You can configure OneFS to send files to be scanned before they are opened, after they are closed, or both. This can be done through file access protocols such as SMB, NFS, and SSH. Sending files to be scanned after they are closed is faster but less secure, whereas sending files to be scanned before they are opened is slower but more secure.
If scanned after files are closed, the following applies:
If scanning before files are opened, the following applies:
Figure 4 shows an example of the performance impact using different on-access scanning options. In this example, seven files are modified simultaneously, and the performance impact is tracked in four scenarios: no scan (baseline), scan on open, scan on open and close, and scan on close.
The results show that scanning on open and close provides much better performance than only scanning on open. Furthermore, it provides better protection since the file is scanned twice.
The following figure shows an example of how scanning on both open and close provides optimal performance. After the file has been modified and closed, it is scanned upon close. Because the file is not modified again after close, the next time it is opened, the scan on open is skipped.
However, in some marginal scenarios, scan on open will not be skipped which provides a better level of protection. In the example shown in the following figure, after the file is closed, the definition file for the antivirus software is updated, which makes the previous scan (scan on close) invalid. The next time the file is opened, the scan on open is not skipped.
For more information on how updating the antivirus definition file can trigger the change of ISTag, refer to Updating the virus definition file.