RE: Webprotect clarification
- From: "Quillman Shawn (RBNA/CIT1.1)" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 8 Jan 2003 07:51:05 -0500
I've got WebProtect and it's been a great purchase. For one, it greatly
increased our access times. We had a WebManager server previously (on a
separate box) and migrating to WebProtect allowed us to lose that server.
In my opinion Trend's got one of the best scanners out there. I didn't
think you had to install it on the same partition as ISA, but I'm not
positive. And yes, IIS is required for administration of WebProtect. You
could probably hack in any web server and make it work, but IIS is at least
required since the WebProtect installer looks for it so it can create a
virtual directory.
There are two things that I've had do deal with technically and politically.
The biggest thing is that in order to conserve memory it creates temp files
for file downloads and sometimes these temp files don't get removed,
especially if the connection to the browser somehow gets lost (user hits
stop button most likely). It became a problem for me because the guys that
set up one of my servers originally only made a 4 GB system partition and
then proceeded to download things like Red Hat CD images (500+ MB). A few
of these large temp files laying around and the C: drive ran out of space
which ISA really doesn't like very much. WebProtect keeps these files
locked so I have to kill ISA, delete the files, the restart ISA.
The second thing was on the user end. WebProtect will buffer downloads so
that it can scan the entire file before sending it to the requesting client.
To keep the connection with the browser open WebProtect releases a few K at
a time back to the browser until it has the entire file and can scan it.
This gives the illusion on the browser end of only downloading at a few
K/sec. It then sends the remainder of the data so you see your download all
of a sudden come down at lan speed. You can tweak this in the configuration
under Scan Configuration | HTTP Scanning. The "Send X bytes of data for
every Y kilobytes received" option is where to set it. The higher that
ratio is, the slower the downloads _seem_.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: rajendra.prasad@xxxxxxxxxxxxx
[mailto:rajendra.prasad@xxxxxxxxxxxxx]
Sent: Wednesday, January 08, 2003 5:48 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Webprotect clarification
http://www.ISAserver.org
This is a multi-part message in MIME format.
Other related posts:
