Network and Storage Protocols

VSCAN help

RDMOORE13
15,863 Views

When you enable vscan, does it scan all data on volumes or just the cifs shares.  I am setting up McAfee virus scan for storage and the documentation is pretty sparse.  I get the file ext configuration and all that but just dont understand the scope of what gets scanned so my questions are as follows:

1.  do all files in all volumes get scanned?

2.  do only files in CIFS shares get scanned?

3.  Is there a good reference document on vscan configuration anyone knows of?

Thanx

14 REPLIES 14

scottgelb
15,789 Views

It scans by CIFS share and you can disable on shares with -novscan and -novscanread options.  I also usually turn off mandatory_scan so that files are served even if no vscan is available.  Also have more than 1 VSCAN server for redundancy and ideally on a separate network or vlan.  The file system admin guide has a good overview...not a whole lot to do other than vscan on, vscan scanners and then vscan options mandatory_scan off.

scottgelb
15,789 Views

1 page cheat sheet that I put together a while ago is attached...gives almost all you need to know on the FAS ONTAP side of things in a quick doc with examples and commands.

RDMOORE13
15,789 Views

Thanx..this is great

scottgelb
15,789 Views

Thank you.

MICHAELGIOIA
15,789 Views

Scott,

Nice to meet you.  You seem pretty knowledgeable with how vscan operates. 

I put something to you.... This, http://media.netapp.com/documents/tr-3107.pdf, and my interest is squarely on Figure 1.

And, Step 2.

So, I have an issue with a filer that when you issue the command 'vscan', and it shows you, at the bottom of the output, 'Number of files scanned', 'Number of scan failures', 'Number of throttled requests', the Number of files scanned does not increment.

Who's jurisdiction is it to appropriately increment this counter. 

The filer, alone ? I think yes, if vscan is enabled.  Or does it need to be 'registered'/'associated' with a relevant AV vendor's scanning server/solution ? And it only increments if this successful registration is made ?

scottgelb
15,789 Views

All handled by the vscan process... I can't see how it would increment without an av server except for possibly a scan failure if AV went down.  Most often we disable mandatory scan like I mentioned above... C-Mode is really interesting now with onboard VSCAN in 8.1... down the road I think we'll see much more of this implementation.

MICHAELGIOIA
15,789 Views

Sorry :S. I'm confused.  I'll try to re-iterate. So regardless of whether the RPC calls are being made to the bolted on AV server, if you enable vscan on the filer, extensions are present in the include list, a file lands on the filer, there's a match, and the 'Number of files scanned' increments or only when the AV server processes the file and returns it to filer ?

You mentioned 'all handled by vscan process' which implies increments occur on the filer with no AV attached. Only prerequisite is if vscan is on.  Thus the vscan process increments it.  But then your latter comment confused me.  Thanks mate.

scottgelb
15,789 Views

Not sure on that point… without a vscan server it can’t scan so don’t see how it can increment if no scanner is present

MICHAELGIOIA
15,789 Views

Grr..... Makes sense.

I'm having issues with a scenario where nothing is incrementing here with a filer registered to an AV server.  In the multitude of logging capabilities out of OnTAP, there would surely be content oriented with showing the RPC calls made between filer and AV server, right ? The AV server side doesn't indicate any failure with registration.... is why I ask.

scottgelb
10,616 Views

Does vscan show it registered on the NetApp side?

Sent from my iPhone 4S

MICHAELGIOIA
10,616 Views

Yep. We've hijacked this thread :S Want to PM me ?

swjackinsky
10,616 Views

Hello,

I dont mean to hijack this thread but Im looking for specific commands on how to register McAfee VSScan with a FAS3020 filer.

Could someone point me to documentation on the commands I need if any to do that.

We have 3 SAV Windows servers running the McAfee Enteprise SAV plugin and I am unsure if I have to run anything on the filer to register the server as a VSCAN server.

Thank You for any help,

Shawn Jackinsky (swjackinsky@anthc.org)

mscarpi
10,616 Views

Hi

You have to add the Storage controller within the McAfee management console. Nothing to do on the NetApp FAS System, only the vscan has to be enabled (vscan on).

You can find the McAfee Documentation here http://download.nai.com/products/naibeta-download/VSE_STO/VSE_STO_100_RC_Product_Guide.pdf .

Regards

Marco

swjackinsky
10,616 Views

Thank You Marco,

I really appreciate the help!

Public