The CAS here is integrated with a ProxySG and I would like to know what factor can influence and slow down the CAS processing time (file size, file type, etc.).

See the the snippet below, for the Content Analysis File Scanning Workflow.

For every other product use detail, for Symantec CAS, reference has been made to the resource doc. with the URL below.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/About_CAS.html

With Content Analysis integrated with ProxySG, if scans take too long, and even impacts users' browsing time, this would, most likely, be caused by Content Analysis attempting to virus scan infinite streams. To avoid this problem, Symantec recommends that customers enable:

• deferred scanning (https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/sg-introduction/configuration_fine_tuning/user_experience/deferred_scanning.html) or

• implement mirror policy (https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/sg-introduction/best_practices/conserve_scanning_resources/scan_and_serve_policy.html)

Also, if you have configured the ICAP REQMOD service for DLP on the appliance, review these policy best practices to ensure high volumes of requests to the DLP do not affect performance. See the Tech. doc. with the URL below.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/proxysg/7-3/learnabout/advancedpolicy/icapreqmod.html

With the ICAP response modification enabled (anti-virus enabled), and the ProxySG seems to slow down, and the slowness seems to increase over time up to a point where the ProxySG no longer serves objects, please refer to the Tech. Article with the URL below, for the possible causes and possible causes/resolutions.

https://knowledge.broadcom.com/external/article/166921/queued-icap-slowness-or-latency.html

Note 1: The customer is able to set the maximum scan file size. An individual file size cannot exceed the configured size (1–5120 MB). This limitation also applies to each file within an archive. The default maximum file size is 100 MB. See the Tech. doc. with the URL below, for more details.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/Solution_AV_scan/services_av_scanning_behavior.html

Note 2: You can configure how Content Analysis reacts when specific file extensions or file types are sent over ICAP from a ProxySG appliance. Global file extension and file type policies apply to all analysis engines (AV scanning, predictive analysis). If you employ Symantec, Kaspersky, or Sophos AV engines, you can configure additional Ignore, Scan, and Block policy. Please refer to the Tech. doc. with the URL below, for more details on defining file type policy.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-1/Solution_AV_scan/services_av_file_types.html