Shared DB - Linux

Disclaimer

These results should be viewed as guidelines and not performance guarantees, since there are many variables that affect performance (file set, network configurations, hardware characteristics, etc.). If throughput is important to your implementation, OPSWAT recommends site-specific benchmarking before implementing a production solution.

Environment

Using AWS environment with the specification below:

MetaDefender Core


OS

AWS instance type

vCPU

Memory (GB)

Network bandwidth (Gbps)

Disk type

Benchmark

MetaDefender Core #1

Debian 12

c5.4xlarge

16

32

Up to 10

SSD

Amazon EC2 c5.4xlarge - Geekbench

MetaDefender Core #2

Debian 12

c5.4xlarge

16

32

Up to 10

SSD

Amazon EC2 c5.4xlarge - Geekbench

RDS

OS

AWS instance type

vCPU

Memory (GB)

Network bandwidth (Gbps)

Disk type

Windows Server 2022

db.m7i.4xlarge

16

64

Up to 10

SSD

Deployment Model


Using a AWS Load Balancer to distribute files sent from the client tool to two (2) different MetaDefender Core servers applying Round Robin algorithm. With this algorithm, each MetaDefender Core server is supposed to receive same number of requests.

Client tool

A simple tool written in Python to collect files in a designated folder and submit requests to Load Balancer mentioned above.

files_to_scan = list of files to scan scan_futures =[] for file_path in files_to_scan: scan_futures.append(asyncio.create_task(self.scan_file(file_path, self.load_balancer_url)) async def scan_file(self, file_path, core_url): api_url = f'{core_url}/file' with open(file_path, 'rb') as file: file_content = file.read() headers = {'Content-Type': 'application/octet-stream', 'filename': file_path} max_retries = 20 # Maximum number of retry attempts retry_delay = 120 # Delay in seconds before retrying for attempt in range(max_retries + 1): try: starttime = time.time() response = requests.post(api_url, data=file_content, headers=headers) endtime = time.time() status_code = response.status_code if status_code == 200: self.post_wait = self.post_wait + endtime - starttime self.num_post_req += 1 response_json = response.json() data_id = response_json.get('data_id') return status_code, response_json, data_id if status_code == 503: print(f"Received status code {status_code}. Retrying in {retry_delay} seconds...") await asyncio.sleep(retry_delay) else: return None, None, None except requests.RequestException as e: return None, None, None return None, None, None

OS

AWS instance type

vCPU

Memory (GB)

Network bandwidth (Gbps)

Disk type

CentOS 7

c5.4xlarge

16

32

Up to 10

SSD

Dataset

Detailed information of dataset below will be used for testing:

File category

File type

Number of files

Total size (MB)

Average file size (MB)

Adobe

PDF

370

385 MB

1.0 MB

Executable

EXE

45

309.5 MB

6.9 MB


MSI

15

45.75 MB

3.1 MB

Image

BMP

80

515 MB

6.4 MB


JPG

420

237.5 MB

0.6 MB


PNG

345

169 MB

0.5 MB

Media

MP3

135

865 MB

6.4 MB


MP4

50

500 MB

10.0 MB

Office

DOCX

235

190 MB

0.8 MB


DOC

225

486 MB

2.2 MB


PPTX

365

860 MB

2.4 MB


PPT

355

1950 MB

5.5 MB


XLSX

340

283.5 MB

0.8 MB


XLS

335

284.5 MB

0.8 MB

Text

CSV

100

236 MB

2.4 MB


HTML

1075

76 MB

0.1 MB


TXT

500

210 MB

0.4 MB

Archive

ZIP

Compressed files: 10

Extracted files: 270

Compressed size: 125.5 MB

Extracted size: 156.5 MB

Avg compressed size: 12.6 MB

Avg extracted size: 0.6 MB

Summary (compressed)


5000

7728.5 MB

1.55 MB average file size

Summary (extracted)


5260

7759.5 MB

1.48 MB average file size

Product Information

Product versions:

  • MetaDefender Core 5.14.0

  • Engines:

    • Metascan 5: Ahnlab, ClamAV, ESET, Bitdefender, K7.

    • Metascan 10: Metascan 5, Avira, Quick Heal, VirIT Explorer, Varist, Ikarus, Tachyon.

    • Metascan MAX: Metascan 10, NANO, Sophos, McAfee, CrowdStrike, Lionic, Xvirus, WebRoot, Cylance, RocketCyber, CMC.

    • Deep CDR: 7.4.0

    • Proactive DLP: 2.23.0

    • Archive: 7.4.0

    • File type analysis: 7.4.0

    • File-based vulnerability assessment: 4.57-236

MetaDefender Core settings

General settings

  • Turn off data retention

  • Turn off engine update

Archive extraction settings

  • Max recursion level: 99999999

  • Max number of extracted files: 99999999

  • Max total size of extracted files: 99999999

  • Timeout: 10 minutes

  • Handle archive extraction task as Failed: true

    • Extracted partially: true

Metascan AV settings

  • Max file size: 99999999

  • Scan timeout: 10 minutes

  • Per engine scan timeout: 1 minutes

Performance test results

MetaDefender Core with single engine (technology)

Summary metrics:

Use case

Scan duration

Throughput

Avg. processing time


(minutes)

(processed objects/hour)

(seconds/object)

