[Discussion] Just one question

• Previous message: [Discussion] Just one question
• Next message: [Discussion] Just one question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mar 19, 2009, at 11:34 AM, Thorsten Holz wrote:

> Seth Hall is using that in production, perhaps he can report in the
> performance impact.


When we started running it, I was surprised because the additional  
performance impact was fairly negligible.  Also, we aren't writing the  
files to disk (I agree, that would be bad), as chunks of the file come  
through we add each chunk to the incremental md5sum so the total CPU  
time required to calculate the md5sum is amortized across the time it  
takes for the file to be downloaded.  We aren't calculating md5sums  
for everything either.  We only calculate the md5sum if the file being  
downloaded was identified as a windows executable by libmagic.  As a  
final data point, it looks like we see about 3000 - 3500 unique URLs  
daily where the server returns a Windows executable.

   .Seth

---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721

• Previous message: [Discussion] Just one question
• Next message: [Discussion] Just one question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]