I have taken over sys.admin in my department, which includes taking over Netapps and I have found a virus in the ~snapshot directory found on the netapp box.
On a windows machine, i connect to the netapps via windows explorer using the IP address \ <share name>
In the share, there is a folder ~snapshot, and a file myLun.lun
Traversing the ~snapshot directory, I go into a subfolder sep1011 and I find 2 files, myLun.lun and virus.avi
The owner of this file is a machine from another domain (<domain>\<computer name>$)
I attempted to remove virus.avi, but I get access denied. I tried to change the owner to myself, but I still get access denied.
I created a user locally on the netapps box and added the user to the Administrator group. I then connected to the share, 10.10.10.10\MyShare using these credentials via windows explorer, but I still can not change the ownership of the file, virus.avi.
Looking at the permissions, EVERYONE has FULL access to this file.
Is there a way to get to the directory through the console?
You cannot delete any Files in the snapshots, because snapshots are readonly. You can delete the File in the active Filesystem. In the snapshot you have to wait till the the retention is over (the System delete the snapshot)
or you can manually delete the snapshots, where the virus.avi is in...
Contents of snapshots are always read-only. If you don't want those files in there, the only option you have is to delete the snapshot that they're in. You will also be removing access to any other files in the snapshot, unless you copy them somewhere else first.
Folders beneath the ~snapshot folder are the different snapshots on the volume containing the CIFS share. Perhaps you have a snapshot named "sep1011". The ~snapshot folder does not contain anything other than snapshots.
that's the only file that exists in the parent directory right now. Even if you try to add a file to the directory it says that it's full, so how those two shortcuts got placed in the directory is a mystery.