We are working on getting a/v setup correctly, and i'm trying to determine if the issue is on the SVM configuration side or on the Vscan connector side.
I've read the best practices guide and the setup guide for 8.3.. (I happen to be running 8.3.1rc), but i think it's irrellevant at this point.
The simple question is that on our on-access policy we set the filters to ""
This is a snippit frm TR-4286
By default, the scan-mandatory filter is enabled if other filters are not specified. Use double quotes ("" or "-") to disable filters. For information about the parameters that you can use with the vserver vscan on-access-policy create command, see the command’s man page.
Essentially, we want to disable on-access filters. All our shares are created with standard vscan op profile in cifs.
What happens is once we set the filters to "" (basically disabling it), we can create a file, but we can't read any files or write to any files...
I'm thoroughly confused at this point b/c the reality is i don't see an issue on the svm side. what are we missing..
Here's our policy
Vserver: svm-name Policy: vscan_scan Policy Status: on Policy Config Owner: vserver File-Access Protocol: CIFS Filters: - Max File Size Allowed for Scanning: 5MB File Paths Not to Scan: - File Extensions Not to Scan: URL, LNK, MDB, PST, NSF, 7Z, CAB, ISO, JAR, RAR, TAR, TGZ, VHD, ZIP, VMDK File Extensions to Scan: * Scan Files with No Extension: true
A couple of comments on this thread as i've been spending some time on this.
FYI - resetting the vscan cache fixed this as i must have had some corrupted cache. i've enabled and disabled vscan and created new policies without issue
One comment, i've also disabled all on-access policies for the SVM. We are still scanning the files and deleting files that contain viruses (EICAR). So the documentation appears off, it says you "MUST" create an on-access policy. I've seemed to prove that wrong.