Shared DB - Linux

These results should be viewed as guidelines and not performance guarantees, since there are many variables that affect performance (file set, network configurations, hardware characteristics, etc.). If throughput is important to your implementation, OPSWAT recommends site-specific benchmarking before implementing a production solution.

Environment

Using AWS environment with the specification below:

MetaDefender Core

	OS	AWS instance type	vCPU	Memory (GB)	Network bandwidth (Gbps)	Disk type	Benchmark
MetaDefender Core #1	Ubuntu 24.04	c5.4xlarge	16	32	Up to 10	SSD	Amazon EC2 c5.4xlarge - Geekbench
MetaDefender Core #2	Ubuntu 24.04	c5.4xlarge	16	32	Up to 10	SSD	Amazon EC2 c5.4xlarge - Geekbench

RDS

OS	AWS instance type	vCPU	Memory (GB)	Network bandwidth (Gbps)	Disk type
Windows Server 2022	db.m7i.4xlarge	16	64	Up to 10	SSD

Deployment Model

Using a AWS Load Balancer to distribute files sent from the client tool to two (2) different MetaDefender Core servers applying Round Robin algorithm. With this algorithm, each MetaDefender Core server is supposed to receive same number of requests.

Client tool

A simple tool written in Python to collect files in a designated folder and submit requests to Load Balancer mentioned above.

Python
    
xxxxxxxxxx
 
files_to_scan = list of files to scanscan_futures =[]for file_path in files_to_scan:    scan_futures.append(asyncio.create_task(self.scan_file(file_path, self.load_balancer_url)) async def scan_file(self, file_path, core_url):    api_url = f'{core_url}/file'     with open(file_path, 'rb') as file:        file_content = file.read()     headers = {'Content-Type': 'application/octet-stream', 'filename': file_path}     max_retries = 20  # Maximum number of retry attempts    retry_delay = 120  # Delay in seconds before retrying     for attempt in range(max_retries + 1):        try:            starttime = time.time()            response = requests.post(api_url, data=file_content, headers=headers)            endtime = time.time()            status_code = response.status_code            if status_code == 200:                self.post_wait = self.post_wait + endtime - starttime                self.num_post_req += 1                response_json = response.json()                data_id = response_json.get('data_id')                return status_code, response_json, data_id             if status_code == 503:                print(f"Received status code {status_code}. Retrying in {retry_delay} seconds...")                await asyncio.sleep(retry_delay)            else:                return None, None, None         except requests.RequestException as e:            return None, None, None     return None, None, None
Copy

OS	AWS instance type	vCPU	Memory (GB)	Network bandwidth (Gbps)	Disk type
CentOS 7	c5.4xlarge	16	32	Up to 10	SSD

Dataset

Detailed information of dataset below will be used for testing:

File category	File type	Number of files	Total size (MB)	Average file size (MB)
Adobe	PDF	370	385 MB	1.0 MB
Executable	EXE	45	309.5 MB	6.9 MB
	MSI	15	45.75 MB	3.1 MB
Image	BMP	80	515 MB	6.4 MB
	JPG	420	237.5 MB	0.6 MB
	PNG	345	169 MB	0.5 MB
Media	MP3	135	865 MB	6.4 MB
	MP4	50	500 MB	10.0 MB
Office	DOCX	235	190 MB	0.8 MB
	DOC	225	486 MB	2.2 MB
	PPTX	365	860 MB	2.4 MB
	PPT	355	1950 MB	5.5 MB
	XLSX	340	283.5 MB	0.8 MB
	XLS	335	284.5 MB	0.8 MB
Text	CSV	100	236 MB	2.4 MB
	HTML	1075	76 MB	0.1 MB
	TXT	500	210 MB	0.4 MB
Archive	ZIP	Compressed files: 10 Extracted files: 270	Compressed size: 125.5 MB Extracted size: 156.5 MB	Avg compressed size: 12.6 MB Avg extracted size: 0.6 MB
Summary (compressed)		5000	7728.5 MB	1.55 MB average file size
Summary (extracted)		5260	7759.5 MB	1.48 MB average file size

Product Information

Product versions:

