On Tue, Mar 16, 2010 at 08:58:27PM +0100, Henrik Nordström wrote: > mån 2010-03-15 klockan 18:47 +0200 skrev Henrik K: > > > If you don't want this limitation, you can use HAVP. It scans the file while > > it's being transferred to client, while keeping small part of it buffered > > (in case of virus, it is not transferred so client can't open incomplete > > file). It's as close to transparent as you can get. > > That's also one of the three modes supported by c-icap clamav service. Such comment can only be made when one doesn't understand what HAVP does. It is NOT the same thing. http://www.server-side.de/documentation.htm While one can speculate about the usefulness of scanning huge files at HTTP level, HAVP with mandatory locking does it much more efficiently. C-icap will only call the scanner after a file is completely received, resulting in additional wait and a load spike. HAVP starts scanning the file immediately as it is received from the server and gradually unlocked. When c-icap has just started scanning the file, HAVP has already scanned most (if not all) of it and is sending final bytes to client. If a virus had happened to be found, HAVP would have already stopped the unnecessary download without wasting time on the whole file. This also works on ZIP files as it first tries to download the header at end of the file using Range request.