- Data ONTAP 8.2 7-Mode
- Data ONTAP 8.1 7-Mode
- Data ONTAP 8 7-Mode
- Data ONTAP 7 and earlier
The storage controller is capable of interacting with an anti-virus (AV) server to help customers avoid a virus infecting the data on a NetApp Storage Controller. This interaction with anti-virus servers presents potential challenges when responding to client requests for data access. This article will provide solutions or point to existing KB articles that contain further details. Before going into the various scenarios, this article will cover, at a very high level, how antivirus interacts with the storage controller during read and write operations initiated by clients. The first overview is how a read operation flows, when antivirus is configured and active on the storage controller.
The general flow of a CIFS operation when Vscan is involved when a file is read is as below:
- Client1 has a drive mapped to the storage controller and opens up
- Storage controller checks the inode to determine if
fileA.rtfneeds to be scanned. There is a flag in the inode that indicates if the file needs to be scanned. For this example, assume the file needs to be scanned.
- Storage controller issues RPC request to the AV server requesting a file be scanned.
- AV server then connects to the storage controller over a special hidden share, ONTAP_ADMIN$, to retrieve some or the entire file to check for a virus.
- AV server sends RPC with response:
Ok, not Ok(clean or not clean).
- Storage controller marks the flag in the inode for the file that says it has been scanned.
- Storage controller responds to the clients initial read request appropriately given the response in step 5.
In this scenario, as you can see the clients request is not answered until the file is scanned by the AV server. Depending on the speed of the AV server to accept, retrieve and scan the files, it could have an impact on the response to the clients request to read a file. The clients request is not satisfied until the scan is completed.
The general flow of a CIFS operation when Vscan is involved and a file is written to is as below:
- Client1 has
fileA.rtfopened and issues a write to the file, then closes the handle.
- Storage controller acknowledges and responds to the client for the write operation.
- Storage controller sends RPC call to the AV server indicating a need for a file to be scanned.
- AV server then connects to the storage controller over a special hidden share, ONTAP_ADMIN$, to retrieve enough of the file to check for a virus.
- AV server sends an RPC response to the virus scan operation.
- Storage controller sets a flag in the inode for the file indicating it has been scanned.
The difference here is that the client operation is acknowledged prior to the request sent to the antivirus server. This is a contrast to how a read operation is acknowledged. As you can see in both of the above scenarios, there are several things going on. We have RPC connections on both the AV server and the storage controller and the AV server connects to a special hidden CIFS share to retrieve all or part of the file to scan. Listed below you will find some of the most common issues associated with CIFS and AV scanning.