2011-04-05 02:26 AM
for one of my customers I am trying to find a solution for the following problem:
Company-wide security rules prevents this company for outbound reports to contain directory and file information in paths (presented as follows:
Thu Mar 31 08:36:45 CEST ["FILERNAME": vscan.virus.created:ALERT]: CIFS: Possible Virus Detected - File ONTAP_ADMIN$\vol\volname\qtreename\DATA\filename.ext in share sharename$ modified by client ip-adress (**unknown**) running as user "SID" may be infected. The filer received status message Error, file not found. and error code [0xb] from vscan (anti-virus) server IP-address.
I have tried to change the syslog settings as follows:
all kernel errors will be written in the messages file and to the console.
all daemon messages with status emergency or higher will be written in the messages file and to the console.
so the settings look as follows:
# Log messages of priority info or higher to the console and to /etc/messages
Unfortunately all vscan messages (inclu. path/file names) are still logged in messages file (so are not qualified as daemon messages) and are still sent outbound. The McAfee enterprise documentation does not mention anything about changing settings for messages or reports and also vscan does not include any settings to change this.
Does anyone have useful suggestions to solve this, without making consessions to the autosupport quality (preferrable not to change contents to minimal).
2011-04-05 03:13 AM
The only option that I can see is to hack the /etc/asup_content.conf file. Admittedly this comes with a big fat warning not to do so, but if you have a test system and don't mind hanging it because you didn't quite decipher how the autosupport parser deals with the configuration in this file, then you should be able to trim things down. It seems to be relatively simple. Don't forget to make a backup of your final working copy as upgrades will probably overwrite this file.
As always, YMMV. Good luck.