The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to register at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

CDOT 8.3.1 vscan only passing .exe files to McAfee AV Scanner

mn1970

I have an 8040 Cluster running 8.3.1P1 and using McAfee VirusScan 8.8 with the current release of VSES for NetApp, NetApp VSCAN is configured as per NetApp best practice and the McAfee VSES is configured as 'we' beleve to be correct.

 

When we place eicar test pattern files in the CIFS shares only the files with a .exe extension are detected and deleted by the AV, we have tested with .txt .com and .vbs extension and they are not even scanned.  It looks likes they are not even being passed to AV server by VSCAN despite VSCAN being configured to scan all extensions.

 

Our 7-mode filer / McAfee AV detects all the test virus files,

 

Has anyone else experienced problems with AV scanning on CDOT 8.3.x and only .exe files being scanned.

3 REPLIES 3

manistorage

HI,

 

Can you share the vscan profile output for teh specific vserver?

 

vserver vscan on-access-policy show -vserver xx-xxx-xx -policy-name xxxx_xxxx

 

Regards,

Mani

mn1970

Hi Mani

 

This is the output : 


Vserver: XXXX-template_test
Policy: template_test
Policy Status: on
Policy Config Owner: vserver
File-Access Protocol: CIFS
Filters: scan-execute-access
Max File Size Allowed for Scanning: 2GB
File Paths Not to Scan: -
File Extensions Not to Scan: -
File Extensions to Scan: *
Scan Files with No Extension: true

 

NetApp support have verified our config, the McAfee side only reports .exe files being passed to it.

 

Cheers

Matt

manistorage

Hi,

 

can you change the vscan on-access -policy  to scan-mandatory

 

vscan on-access-policy modify -vserver xxxxx_xxxxx -policy-name template_test -filters scan-mandatory 

 

you can control the vscan operation by modifying vscan-fileop-profile on the CIFS shares.

 

 

cifs share modify -vserver xxxxx_xxxx -share-name tst_share -vscan-fileop-profile no-scan standard strict writes-only

 

 

i use writes-only in my environment.

 

cifs share show -share-name share-name$ -fields vscan-fileop-profile
vserver share-name vscan-fileop-profile
------------- ------------------ --------------------
cluster share-name$ writes-only

 

let me know if this makes any difference.

 

Regards,

Mani

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public