There are no standard rules for how an anti-virus filter driver should be implemented. Nor is there any documentation from the anti-virus vendors regarding the assumptions that they make regarding the behavior of a file system. As a result any given version of an AV product on any given Windows operating system revision (including hot fixes) with any file system is a random role of the dice.
AV products are not free. Organizations pay significant sums of money
on
them. There are two recommendations I will make to any organization
that
intends to deploy an AFS infrastructure:
1. Make it a condition of any purchase that the AV vendor test their
products against OpenAFS on all platforms for which the product
is being licensed.
2. Purchase a support contract for OpenAFS to ensure that any
interoperability
issues with the AV product (or any other application) will be
promptly
resolved.
The only AV product that has not had a production issue with OpenAFS on
Windows in the last 18 months is Microsoft Security Essentials. There
is a reason
for that. Microsoft tests against OpenAFS and they have accepted our
design
recommendations.
Jeffrey Altman
On Thursday, November 22, 2012 4:51:42 PM, Ian Crowther wrote:
> Hi,
>
> I have heard that compatibility between OpenAFS and Windows Antivirus
> products isn't assured. I'm trying to compile a list of the best options.
>
> Has anybody got any suggestions for the list (below)? OS versions and
> Client versions would be nice to know too.
>
> Has anybody anecdotal evidence about AV to be avoided?
>
> Thanks,
>
> Ian
>
> - Kaspersky
> * 1.7.1400 release notes mention working around AV triggered
> deadlock
> - ESET
> *
> https://lists.openafs.org/pipermail/openafs-info/2009-August/031819.html
> had NOD32 working with (old) AFS client 1.5.60
> - Symantec
> *
> http://www.dartmouth.edu/comp/soft-comp/datastorage/afs/afs-windows.html
> states that recent versions work ("2010/04 and later")
> - McAfee
> *
> http://www.uni-tuebingen.de/en/faculties/faculty-of-science/departments/zentren/zentrum-fuer-bioinformatik-tuebingen/support/laptops/laptop-setup/windows-laptops.html
> seem to be using McAfee VirusScan Enterprise and recommending OpenAFS
> 1.6.x under Windows XP/2003.
> - Norton_AntiVirus
> *
> http://help.unc.edu/help/what-do-i-need-for-my-non-cci-laptop-computer/
> instructs
> their users to use the distributed OpenAFS (1.7.6) and Symantec
> Endpoint (11.0.6 MP1) under Vista.
> - Trend Micro AntiVirus
> * 1.7.0900 release notes mention working around AV triggered
> deadlock
> - Sophos
> * 1.7.1400 release notes mention working around AV triggered
> deadlock
>
signature.asc
Description: OpenPGP digital signature
