I was recently asked to do a bit of research on EMC’s CAVA product, as we are looking for AntiVirus solutions for our CIFS based shares. I found very little info with general google searches about exactly what CAVA is and what it does, so I thought I’d share some of the information that I did find after a bit of research and talking to my local EMC rep.
Basically CAVA is a service runs on the Celerra (or VNX) data mover in conjunction with a Windows server running a 3rd Party Anti-Virus engine (along with EMC’s CAVA API agent) to handle the conversation. It only facilitates the communication to an existing AV server, EMC doesn’t provide the actual AV software. It supports Symantec, McAfee, eTrust, Sophos, Kaspersky, and Trend Micro. In a nutshell, CAVA employs three key components: Software on the data mover (VC Client), Software on a windows AV server (CAVA), and your 3rd party AV engine on a Windows server.
CAVA used to stand for “Celerra Anti Virus Agent”, but was changed to “Common AntiVirus Agent”. Quite convenient that they could re-use the “C” without changing the acronym, right? The product is now officially known as “Common Event Enabler for Windows” by EMC and the package includes CEPA, or the EMC Common Event Publishing Agent, and CAVA, the aforementioned Common Antivirus Agent. For this post I’m focusing on the Antivirus agent.
CAVA is a fairly straightforward install, however if implemented incorrectly it can adversely affect your performance. It’s important to know how it scans your files and essential to know how to troubleshoot it and do performance monitoring. There is definitely a performance hit when using CAVA.
When are files scanned for a virus?
Each time the Celerra receives a file, it will be locked for read access first, at which time a request is sent to the AV server (or servers) to scan the file. The Celerra will send the UNC path name to the windows server and wait for verification that the file is not affected. Once that verification is complete, the file is made available for user access.
CAVA will scan a file in the following instances:
- CAVA will scan files for a virus the first time that a file is read, subsequent to the initial implementation of CAVA and any updates to virus definitions.
- Creating, modifying, or moving a file
- When restoring a file (or files) from backup
- When renaming a file with a different file extension
- Whenever an administrator performs a full file system scan (with the server_viruschk command)
What are the features of CAVA?
- Automatic Virus Definition Updates. Files opened after the update will be re-scanned.
- CAVA Calculator (a free sizing tool to assist in implementation)
- User Notifications on Virus detection, cofigurable by administrators to be sent as notifications to the client, event log entries, or both.
- Scan on read can be enabled
- Event reporting and configuration
What are some implementation considerations?
- EMC recommends that an MPFS client system not be configured as the AV server system.
- CAVA doesn’t support a data mover CIFS server using share level access.
- Always update the viruschecker.conf file to avoid scanning temp files. It can be modified with the Celerra AV Management Snap-In.
- It’s CIFS only. There is no support for NFS or FTP. If those protocols are used to open, modify, or move files the files will not be scanned.
- You must check for compatibility with your installed 3rd party AV software.
How is it licensed, and how much does it cost?
CAVA is licensed per array, on the VNX series it is in the Security and Compliance Suite. Pricing will vary of course, but it’s not very expensive relative to the cost of the array. It should be in the range of thousands rather than tens of thousands of dollars.