Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Large File Size Testing

Created: 08 Nov 2012 | 1 comment

We are currently running tests against our 11.5 system using Prevent and became curious what sort of file size testing or perhaps even in the real world what sort of sample sizes you have been using or testing with and the associated performance.

By default there is a 30M limit for individual files.  So the obvious question is what happens when you send 10 31M files or 101 5M files.  We recently started sending attachments that contain many smaller files (SDLP Log data with a keyword buried in it) and have been experiencing false negatives and dropped connections (due to timeout) and are experimenting with different configuration settings especially around file reader and message chains.

So my question is really a request for best practices or methods to guarantee improvements.

 

 

Comments 1 CommentJump to latest comment

stephane.fichet's picture

Hi daniel,

 As a content aware solution, i think it is great to have a size limit defined in the tool as huge file will take too long to be analyzed. You can tune these parameters (with respect to your hardware) in server configuration (file size limit, timeout,jvm memory...) but it is quite tricky and not always very conclusive.

In prevent, the issue is that mail gateway is waiting for DLP answer. So i will keep prevent to analyze std file (wrt DLP definition) and use network monitor for huge files (of course that means you cannot block them) or specific endpoint policy (in this case you can avoid files to be sent out). 

I dont know the kind of infrastructure you have or plan to deploy but unfortunately i think that prevent alone wont be able to perform efficient analyse of huge file. At least my test in lab seems to show that, but my customer never deploy it for real.

 Regards