HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.
It is currently 22 Jun 2014 09:52

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: 07 Sep 2010 14:28 
Offline

Joined: 07 Sep 2010 13:25
Posts: 10
Hi
I am new on HAVP.
I have to question about this proxy:
1- Is there any benchmark (statistic) on how amount bandwidth HAVP (clamav enabled) could handle ?
2- Is there any tool bases on HAVP?Or any company create one tool based on HAVP?

Thanks for any guidance


Top
 Profile  
 
PostPosted: 10 Sep 2010 11:28 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
nima0102 wrote:
Hi
I am new on HAVP.
I have to question about this proxy:
1- Is there any benchmark (statistic) on how amount bandwidth HAVP (clamav enabled) could handle ?


Not that I know.. mine handles easily 100-200req/s for 1000 users with 5% CPU usage. I think that's much more describing figure than bandwidth. But larger setups might need some tweaking because of the current architecture (video streams etc reserve one child).

Quote:
2- Is there any tool bases on HAVP?Or any company create one tool based on HAVP?


What kind of tool? All-in-one easy to setup proxy? Atleast Endian Firewall uses HAVP, but it's just one feature.


Top
 Profile  
 
PostPosted: 10 Sep 2010 12:00 
Offline

Joined: 07 Sep 2010 13:25
Posts: 10
Thanks for your reply.
for 100-200 req/s, Did you enable Antir Virus checking??
Is there any benchmark from other installation?
I think my need is over 2000 req/s and of course with enabled antivirus!

Regards


Top
 Profile  
 
PostPosted: 10 Sep 2010 14:20 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
I think, you should search a tool for squid proxy analysis like calamaris or so, this should you give a overview about response time.
But I do not really know a benchmark test for your plan

EDIT: I have one company with ~500 - 700 Requests/second without any problems. I think, best would be, to program a script, that is doing this requests for testing

regards, karesmakro


Top
 Profile  
 
PostPosted: 10 Sep 2010 14:34 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Easy test to benchmark ClamAV performance (it's really the only thing sucking resources) is to maybe grep 10000 URLs from your Squid log and download all those files with wget or such - or maybe just use your Squid cache directory if you have one. Then simply scan that directory with clamscan. It will tell you realistic URLs/files per second performance for single core for your traffic pattern. You need to use similar clamscan options (max scan size 5MB etc).

Having 2000 req/s means you need 500-1000 scanner processes for nice throughput? Atleast 16 cores for nice load distribution? Just guesses..

You should also compare Squid with c-icap/clamav which might be less featureful but maybe more robust and performing solution.


Top
 Profile  
 
PostPosted: 12 Sep 2010 12:33 
Offline

Joined: 07 Sep 2010 13:25
Posts: 10
hege wrote:
Easy test to benchmark ClamAV performance (it's really the only thing sucking resources) is to maybe grep 10000 URLs from your Squid log and download all those files with wget or such - or maybe just use your Squid cache directory if you have one. Then simply scan that directory with clamscan. It will tell you realistic URLs/files per second performance for single core for your traffic pattern. You need to use similar clamscan options (max scan size 5MB etc).

Having 2000 req/s means you need 500-1000 scanner processes for nice throughput? Atleast 16 cores for nice load distribution? Just guesses..

You should also compare Squid with c-icap/clamav which might be less featureful but maybe more robust and performing solution.


Thanks for your attention
What do you mean "16 cores"? Did you mean CPU core?
I think I could not correctly understand your told about "compare Squid with c-icap/clamav which might be less featureful but maybe more robust and performing solution".Do you mean Squid with c-icap/clamav is more robust thatn HAVP??

Thanks in advance


Top
 Profile  
 
PostPosted: 12 Sep 2010 19:24 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
nima0102 wrote:
What do you mean "16 cores"? Did you mean CPU core?


Yes

Quote:
I think I could not correctly understand your told about "compare Squid with c-icap/clamav which might be less featureful but maybe more robust and performing solution".Do you mean Squid with c-icap/clamav is more robust thatn HAVP??


Probably more robust in the sense that it's more simple and uses a known content filtering "standard". It just feeds first x bytes of data to c-icap, and it's either ok or virus, no HTTP or other things involved. HAVP has advantages, but for those rates ICAP might be preferred. I have no real life experience with c-icap, I don't know how robust it's error handling code is etc.

http://www.mail-archive.com/squid-users ... 71246.html
http://www.mail-archive.com/squid-users ... 73543.html


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group