Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3693 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AV for Mac and Matlab

BobWhite

We have a Mac OS X 10.6 workstation that we recently installed the AntiVirus on.  The WS is used to run numerical processing apps that are generated from Matlab.  The apps rely on parallel processing to improve performance.  When the apps start up they open a large number of files, many of them quite large.  With the AV installed the processing slows to a crawl, and almost to a stand still.  Is there some way to set AV so it doesn't scan a app or any files that app may open?

:18975


This thread was automatically locked due to age.
  • 0

    Hello BobWhite,

    you can define exclusions for files, folders and volumes but not for an app or a process (i.e. all files opened by a certain app/process). Usually the files are not scattered all over the file system so excluding one or two folders and their subfolders should suffice. If performance is still not satisfactory I'd consider turning off on-access scanning during number crunching. As you can control on-access scanning with AppleScript you could automate disabling/enabling it.

    Scanning always incurs a performance loss and turning off scanning (even partially) always incurs some additional risk. I know, ideally there should be a Scanner's demon which would only scan when and where a threat is present - but this would probably violate some fundamental law of IT :smileywink:

    Christian   

    :19049
  • 0

    That is pretty much what I figured.  Would you happen to know if there is an option to log the names of all files scanned? If we could turn that on, log the program as it runs for a while, then look at the log to see where Matlab it opening files, that would simplify things.  Right now we just disable scanning.

    Thanks.

    :19051
  • 0

    I'm quite sure that that there isn't such an option but I think DTrace could be used to collect this information (unless Matlab disallows it).

    Christian

    :19059
  • 0

    Having to turn off on-access scanning while using MATLAB is not a solution.  It is unsatisfactory and  completely unacceptable in a virus protection program - isn't the whole idea with Sophos antivirus to provide protection?  

    :33873
  • 0

    Hello Momo,

    isn't the whole idea with Sophos antivirus to provide protection? 

    Sure - and to do so it has to scan files. If an application uses many (temporary) files to perform its processing the overhead is naturally noticeable (and perhaps prohibitive). There's not much a scanner can do (do you expect specific rules for all the applications out there?). It could give you the option to exempt a certain application - in case of MATLAB I can imagine that this then would generally be done. In turn MATLAB might become an interesting target for malware writers.

    If applications don't (or can't) play nice with scanners you better use them in a safe environment (e.g. disconnected from the network).

    Or what would you suggest?

    Christian

    :33877
  • 0

    MATLAB starts immediately if on-access scanning is turned off before launching it, and then turned on after the sucessful launch.  When Sophos insists on Scanning a 2GB application file on launch, it goes into deep freeze and I never had the patience to wait for it to finish (minutes at least).  Now, if it were possible to exempt that intial on-launch scan then it would all be fine.  Furthermore, it should only have to be done once.  Surely, once scanned, or once declared safe (exempt) by the user, it ispossible to detect any change in the file with some basic checksum or similar protection scheme.  But it is not possible with Sophos.  The protection has to be turned off and on every time before and after launching MATLAB.  That's simply not good enough.

    :33883
  • 0

    Hello Momo,

    dunno much about the Mac version (and MATLAB) but I'm pretty sure that

    • Sophos normally does not scan a large file in its entirety (archives are AFAIK subject to a little more scanning even if the option is turned off)
    • files are not re-scanned (just "fingerprinted" to verify they haven't changed) during a session

    Of course an application extracting many files from archives during startup and deleting them afterwards or at termination will encounter the same overhead each time. We humans more or less know when an application has finished initialization - but It might be impossible for a program (especially a general which has to deal with thousands of applications) to reliably detect this. 

    I don't think this can be generally solved. In theory there could be a standard interface with which an application could request temporary exemption - but then the application vendor would have to take responsibility that nothing bad happens during this period. Quite unimaginable. The other option would be special treatment by the scanner - e.g. by verifying signatures (while this would reduce overhead it would not make it go away). But then this would have to be done for literally thousands of applications and their files.

    Seen from another angle - AV scanners are not some niche products and with most applications there is no problem. It is known what goes well with them and what not. So one may ask why a particular application needs to be designed in a way which causes excessive overhead. Personally I don't see why an AV vendor (not Sophos in particular) should put extensive effort into making specific applications perform (except when it is a general issue - and I'm sure that all vendors address this).

    Christian

    :33889