Hello,
I have been asked to look into virus scanning for our NetApp simply because we recently (2 years ago) implemented CIFs on the filer and our vendor said we really should have AV running on the CIFs shares for sure. We don't have a huge CIFs share presence, we implemented it basically because we wanted to share files between our Linux/Unix hosts and Windows servers. It has spawned somewhat and users are indirectly connecting to these CIFs shares from their Windows desktops (typically through an application they don't know points there, but we do have some users scanning files to a CIFs share to be picked up by Unix). Anyway, due to the increase in Windows end users connecting to these shares, our management is still concerned that we don't have AV on the NetApp filer. We do have it on our local Windows desktops and all the Windows servers. I don't believe our Unix hosts have it, but I have to verify that with that supporting team. We did not implement it 2 years ago because our security manager at the time said it was redundant to be scanning the same files on multiple systems, we didn't need to add another AV scan to it (Windows servers and desktops).
In my research I came across this thread from a couple years ago, and it sounds like the same questions I was wondering about. Would you mind sharing what you ended up doing? I cannot seem to find much out there other than how to set it up... but I'm still struggling with the question if it is even necessary?
I also read this in NetApp's whitepaper, which also makes me wonder if having another scan engine for AV just overkill?
Impervious to virus attacks
Unlike Windows- or UNIX-based systems, Data ONTAP is a microkernel
storage OS that is not based on a Windows or UNIX OS. Data ONTAP cannot
run third-party applications including OS viruses or worms. Since there are
no “hooks” into the OS, Data ONTAP is impervious to harmful software that
could corrupt or destroy data on Windows or UNIX systems.