What is EMC’s CAVA / Common Event Enabler?

I was recently asked to do a bit of research on EMC’s CAVA product, as we are looking for AntiVirus solutions for our CIFS based shares.  I found very little info with general google searches about exactly what CAVA is and what it does, so I thought I’d share some of the information that I did find after a bit of research and talking to my local EMC rep. 

Basically CAVA is a service runs on the Celerra (or VNX) data mover in conjunction with a Windows server running a 3rd Party Anti-Virus engine (along with EMC’s CAVA API agent) to handle the conversation.  It only facilitates the communication to an existing AV server, EMC doesn’t provide the actual AV software.  It supports Symantec, McAfee, eTrust, Sophos, Kaspersky, and Trend Micro.  In a nutshell, CAVA employs three key components:  Software on the data mover (VC Client), Software on a windows AV server (CAVA), and your 3rd party AV engine on a Windows server. 

CAVA used to stand for “Celerra Anti Virus Agent”, but was changed to “Common AntiVirus Agent”.  Quite convenient that they could re-use the “C” without changing the acronym, right? The product is now officially known as “Common Event Enabler for Windows” by EMC and the package includes CEPA, or the EMC Common Event Publishing Agent, and CAVA, the aforementioned Common Antivirus Agent.  For this post I’m focusing on the Antivirus agent.

CAVA is a fairly straightforward install, however if implemented incorrectly it can adversely affect your performance. It’s important to know how it scans your files and essential to know how to troubleshoot it and do performance monitoring.  There is definitely a performance hit when using CAVA. 

When are files scanned for a virus? 

Each time the Celerra receives a file, it will be locked for read access first, at which time a request is sent to the AV server (or servers) to scan the file.  The Celerra will send the UNC path name to the windows server and wait for verification that the file is not affected.  Once that verification is complete, the file is made available for user access. 

CAVA will scan a file in the following instances: 

  •          CAVA will scan files for a virus the first time that a file is read, subsequent to the initial implementation of CAVA and any updates to virus definitions.
  •          Creating, modifying, or moving a file
  •          When restoring a file (or files) from backup
  •          When renaming a file with a different file extension
  •          Whenever an administrator performs a full file system scan (with the server_viruschk command) 

What are the features of CAVA? 

  •          Automatic Virus Definition Updates. Files opened after the update will be re-scanned.
  •          CAVA Calculator (a free sizing tool to assist in implementation)
  •          User Notifications on Virus detection, cofigurable by administrators to be sent as notifications to the client, event log entries, or both.
  •          Scan on read can be enabled
  •          Event reporting and configuration 

What are some implementation considerations? 

  •          EMC recommends that an MPFS client system not be configured as the AV server system.
  •          CAVA doesn’t support a data mover CIFS server using share level access.
  •          Always update the viruschecker.conf file to avoid scanning temp files. It can be modified with the Celerra AV Management Snap-In.
  •          It’s CIFS only. There is no support for NFS or FTP.  If those protocols are used to open, modify, or move files the files will not be scanned.
  •          You must check for compatibility with your installed 3rd party AV software.

How is it licensed, and how much does it cost?

CAVA is licensed per array, on the VNX series it is in the Security and Compliance Suite.   Pricing will vary of course, but it’s not very expensive relative to the cost of the array.  It should be in the range of thousands rather than tens of thousands of dollars.


8 thoughts on “What is EMC’s CAVA / Common Event Enabler?”

  1. thanks! I appreciate what you are doing. I’m a new CAVA’s user…please could you guide me to how to setup an EMC’s antivirus solution (an entire tuto)? and how to dowload an up to date software (CEE framwork)? I went to the website : https://support.emc.com/downloads/ but I found nothing! I need a help! thanks in advance

    1. Sorry, but this is one of those times I’m not going to be able to help. We ended up not implementing it so I have no experience with it to create a tutorial. I also couldn’t find it on EMC’s support website, I suspect it’s unavailable as a download unless you are licensed for it.

  2. Thanks man. I am a (new) indirect EMC Sales rep and straightforward information like this is superb to learn, instead of the hundreds of Sales- and Marketing presentations.

    1. Thanks for the comment Pieter. I’m glad you found the information useful. I’ve become a local celebrity with my local EMC reps, I had someone from our local EMC office refer me to one of my own blog posts when I asked a question. 😉

    1. it’s really per filesystem, rather than per DM or VDM.
      Each of our VNX5n00 arrays has a pair of mcaffee virtual windows servers which monitor and intercept any malicious writes. We have also implemented a monitoring script which re-starts the server_viruschk task if it has become halted. (same for our VNXe estate)
      There’s plenty of documentation to set this up, but it was a non-trivial task to get the cava services on windows aligned with the cava service on each VNX(e)

  3. @David Morgan , If you have filesystems mounted on other primary datamovers you would need to make sure viruschk is started on the movers as well.

    1. You are right, of course, that the cava monitor be running on each active server_x . We run our VNX family as active/standby only.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.