Hi netapp-soulmates,

for one of my customers I am trying to find a solution for the following problem:

Company-wide security rules prevents this company for outbound reports to contain directory and file information in paths (presented as follows:

Thu Mar 31 08:36:45 CEST ["FILERNAME": vscan.virus.created:ALERT]: CIFS: Possible Virus Detected - File ONTAP_ADMIN$\vol\volname\qtreename\DATA\filename.ext in share sharename$ modified by client ip-adress (**unknown**) running as user "SID" may be infected. The filer received status message Error, file not found.  and error code [0xb] from vscan (anti-virus) server IP-address.

I have tried to change the syslog settings as follows:

all kernel errors will be written in the messages file and to the console.

all daemon messages with status emergency or higher will be written in the messages file and to the console.

so the settings look as follows:

# Log messages of priority info or higher to the console and to /etc/messages

*.info                          /dev/console

kern.err                      /etc/messages

daemon.emerg           /etc/messages

Unfortunately all vscan messages (inclu. path/file names) are still logged in messages file (so are not qualified as daemon messages) and are still sent outbound. The McAfee enterprise documentation does not mention anything about changing settings for messages or reports and also vscan does not include any settings to change this.

Does anyone have useful suggestions to solve this, without making consessions to the autosupport quality (preferrable not to change contents to minimal).