ASA CSC Module Creates slow FTP Downloads

Answered Question
Feb 15th, 2010
User Badges:

Hello,

We are having a bit of an issue that I thought I'd run by the community.


We have an ASA 5510 and we are running the "Anti-X" module with it. It is the Antivirus/Antispyware Interscan Module from Trend Micro. At any rate, we fond that when we try to download things via FTP, the download takes an extremely long period of time and often fails before it times out. By disabling the FTP scanning, it resolves the issue.


Has anyone else dealt with this? Any tips? We upgraded the engine as well as the virus definitions.



Thanks,

Ben

Correct Answer by Yudong Wu about 7 years 2 months ago

Did you guys enable "deferred scanning"?

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc4.html#wp1042483


If not, please try it to see if it makes any difference.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Benjamin Waldon Mon, 02/15/2010 - 11:40
User Badges:

Thanks Brandon,

Yeah, it's a shame, but the subscription is almost up on this and I am going to have a hard time selling the renewel if I can't enable FTP Scanning.


May open a case with the TAC if I can't get it resolved. Will let you know what the resolution is.


- Ben

Brandon Svec Mon, 02/15/2010 - 11:57
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

I didn't buy smartnet so no TAC option for me. Please do update this thread

if you find a solution.


Brandon



On Mon, Feb 15, 2010 at 11:40 AM, benwaldon <

Benjamin Waldon Mon, 02/15/2010 - 12:45
User Badges:

Thanks Kevin,

That fixed the problem.


I was a bit concerned about the part in the Administration guide where it says that deferred scanning

"May introduce a security risk".


But, the TAC engineer was saying that it deffered scanning presents a minimal security risk. The idea is that it passes along a very small portion of the file. Just enought to keep the (internal) client engaged in the download process.


I tested this and it works. I was running several downloads against files exceeding 40MB and it they all ran smoothly.


Thanks,

Ben

Benjamin Waldon Mon, 02/15/2010 - 12:19
User Badges:

Would you describe your problem as intermittent?


I had a download I was testing it against. The file was 13MB and it would work sometimes (after holding at transferring for 30 seconds), and sometimes it wouldn't. But, then I used a file at 60MB and it was consistently failing.

Brandon Svec Mon, 02/15/2010 - 12:35
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

I think I have a different trouble. I just remembered that I even disabled

file scanning completely in the CSC and still have this problem whenever I

specify traffic to even pass though the CSC unchecked. I will sometimes get

weir errors from ftp server when using cli ftp. Sometimes it looks like it

is not working for 90 seconds or longer then all of a sudden it starts

downloading..


Brandon



On Mon, Feb 15, 2010 at 12:19 PM, benwaldon <

Actions

This Discussion