https://community.netapp.com/t5/ONTAP-Discussions/c-mode-antivirus/m-p/113407#M24061 <P>&nbsp;</P><P>Vserver:cluster01<BR />Policy: default_CIFS<BR />Policy Status: off<BR />Policy Config Owner: cluster<BR />File-Access Protocol: CIFS<BR />Filters: scan-mandatory<BR />Max File Size Allowed for Scanning: 2GB<BR />File Paths Not to Scan: -<BR />File Extensions Not to Scan: -<BR />File Extensions to Scan: *<BR />Scan Files with No Extension: true</P><P>&nbsp;</P><P><STRONG>change previllage to &nbsp;advacned mode&nbsp;</STRONG></P><P>&nbsp;</P><P>cluster01:: set -privilege advanced</P><P>&nbsp;</P><P><STRONG>then you should be able change the filter value for on access policy&nbsp;</STRONG></P><P>&nbsp;</P><P>cluster01::vserver vscan on-access-policy*&gt; modify -vserver * -policy-name default_CIFS -filters "-"</P><P>&nbsp;</P><P><STRONG>you can verify it after changing&nbsp;</STRONG></P><P>&nbsp;</P><P>cluster01::vserver vscan on-access-policy*&gt; show -in</P><P>Vserver: cluster01<BR />Policy: default_CIFS<BR />Policy Status: off<BR />Policy Config Owner: cluster<BR />File-Access Protocol: CIFS<BR />Filters: -<BR />Max File Size Allowed for Scanning: 2GB<BR />File Paths Not to Scan: -<BR />File Extensions Not to Scan: -<BR />File Extensions to Scan: *<BR />Scan Files with No Extension: true</P><P>&nbsp;</P><P><STRONG>change previllage to &nbsp;admin mode&nbsp;</STRONG></P><P><SPAN>cluster01:: set -privilege admin</SPAN></P><P>&nbsp;</P> Mon, 07 Dec 2015 15:40:15 GMT OhmR 2015-12-07T15:40:15Z https://community.netapp.com/t5/ONTAP-Discussions/c-mode-antivirus/m-p/94167#M19463 <P><SPAN style="font-family: arial,helvetica,sans-serif;"><SPAN style="font-size: 10pt;">I am trying to wrap my head around the on-access-policy for vscan in c-mode. I want to make sure that files are still served if anti-virus servers were to be unavailable. But looking at all the documentation I don't see an option for this.</SPAN></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">According to documentation and support, the scan-mandatory flag means that it won't serve data if vscan servers are not available.<BR />Their suggestion was to use the scan-ro-volume flag. Does this mean allow files from RO and RW volumes to be scanned, or just RO volumes? I am guessing the just RO volumes as the filter for on-access-policy can have multiple options selected.</SPAN></P><P>&nbsp;</P><P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">Thoughts</SPAN></P><P><BR /><SPAN style="color: #0078c2; font-family: arial,helvetica,sans-serif; font-size: 10pt;"><SPAN style="color: #0078c2;"><SPAN style="color: #0078c2;"><A target="_blank" href="https://library.netapp.com/ecm/ecm_download_file/ECMP1366832" title="https://library.netapp.com/ecm/ecm_download_file/ECMP1366832">https://library.netapp.com/ecm/ecm_download_file/ECMP1366832</A></SPAN></SPAN></SPAN><BR /><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">page 1921</SPAN></P><P>&nbsp;</P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><SPAN style="font-size: 10pt;"><SPAN style="font-size: 10pt;">-filters </SPAN></SPAN><SPAN style="font-size: 10pt;"><SPAN style="font-size: 10pt;">{scan-mandatory|scan-ro-volume|scan-execute-access}, ...] - Filters</SPAN></SPAN></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><SPAN style="font-size: 10pt;">scan-mandatory - Enable mandatory scan. File access will be denied if there are </SPAN></SPAN>no external virus-scanning servers available for virus scanning</P><P><SPAN style="font-family: arial,helvetica,sans-serif;"><SPAN style="font-size: 10pt;"><SPAN style="font-size: 10pt;">scan-ro-volume - Enable scans for read-only volume.</SPAN></SPAN></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><SPAN style="font-size: 10pt;">scan-execute-access - Scan only files opened with execute-access (CIFS only).</SPAN></SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif;">By default, it is scan-mandatory.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 22 Oct 2014 15:01:14 GMT https://community.netapp.com/t5/ONTAP-Discussions/c-mode-antivirus/m-p/94167#M19463 IANHOSKINSCNO 2014-10-22T15:01:14Z https://community.netapp.com/t5/ONTAP-Discussions/c-mode-antivirus/m-p/113407#M24061 <P>&nbsp;</P><P>Vserver:cluster01<BR />Policy: default_CIFS<BR />Policy Status: off<BR />Policy Config Owner: cluster<BR />File-Access Protocol: CIFS<BR />Filters: scan-mandatory<BR />Max File Size Allowed for Scanning: 2GB<BR />File Paths Not to Scan: -<BR />File Extensions Not to Scan: -<BR />File Extensions to Scan: *<BR />Scan Files with No Extension: true</P><P>&nbsp;</P><P><STRONG>change previllage to &nbsp;advacned mode&nbsp;</STRONG></P><P>&nbsp;</P><P>cluster01:: set -privilege advanced</P><P>&nbsp;</P><P><STRONG>then you should be able change the filter value for on access policy&nbsp;</STRONG></P><P>&nbsp;</P><P>cluster01::vserver vscan on-access-policy*&gt; modify -vserver * -policy-name default_CIFS -filters "-"</P><P>&nbsp;</P><P><STRONG>you can verify it after changing&nbsp;</STRONG></P><P>&nbsp;</P><P>cluster01::vserver vscan on-access-policy*&gt; show -in</P><P>Vserver: cluster01<BR />Policy: default_CIFS<BR />Policy Status: off<BR />Policy Config Owner: cluster<BR />File-Access Protocol: CIFS<BR />Filters: -<BR />Max File Size Allowed for Scanning: 2GB<BR />File Paths Not to Scan: -<BR />File Extensions Not to Scan: -<BR />File Extensions to Scan: *<BR />Scan Files with No Extension: true</P><P>&nbsp;</P><P><STRONG>change previllage to &nbsp;admin mode&nbsp;</STRONG></P><P><SPAN>cluster01:: set -privilege admin</SPAN></P><P>&nbsp;</P> Mon, 07 Dec 2015 15:40:15 GMT https://community.netapp.com/t5/ONTAP-Discussions/c-mode-antivirus/m-p/113407#M24061 OhmR 2015-12-07T15:40:15Z