Subscribe

VSCAN help

When you enable vscan, does it scan all data on volumes or just the cifs shares.  I am setting up McAfee virus scan for storage and the documentation is pretty sparse.  I get the file ext configuration and all that but just dont understand the scope of what gets scanned so my questions are as follows:

1.  do all files in all volumes get scanned?

2.  do only files in CIFS shares get scanned?

3.  Is there a good reference document on vscan configuration anyone knows of?

Thanx

Re: VSCAN help

It scans by CIFS share and you can disable on shares with -novscan and -novscanread options.  I also usually turn off mandatory_scan so that files are served even if no vscan is available.  Also have more than 1 VSCAN server for redundancy and ideally on a separate network or vlan.  The file system admin guide has a good overview...not a whole lot to do other than vscan on, vscan scanners and then vscan options mandatory_scan off.

Re: VSCAN help

1 page cheat sheet that I put together a while ago is attached...gives almost all you need to know on the FAS ONTAP side of things in a quick doc with examples and commands.

Re: VSCAN help

Thanx..this is great

Re: VSCAN help

Thank you.

Re: VSCAN help

Scott,

Nice to meet you.  You seem pretty knowledgeable with how vscan operates. 

I put something to you.... This, http://media.netapp.com/documents/tr-3107.pdf, and my interest is squarely on Figure 1.

And, Step 2.

So, I have an issue with a filer that when you issue the command 'vscan', and it shows you, at the bottom of the output, 'Number of files scanned', 'Number of scan failures', 'Number of throttled requests', the Number of files scanned does not increment.

Who's jurisdiction is it to appropriately increment this counter. 

The filer, alone ? I think yes, if vscan is enabled.  Or does it need to be 'registered'/'associated' with a relevant AV vendor's scanning server/solution ? And it only increments if this successful registration is made ?

Re: VSCAN help

All handled by the vscan process... I can't see how it would increment without an av server except for possibly a scan failure if AV went down.  Most often we disable mandatory scan like I mentioned above... C-Mode is really interesting now with onboard VSCAN in 8.1... down the road I think we'll see much more of this implementation.

Re: VSCAN help

Sorry :S. I'm confused.  I'll try to re-iterate. So regardless of whether the RPC calls are being made to the bolted on AV server, if you enable vscan on the filer, extensions are present in the include list, a file lands on the filer, there's a match, and the 'Number of files scanned' increments or only when the AV server processes the file and returns it to filer ?

You mentioned 'all handled by vscan process' which implies increments occur on the filer with no AV attached. Only prerequisite is if vscan is on.  Thus the vscan process increments it.  But then your latter comment confused me.  Thanks mate.

Re: VSCAN help

Not sure on that point… without a vscan server it can’t scan so don’t see how it can increment if no scanner is present

Re: VSCAN help

Grr..... Makes sense.

I'm having issues with a scenario where nothing is incrementing here with a filer registered to an AV server.  In the multitude of logging capabilities out of OnTAP, there would surely be content oriented with showing the RPC calls made between filer and AV server, right ? The AV server side doesn't indicate any failure with registration.... is why I ask.