Skip to main content
NetApp Knowledge Base

How to troubleshoot CIFS file access issues when Vscan is involved on Data ONTAP 7G

  1. Last updated
  2. Save as PDF
Views:
1,416
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
NAS
Last Updated:

Applies to

  • Data ONTAP 8.2 7-Mode
  • Data ONTAP 8.1 7-Mode
  • Data ONTAP 8 7-Mode
  • Data ONTAP 7 and earlier

Description

The storage controller is capable of interacting with an anti-virus (AV) server to help customers avoid a virus infecting the data on a NetApp Storage Controller. This interaction with anti-virus servers presents potential challenges when responding to client requests for data access. This article will provide solutions or point to existing KB articles that contain further details. Before going into the various scenarios, this article will cover, at a very high level, how antivirus interacts with the storage controller during read and write operations initiated by clients.  The first overview is how a read operation flows, when antivirus is configured and active on the storage controller. 

The general flow of a CIFS operation when Vscan is involved when a file is read is as below: 

  1. Client1 has a drive mapped to the storage controller and opens up fileA.rtf.
  2. Storage controller checks the inode to determine if fileA.rtf needs to be scanned. There is a flag in the inode that indicates if the file needs to be scanned. For this example, assume the file needs to be scanned.
  3. Storage controller issues RPC request to the AV server requesting a file be scanned.
  4. AV server then connects to the storage controller over a special hidden share, ONTAP_ADMIN$, to retrieve some or the entire file to check for a virus.
  5. AV server sends RPC with response: Ok, not Ok (clean or not clean).
  6. Storage controller marks the flag in the inode for the file that says it has been scanned.
  7. Storage controller responds to the clients initial read request appropriately given the response in step 5.

In this scenario, as you can see the clients request is not answered until the file is scanned by the AV server. Depending on the speed of the AV server to accept, retrieve and scan the files, it could have an impact on the response to the clients request to read a file. The clients request is not satisfied until the scan is completed.

The general flow of a CIFS operation when Vscan is involved and a file is written to is as below:  

  1. Client1 has fileA.rtf opened and issues a write to the file, then closes the handle.
  2. Storage controller acknowledges and responds to the client for the write operation.
  3. Storage controller sends RPC call to the AV server indicating a need for a file to be scanned.
  4. AV server then connects to the storage controller over a special hidden share, ONTAP_ADMIN$, to retrieve enough of the file to check for a virus.
  5. AV server sends an RPC response to the virus scan operation.
  6. Storage controller sets a flag in the inode for the file indicating it has been scanned. 

The difference here is that the client operation is acknowledged prior to the request sent to the antivirus server. This is a contrast to how a read operation is acknowledged. As you can see in both of the above scenarios, there are several things going on. We have RPC connections on both the AV server and the storage controller and the AV server connects to a special hidden CIFS share to retrieve all or part of the file to scan. Listed below you will find some of the most common issues associated with CIFS and AV scanning. 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.