Skip to main content
NetApp Knowledge Base

How does vscan work?

  1. Last updated
  2. Save as PDF
Views:
37
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
NAS
Last Updated:

Applies to

  • ONTAP 9
  • Vscan / Antivirus

Answer

  • Virus scanning is performed on VSCAN servers, which run the Antivirus Connector and the Antivirus Software.
  • It can be configured to scan files when they are modified or accessed by a client.
  • This is the virus scanning process when it is enabled on a Storage Virtual Machine (SVM):

clipboard_eb55960b11922a0b16154c6b6518879f6.png

Off-box Antivirus Features
  • On-access scanning
    • Triggers in-band notifications to the external virus-scanning servers during various file operations, such as open, close, rename, and write operations.  
    • The client’s file operation is suspended until the file scan status is reported back by the virus-scanning server.
  • On-demand scanning 
    • It enables AV scanning whenever required on files/folders in a specific path through a scheduled job.
    • It leverages the existing AV servers configured for on-access, AV scanning to run the scanning job.
    • The on-demand job updates the “scan status” of the files and reduces an additional scan on the same files when accessed next unless the file share modified.
    • It can be used to scan volume that cannot be configured for on-access scanning, such as NFS exports.

 

Vscan Server components
  • Antivirus Software
    • The antivirus software is installed and configured on the VSCAN server to scan files for viruses or other malicious data.
    • The antivirus software must be compliant with Data ONTAP.
    • The antivirus software specifies the remedial actions to be taken on infected files.
  • Antivirus Connector
    • Antivirus Connector is installed on the VSCAN server to process scan requests and provide communication between the antivirus software and the ONTAP storage virtual machines (SVMs).

 

ONTAP Components for Vscan
  • Scanner Pool
    • Scanner pool used to validate and manage the connection between the VSCAN servers and the SVMs.
    • It defines a list of VSCAN servers and privileged users that can access and connect to that SVM.
    • It can specify a timeout period for scan requests, if the response to a scan request is not received within the timeout period, file access is denied in mandatory scan cases.
  • Scanner Policy:​​​​​​
    • Defines when the scanner pool is active.
    • A VSCAN server is allowed to connect to an SVM only if its IP address and privileged user are part of the active scanner pool list for that SVM. 
    • A scanner policy can have one of the following values:
      • Primary: Makes the scanner pool always active.
      • Secondary: Makes the scanner pool active only when none of the primary VSCAN servers is connected.
      • Idle: Makes the scanner pool always inactive.
  • On-Access Policy 
    • An on-access policy defines the scope for scanning files when they are accessed by a client.
    • Maximum file size can be specified for files to be considered for virus scanning and file extensions and file paths to be excluded from scanning.
    • Option to choose from the available set of filters to define the scope of scanning.
  • On-Demand Task 
    • Introduced in ONTAP 9, this scan runs the AV scanning job on files/folders in a specific path through a scheduled task. 
    • It leverages the existing AV servers configured for on-access AV scanning to run the scanning job.
  • VSCAN File-Operations Profile 
    • This parameter (-vscan-fileop-profile) defines which file operations on the CIFS share can trigger virus scanning.
    • This parameter is required when a CIFS share is created or modified. 

Additional Information

How to identify VSCAN server latency - NetApp Knowledge Base

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.