When you enable vscan, does it scan all data on volumes or just the cifs shares. I am setting up McAfee virus scan for storage and the documentation is pretty sparse. I get the file ext configuration and all that but just dont understand the scope of what gets scanned so my questions are as follows:
1. do all files in all volumes get scanned?
2. do only files in CIFS shares get scanned?
3. Is there a good reference document on vscan configuration anyone knows of?
It scans by CIFS share and you can disable on shares with -novscan and -novscanread options. I also usually turn off mandatory_scan so that files are served even if no vscan is available. Also have more than 1 VSCAN server for redundancy and ideally on a separate network or vlan. The file system admin guide has a good overview...not a whole lot to do other than vscan on, vscan scanners and then vscan options mandatory_scan off.
Nice to meet you. You seem pretty knowledgeable with how vscan operates.
I put something to you.... This, http://media.netapp.com/documents/tr-3107.pdf, and my interest is squarely on Figure 1.
And, Step 2.
So, I have an issue with a filer that when you issue the command 'vscan', and it shows you, at the bottom of the output, 'Number of files scanned', 'Number of scan failures', 'Number of throttled requests', the Number of files scanned does not increment.
Who's jurisdiction is it to appropriately increment this counter.
The filer, alone ? I think yes, if vscan is enabled. Or does it need to be 'registered'/'associated' with a relevant AV vendor's scanning server/solution ? And it only increments if this successful registration is made ?
All handled by the vscan process... I can't see how it would increment without an av server except for possibly a scan failure if AV went down. Most often we disable mandatory scan like I mentioned above... C-Mode is really interesting now with onboard VSCAN in 8.1... down the road I think we'll see much more of this implementation.
Sorry :S. I'm confused. I'll try to re-iterate. So regardless of whether the RPC calls are being made to the bolted on AV server, if you enable vscan on the filer, extensions are present in the include list, a file lands on the filer, there's a match, and the 'Number of files scanned' increments or only when the AV server processes the file and returns it to filer ?
You mentioned 'all handled by vscan process' which implies increments occur on the filer with no AV attached. Only prerequisite is if vscan is on. Thus the vscan process increments it. But then your latter comment confused me. Thanks mate.
Grr..... Makes sense.
I'm having issues with a scenario where nothing is incrementing here with a filer registered to an AV server. In the multitude of logging capabilities out of OnTAP, there would surely be content oriented with showing the RPC calls made between filer and AV server, right ? The AV server side doesn't indicate any failure with registration.... is why I ask.
I dont mean to hijack this thread but Im looking for specific commands on how to register McAfee VSScan with a FAS3020 filer.
Could someone point me to documentation on the commands I need if any to do that.
We have 3 SAV Windows servers running the McAfee Enteprise SAV plugin and I am unsure if I have to run anything on the filer to register the server as a VSCAN server.
Thank You for any help,
Shawn Jackinsky (email@example.com)
You have to add the Storage controller within the McAfee management console. Nothing to do on the NetApp FAS System, only the vscan has to be enabled (vscan on).
You can find the McAfee Documentation here http://download.nai.com/products/naibeta-download/VSE_STO/VSE_STO_100_RC_Product_Guide.pdf .