Metascan 5

8.1

942,037

0.004

Metascan 10

10.9

700,045

0.005

Metascan MAX

31.7

240,709

0.014

Deep CDR

11.1

687,432

0.005

Proactive DLP

8.5

897,705

0.004

Vulnerability

8.4

908,392

0.004

System resource utilization:

Use case

Avg./Max CPU usage

Avg./Max CPU usage

Avg./Max RAM usage

Avg./Max RAM usage

Avg. Network speed

Avg. Network speed


Core 1

Core 2

Core 1

Core 2

Core 1

Core 2


(%)

(%)

(%)

(%)

(KB/s)

(KB/s)

Metascan 5

32.9 / 64.8

32.2 / 64.6

36.5 / 45.6

37 / 45.8

8,765

8,426

Metascan 10

64 / 94.5

62.4 / 95.2

42.5 / 46

41 / 44.7

6,533

6,502

Metascan MAX

67.3 / 99.2

66.2 / 99.4

54 / 74

54 / 74.6

4,310

4,753

Deep CDR

63.6 / 91.5

64 / 92

50.6 / 54

51.2 / 54.7

6,005

5,601

Proactive DLP

43.5 / 72.6

46.2 / 74

43.8 / 50

44.7 / 50.4

6,789

6,235

Vulnerability

36.2 / 71

36.8 / 71

41.5 / 41.7

40.3 / 40.8

6,901

6,763

MetaDefender Core with common engine packages

Summary metrics:

Use case

Scan duration

Throughput

Avg. processing time


(minutes)

(processed objects/hour)

(seconds/object)

Metascan 5 + Deep CDR

12.1

630,619

0.006

Metascan 5 + Deep CDR

+ Proactive DLP

14.7

519,081

0.007

Metascan 5 + Deep CDR

+ Proactive DLP + Vulnerability

15.3

498,725

0.007

Metascan 10 + Deep CDR

14.6

522,636

0.007

Metascan 10 + Deep CDR

+ Proactive DLP

17.5

436,028

0.008

Metascan 10 + Deep CDR

+ Proactive DLP + Vulnerability

17.9

426,284

0.008

Metascan MAX + Deep CDR

34.5

221,173

0.016

Metascan MAX + Deep CDR

+ Proactive DLP

35.1

217,393

0.016

Metascan MAX + Deep CDR

+ Proactive DLP + Vulnerability

35.7

213,739

0.016

System resource utilization:

Use case

Avg./Max CPU usage

Avg./Max CPU usage

Avg./Max RAM usage

Avg./Max RAM usage

Avg. Network speed

Avg. Network speed


Core 1

Core 2

Core 1

Core 2

Core 1

Core 2


(%)

(%)

(%)

(%)

(KB/s)

(KB/s)

Metascan 5

+ Deep CDR

68.8 / 93

68 / 93.2

45.7 / 49 .6

46 / 50.8

5,526

5,420

Metascan 5

+ Deep CDR

+ Proactive DLP

76 / 93.6

71.3 / 94.8

47.2 / 51.5

48.3 / 51.3

5,996

5,195.1

Metascan 5

+ Deep CDR

+ Proactive DLP

+ Vulnerability

82.5 / 96.4

81.4 / 96.2

49.6 / 53

49.5 / 54.8

5,482

4,579

Metascan 10

+ Deep CDR

83 / 95.8

85.7 / 95

47.5 / 51

47 / 49.8

4,794

4,777

Metascan 10

+ Deep CDR

+ Proactive DLP

89 / 97

86.7 / 95.7

49.3 / 57.5

50 / 56.4

4,468

4,352

Metascan 10

+ Deep CDR

+ Proactive DLP

+ Vulnerability

89.5 / 99

92.5 / 99.3

50.6 / 58.3

51.5 / 59

3,879

4,404

Metascan MAX

+ Deep CDR

83 / 98.5

83 / 99.2

64 / 74.3

64 / 76.3

4,254

4,205

Metascan MAX

+ Deep CDR

+ Proactive DLP

84.8 / 99

84.5 / 99.3

64 / 75

64.3 / 76.8

4,167

4,018

Metascan MAX

+ Deep CDR

+ Proactive DLP

+ Vulnerability

86.3 / 99.2

87 / 99.6

64.3 / 75

65.6 / 78.2

4,192

4,073

Recommendations

Controlling total processing time of each MD Core server:

In this deployment model, we should organize and send files in the way that it best utilizes the load of each MD Core server. It is not a good practice if one Core server is free while the other one is busy. By optimizing the distribution of files, we can ensure that each Core server is utilized efficiently, thereby improving overall system performance. Furthermore, this approach can help prevent bottlenecks and minimize the chances of system overload.

Adding proper number of MD Core servers to the cluster:

Adding more Core servers to this model will increase more load on the shared database. When adding a new MD Core server, users should monitor performance of database server such as memory/CPU consumption, disk usage, network bandwidth, request response time and so on… to see if it still can handle the load. This is important in order to maintain optimal performance and ensure that the database server can continue to efficiently serve the needs of the system.

Optimizing database server for better performance:

Continuing to add more Core servers to this model may result in increased strain on the shared database. As such, it is crucial to ensure that the database is optimized to handle the additional load effectively. Users can consider adjusting default database settings of PostgresSQL to optimize for more data load if needed. Here is where we can adjust PostgresSQL database settings: <PostgreSQL install location\version>\data\postgresql.conf.

Besides that, MD Core also supports a parameter (db_connection) for users to specify max connections that MD Core can handle, take a look at this guideline: MetaDefender Configuration.