2013-01-18 01:15 AM
I have a FAS2040 with cifs share.
On this share I have a virus that hide folder and replace them by .exe. I suspect one of my user who is infecting file. I need to find at least his IP address.
First I have enabled audit but it was not enough detailled.
Then to correct this issue, I have installed Symantec Protection Engine 7 and configured with my NetApp
Symantec is working well, I can see in NetApp with vscan command that Symantec is doing the job. But I have no entry at all for my hidding virus.
Do you know if there is an option in NetAPP to monitor folder attribute with vscan ? I have make a lot of search but I'm unlucky.
Solved! SEE THE SOLUTION
2013-01-21 02:13 AM
I have found this option in NetApp doc :
vscan extensions include add txt
Maybe folder file are not in vscan extension, do you know what is folder extension to be sure ?
2013-02-26 05:40 AM
After opening a ticket on NetApp support, it is not possible to monitor folder with NetApp ....
Solution for me was to find an antivirus on client computer that detect this virus. Then update all my client and finally unhide manually folder on cifs.