ONTAP Discussions

Struggling with A/V filter settings in cDOT


We are working on getting a/v setup correctly, and i'm trying to determine if the issue is on the SVM configuration side or on the Vscan connector side.


I've read the best practices guide and the setup guide for 8.3.. (I happen to be running 8.3.1rc), but i think it's irrellevant at this point.


The simple question is that on our on-access policy we set the filters to ""


This is a snippit frm TR-4286

By default, the scan-mandatory filter is enabled if other filters are not specified. Use double quotes ("" or "-") to disable filters. For information about the parameters that you can use with the vserver vscan on-access-policy create command, see the command’s man page.


Essentially, we want to disable on-access filters.  All our shares are created with standard vscan op profile in cifs. 


What happens is once we set the filters to "" (basically disabling it), we can create a file, but we can't read any files or write to any files... 


I'm thoroughly confused at this point b/c the reality is i don't see an issue on the svm side.  what are we missing..


Here's our policy


Vserver: svm-name
Policy: vscan_scan
Policy Status: on
Policy Config Owner: vserver
File-Access Protocol: CIFS
Filters: -
Max File Size Allowed for Scanning: 5MB
File Paths Not to Scan: -
File Extensions Not to Scan: URL, LNK, MDB, PST, NSF, 7Z, CAB, ISO, JAR,
File Extensions to Scan: *
Scan Files with No Extension: true






A couple of comments on this thread as i've been spending some time on this.


FYI - resetting the vscan cache fixed this as i must have had some corrupted cache.  i've enabled and disabled vscan and created new policies without issue


One comment, i've also disabled all on-access policies for the SVM.  We are still scanning the files and deleting files that contain viruses (EICAR).  So the documentation appears off, it says you "MUST" create an on-access policy.  I've seemed to prove that wrong.


Anyone else seeing this




Thank you for posting this update.


Small tidbits like reset of the cache are knowledge that matters.


At your service,


Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp



No worries, i'm battling some other things with a/v


So, we have the SVM in round-robin DNS. Let's say svm.domain.com (round robin with two lifs)


The vscan server is setup to talk to those lifs...


We also have lifs with no failover group assigned for our backup to do node scoped backup, but they aren't in DNS.


Now, from the packet trace tcp packets are going over our backup lif.. I can't figure out how this is possible if the LIFS assigned in a/v are the other lifs and not those..


So, i'm perplexed at the traffic flow...