Antivir (SMSDOM) causes permanent replication in cluster

HCL Domino Domino Forum
1

We have problem with permanent replication of databases in Domino cluster. We have found out, that this is due to Symantec antivir solution (described below - runs on both servers in Cluster with both e-mail and doc writes scanning), that modifies every new note/document and this is replicate back etc…).

The most strange thing is, that our parallel similar configuration (current production HW environment) works without this issue…

I will apreciate any help or just comment…:slight_smile:

Problem statement:

We have production Domino environment, based on Domino clusters and antvir solution (SMSDOM - Symantec Antivir for Domino). There is no bellow mentioned issue.

In order to migrate to new hardware (HP Blade system) we have prepared new environment in the standard way:

a) Domino Server1 installation

b) Domino Server2 installation (as cluster member in the same Domino Domain)

c) SMSDOM installation to Domino Server1 and Domino Server2 according do SMS guide (with the same parameters, as in production environment. SMSDOM has both e-mail and document writes control checked.

However, this problem occured:

Any documents, that were created after SMSDOm installation, are permanently replicated between cluster members. We have found out, that this is due the SMSDom (after creation is document modified by SMSDOM1, then replicated to second server, there is modified by SMSDOM2 and replicated back, etc…)

Production environment (OK): MS W server 2003 Enterprise Edition Service Pack 1 Domino 7.0.3 SMSDOM 5.1.4.32

New environment (with issue): MS W server 2003 R2 Standard x64 Edition Service Pack 2/MS W server 2003 R2 Enterprise Edition Service Pack 2 Domino 7.0.3 SMSDOM 5.1.4.32

2

Subject: Antivir (SMSDOM) causes permanent replication in cluster…

To restate the problem:

Every time SMSDOM runs a scan, it seems to modify every document that contains an attachment, in every Notes database on the server. In a clustered environment, this problem can create a “replication storm” because one server updates the document, replicates it to other servers in the cluster, then those servers modify the document, and the process continues. On my servers, it created thousands of replication conflicts.

Cause of the problem:

  1. SMSDOM is not “cluster aware”

  2. A “cool” new setting called “Secure Scanning Optimization.” This must have been designed by some clown at Symantec who doesn’t understand how Domino works. What does it do? It adds a field (X-SSOTag) to every document that it scans. Why? This field tells SMSDOM that the document has already been scanned. So if a document is sent to 100 users, it only gets scanned once instead of 100 times.

Why is this flawed?

  1. Duh! Modifying every document (regardless of the reason) breaks replication!

  2. It makes sense to scan an email only once, instead of once for every recipient. But it doesn’t make sense to use an email-tracking mechanism for existing documents. I’m curious what the Symantec clowns think they gain by such methods. If I forward an existing document, it gets put into a new message without the internal tracking-field, thereby making that field useless.

How can you avoid this problem?

Change your SMSDOM settings to disable “Secure Scanning Optimization.”

How can Symantec fix this?

Change the process so that X-SSOTag is only used for documents that come into mail.box and for real-time scans; DO NOT use that process for scheduled scans!