MetaDefender Core version 5.18.0
Engines:
- Metascan 5: Ahnlab, Bitdefender, ClamAV, ESET, K7
- Metascan 10: Metascan 5 + Avira, Varist, IKARUS, Quick Heal, TACHYON
- Metascan MAX: Metascan 10 + Lionic, CMC, CrowdStrike Falcon ML, Aurora, Trellix, NANOV, RocketCyber, Sophos, Webroot SMD, Xvirus Anti-Malware
- Deep CDR: 7.8.0
- Proactive DLP: 3.2.0
- Archive: 7.8.0
- File type analysis: 7.8.0
- File-based vulnerability assessment: 4.57-236
- Adaptive Sandbox: 3.0.0

MetaDefender Core settings

General settings

Turn off data retention
Turn off engine update
Max file size: 99999999

Archive extraction settings

Max recursion level: 99999999
Max number of extracted files: 99999999
Max total size of extracted files: 99999999
Timeout: 10 minutes
Handle archive extraction task as Failed: true
- Extracted partially: true

Metascan AV settings

Scan timeout: 10 minutes
Per engine scan timeout: 1 minutes

Adaptive Sandbox

Max file size: 18446744073709 MB (max)
Timeout: 86400 (max)

Performance test results

MetaDefender Core with single engine (technology)

Summary metrics:

Performance Report - Shared Linux Single Engine Sum Metric

Use case	Scan duration (minutes)	Throughput (processed objects/hour)	Avg. processing time (seconds/object)
Metascan 5	3.8	1,931,188.9	0.002
Metascan 10	5.7	1,331,649.6	0.003
Metascan MAX	10.2	744,140.6	0.005
Deep CDR	11.1	686,941.2	0.005
Proactive DLP	11.8	613,479.4	0.006
Vulnerability	2.9	2,481,177	0.001
Embedded Sandbox	91.7	83,250.0	0.043

System resource utilization:

Performance Report - Shared Linux Single Engine Resource Utilization

Use case	Avg./Max CPU usage		Avg./Max RAM usage		Avg. Network speed
	Core 1	Core 2	Core 1	Core 2	Core 1	Core 2
	(%)	(%)	(%)	(%)	(KB/s)	(KB/s)
Metascan 5	58.7/61.6	56.1/56.7	61.0/62.2	50.8/51.6	11,291.9	10,788.9
Metascan 10	91.3/93.6	86.4/88.7	45.3/47.7	39.2/40.9	7,959.8	7,966.3
Metascan MAX	98.3/99.8	99.5/99.9	71.5/73.2	74.4/76.3	4,867	4,672.9
Deep CDR	82.4/88.5	80.3/82.9	72.2/78.0	45.7/53.3	6,684.2	6,914.7
Proactive DLP	35.0/35.6	39.4/41.8	67.8/72.4	44.3/49.4	5,202.3	6,186.6
Vulnerability	81.4/97.3	74.9/94.5	30.1/31.1	29.8/31.0	14,613.1	14,765.6
Embedded Sandbox	55.5/82.1	55.0/83.4	64.2/79.6	59.9/72.5	1,902.3	1,813.1

MetaDefender Core with common engine packages

Summary metrics:

Performance Report - Shared Linux Common Engine Sum Metric

Use case	Scan duration (minutes)	Throughput (processed objects/hour)	Avg. processing time (seconds/object)
Metascan 5 + Deep CDR	12.0	631,383.1	0.006
Metascan 5 + Deep CDR + Proactive DLP	15.2	503,298.8	0.007
Metascan 5 + Deep CDR + Proactive DLP + Vulnerability	15.9	474,917.2	0.008
Metascan 5 + Deep CDR + Proactive DLP + Vulnerability + Embedded Sandbox	98.5	77,466.9	0.046
Metascan 10 + Deep CDR	14.0	489,960.3	0.007
Metascan 10 + Deep CDR + Proactive DLP	18.3	417,603.4	0.009
Metascan 10 + Deep CDR + Proactive DLP + Vulnerability	18.7	406,834	0.009
Metascan 10 + Deep CDR + Proactive DLP + Vulnerability + Embedded Sandbox	100.6	75,807.5	0.047
Metascan MAX + Deep CDR	25.2	296,223.5	0.012
Metascan MAX + Deep CDR + Proactive DLP	26.3	288,641.6	0.012
Metascan MAX + Deep CDR + Proactive DLP + Vulnerability	28.4	259,714.9	0.014
Metascan MAX + Deep CDR + Proactive DLP + Vulnerability + Embedded Sandbox	109.2	69,877	0.052

