We are currently using Symantec Scan Engine to scan our CIFS environment in Netapp. I have a few questions, I hope someone can shed some light.
1. I run command vscan and see the list of extensions we scan. I can also see in the Scan Engine configuration that there is a list of extensions to scan. Which one is being used? those in vscan extensions or the one in Scan Engine?
2. Does nfs volumes get scanned also? I would rather not.
I made a 1 page cheat sheet on vscan for our customers a while ago (attached). CIFS only (unless that changed) and ONTAP will send scan requests for the extensions listed..shouldn't get to the scan engine at all if not in the ONTAP list.
I was reading documentation of vscan and it mentioned this.
For example, putting C?? into the extension list would cause the filer to scan the files ABC.C, ABC.CPP, ABC.C++, ABC.CPLUS and so on.
For example, putting C? into the extension list would cause the filer to scan the files ABC.C, ABC.CP and so on; but not ABC.CPP
So I am confuse as to whats the real deal. My question is, which is a better practice? Using the inclusion or exclusion? Using exclusion seems more ideal because it means you don’t have to keep track of all extensions that are introduced in your network. You only have to know what you want to exclude.
Re: vscan extensions and Scan Engine, which extension list is being followed?
I agree… exclusion is most often easier. The guide is correct with any match in the ? character position you list will match regardless of what follows but any extension matching that placeholder and prior fixed value.