标签:scanning scanner scan Antivirus server architecture Vscan pool
https://library.netapp.com/ecmdocs/ECMP1366831/html/GUID-B3C81454-E0F2-49E8-AA2C-316F5E782607.html
To configure virus scanning successfully, you must be aware of the external virus-scanning components (also known as Vscan server components), the components of the system running clustered Data ONTAP, and how these components relate to each other in the antivirus architecture.
Components of the Vscan server
- Clustered Data ONTAP Antivirus Connector
- The Antivirus Connector is installed on the Vscan server to provide communication between the system running clustered Data ONTAP and the Vscan server.
- Antivirus software
- The antivirus software is installed and configured on the Vscan server to scan the files for any viruses or any other malicious data. The antivirus software must be compliant with clustered Data ONTAP. You must also specify the remedial actions to be taken on the infected files in this software. You can install this software based on the vendor.
Components of the system running clustered Data ONTAP
- Scanner pool
- A scanner pool is used to validate and manage the connection between the Vscan servers and the Storage Virtual Machine (SVM). You can create a scanner pool for an SVM and define the list of Vscan servers and privileged users that can access and connect to that SVM.
You can also specify a scan request and scan response timeout period. If the scan response to a scan request is not received within this timeout period, then the scan request is sent to an alternative Vscan server, if available.
- Scanner policy
- A scanner policy defines when the scanner pool will be active. A Vscan server is allowed to connect to an SVM only if its IP and privileged user are part of the active scanner pool list for that SVM.
Note: The scanner policies are all system defined and you cannot create a customized scanner policy.
A scanner policy can have one of the following values:
- Primary: The scanner pool becomes active at all times.
- Secondary: The scanner pool becomes active when none of the primary Vscan servers are connected.
- Idle: The scanner pool becomes inactive all the time.
- On-access policy
- On-access policy defines the scope of scanning the files when accessed by a client. You can specify the maximum size of the file, which must be considered for virus scanning, and file extensions and paths to be excluded from scanning. You can also choose one or more filters from the available set of filters to define the scope of scanning.
The following are the list of available filters:
- scan-mandatory: Enables mandatory scan. File access will be denied if there are no external virus-scanning servers available for virus scanning.
- scan-ro-volume: Enables scan also for read-only volume.
- scan-execute-access: Scans only files opened with execute-access (CIFS only).
Files opened with execute-access (open with execute intent) are different from the execute permission on the file.
You can also choose not to use any of the filters by setting this parameter to "-". This will cause file accesses to be allowed even if the files are not scanned. Also, only read-write volumes are considered for scanning.
- Vscan file-operations profile
- The Vscan file-operations profile (-vscan-fileop-profile) parameter defines which action on the CIFS share can trigger virus scanning. You must configure this parameter while creating or modifying a CIFS share.
This parameter can have one of the following values:
- no-scan: Virus scans are never triggered for this share.
- standard: Virus scans can be triggered by open, close, and rename operations.
This is the default profile.
- strict: Virus scans can be triggered by open, read, close, and rename operations.
- writes-only: Virus scans can be triggered only when a file that has been modified is closed.
The following diagram shows the antivirus architecture and its relation with the Vscan server components:
Parent topic: File protection using virus scanning
标签:scanning,scanner,scan,Antivirus,server,architecture,Vscan,pool 来源: https://www.cnblogs.com/dhcn/p/15766091.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。