System resource utilization:

Performance Report - Shared Linux Common Engine Resource Utilization

Use case	Avg./Max CPU usage		Avg./Max RAM usage		Avg. Network speed
	Core 1	Core 2	Core 1	Core 2	Core 1	Core 2
	(%)	(%)	(%)	(%)	(KB/s)	(KB/s)
Metascan 5 + Deep CDR	82.5/84.3	84.2/85.2	47.0/55.0	43.1/51.6	6,630.5	5,800.1
Metascan 5 + Deep CDR + Proactive DLP	82.6/90.8	78.5/90.0	45.4/54.7	46.4/55.3	5,300.9	5,349.8
Metascan 5 + Deep CDR + Proactive DLP + Vulnerability	81.5/92.6	78.8/88.9	69.9/77.0	58.2/64.8	4,837.8	5,050.1
Metascan 5 + Deep CDR + Proactive DLP + Vulnerability + Embedded Sandbox	64.1/86.2	61.9/92.9	61.5/75.7	61.3/73.7	1,712.7	1,838.3
Metascan 10 + Deep CDR	89.9/93.6	93.2/96.6	55.3/62.9	58.2/65.2	5,813.2	5,464.8
Metascan 10 + Deep CDR + Proactive DLP	93.5/95.6	89.5/97.3	50.3/60.6	52.8/61.6	4,259.1	4,153.7
Metascan 10 + Deep CDR + Proactive DLP + Vulnerability	93.4/97.2	90.3/96.4	76.9/84.5	68.1/76.3	4,169.8	4,339.6
Metascan 10 + Deep CDR + Proactive DLP + Vulnerability + Embedded Sandbox	67.1/96.7	65.2/94.5	70.8/85.5	70.0/85.1	1,638.8	1,694
Metascan MAX + Deep CDR	96.6/99.9	99.2/99.9	74.4/83.2	73.6/81.8	3,435.6	3,528.1
Metascan MAX + Deep CDR + Proactive DLP	98.8/99.9	98.0/99.8	75.3/86.2	78.1/85.3	3,161.7	3,423.4
Metascan MAX + Deep CDR + Proactive DLP + Vulnerability	96.2/99.9	99.3/99.9	74.0/83.0	76.8/85.8	3,027.7	3,147.6
Metascan MAX + Deep CDR + Proactive DLP + Vulnerability + Embedded Sandbox	70.3/99.0	70.1/96.2	88.7/99.0	85.6/98.4	1,584.7	1,661.9

Recommendations

Controlling total processing time of each MD Core server:

In this deployment model, we should organize and send files in the way that it best utilizes the load of each MD Core server. It is not a good practice if one Core server is free while the other one is busy. By optimizing the distribution of files, we can ensure that each Core server is utilized efficiently, thereby improving overall system performance. Furthermore, this approach can help prevent bottlenecks and minimize the chances of system overload.

Adding proper number of MD Core servers to the cluster:

Adding more Core servers to this model will increase more load on the shared database. When adding a new MD Core server, users should monitor performance of database server such as memory/CPU consumption, disk usage, network bandwidth, request response time and so on… to see if it still can handle the load. This is important in order to maintain optimal performance and ensure that the database server can continue to efficiently serve the needs of the system.

Optimizing database server for better performance:

Continuing to add more Core servers to this model may result in increased strain on the shared database. As such, it is crucial to ensure that the database is optimized to handle the additional load effectively. Users can consider adjusting default database settings of PostgresSQL to optimize for more data load if needed. Here is where we can adjust PostgresSQL database settings: <PostgreSQL install location\version>\data\postgresql.conf.

Besides that, MD Core also supports a parameter (db_connection) for users to specify max connections that MD Core can handle, take a look at this guideline: MetaDefender Configuration.

Last updated on

Was this page helpful?