatically. This can be scheduled at night on a regular interval. However, during this process, most Windows NT-based machines try to get as many CPU cycles as possible. For servers that run a 24x7 database, it is recommended that you use a separate machine for AutoDownloading.
Autodistribution automatically updates the other servers in your network with the latest definition files. On Windows NT, this often means that .at the end of an update, the server automatically reboots (many times updates also include patches for the software).
Again, in a 24x7 environment or during the backup window, autodistribution is not recommended.
-Quarantine options:
Most anti-virus software has the option of putting a PC or server in quarantine when a virus is found on the machine. This means the PC cannot be accessed by other machines for a certain period of time. The default value is often set to 4 hours.
Although this option is a good way to protect against spreading a virus, imagine what happens if your database server is put into quarantine for 4 hours. The use of this option needs careful consideration.
-Action to take when virus is found:
In general, you have the following options:
- Alert someone with some kind of message (e-mail, SMS, printout, fax etc).
- Copy or move the infected file to a controlled directory.
- Try to repair the file and remove the virus.
- Delete the file.
If the infected file is part of your database, removing, curing or deleting the file can have a disastrous effect on your production environment. Since the only viruses found thus far in Progress have been phantom viruses (false alerts), the best option is to alert someone when a virus is found..