ENSSP isn’t designed to scan databases, large files, or archive files. It’s intended for use in an on-access scanner (OAS) role, and not as an on-demand scanner (ODS).
When a workstation sends an open file request to a filer, it uses the Microsoft default CIFS or SMB protocol, with a timeout value that can be as short as 60 seconds. All scanning operations must conclude before the timeout value is reached; otherwise, the user might be denied access to the file.
There are three main performance considerations for an OAS solution. Don’t scan file types with a time-sensitive OAS solution, if any of the following is true for that file type:
- Scanned by another product
Local email databases (.ost, .pst, or .nsf), email servers or SQL Server databases (.mdb or .mdf), or large database files that an email or database scanning product must scan.
- Archive files
Archive (ZIP, RAR, or 7z) scanning requires the scan engine to expand the archive and all its contents before scanning can even begin.
- Overly large files
Files of excessive length aren’t good candidates for any OAS solution, and must be scanned using an ODS solution. This condition is even more evident in an ICAP-based OAS solution, where the entire file must be copied to the ENSSP scanner before scanning can even begin.
Scanning these types of items with an OAS solution increases the frequency of scan timeouts. If the filer is configured to deny access to unscanned files, users might be intermittently denied access to some files.
We recommend the following remediation for these file types:
- Scanned by another product
Defense in-depth is satisfied by using a specialized database scanner product to scan the database at the brick level during item creation or change.
- Archive files
- The end node OAS scanner scans the contents of the archive when the user expands the archive.
- A general ODS posture can be established on a separate node to periodically scan these types of files while they reside on the filer.
IMPORTANT: Don’t use the ENSSP scanner node to conduct the ODS.
- Overly large files
A general ODS posture can be established on a separate node to periodically scan these types of files while they reside on the filer.
IMPORTANT: Don’t use the ENSSP scanner node to conduct the ODS.