Network and Storage Protocols

vscan extensions and Scan Engine, which extension list is being followed?

mdvillanueva
5,197 Views

Hi Experts,

We are currently using Symantec Scan Engine to scan our CIFS environment in Netapp.  I have a few questions, I hope someone can shed some light.

1. I run command vscan and see the list of extensions we scan. I can also see in the Scan Engine configuration that there is a list of extensions to scan. Which one is being used? those in vscan extensions or the one in Scan Engine?

2. Does nfs volumes get scanned also? I would rather not.

thanks,

Maico

6 REPLIES 6

scottgelb
5,197 Views

I made a 1 page cheat sheet on vscan for our customers a while ago (attached).  CIFS only (unless that changed) and ONTAP will send scan requests for the extensions listed..shouldn't get to the scan engine at all if not in the ONTAP list.

mdvillanueva
5,197 Views

Thank you Scott!

Maico

mdvillanueva
5,197 Views

Scott,

If I used ‘do?’, will it scan doc and docx

Maico

scottgelb
5,197 Views

According to this KB, yes it will http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=81989    The "do?" will check the first 3 characters only... both doc and docx meet the criteria.  To get the fourth character there is a list of bug fixes at the kb that support this, but you can use do? for the list to get both file types.

mdvillanueva
5,197 Views

Thanks Scott.

I was reading documentation of vscan and it mentioned this.

For example, putting C?? into the extension list would cause the filer to scan the files ABC.C, ABC.CPP, ABC.C++, ABC.CPLUS and so on.

For example, putting C? into the extension list would cause the filer to scan the files ABC.C, ABC.CP and so on; but not ABC.CPP

So I am confuse as to whats the real deal. My question is, which is a better practice? Using the inclusion or exclusion? Using exclusion seems more ideal because it means you don’t have to keep track of all extensions that are introduced in your network. You only have to know what you want to exclude.

Maico

scottgelb
5,197 Views

I agree… exclusion is most often easier. The guide is correct with any match in the ? character position you list will match regardless of what follows but any extension matching that placeholder and prior fixed value.

Public