Vscan server reports file is skipped in logs
Applies to
- Anti virus
- All of ONTAP version
Issue
Vscan server reporting file is skipped when in logs when a file is accessed on a volume included in a vscan policy, the request is sent to the AV Connector.
*Packet Trace*
No. Source Destination Time Protocol Stream
262 10.73.xx.xx 10.73.xx.xx 70.359527 VSCAN2 11 Session Setup Request (test_svm)
263 10.73.xx.xx 10.73.xx.xx 70.362714 VSCAN2 11 Session Setup Reply
264 10.73.xx.xx 10.73.xx.xx 70.362750 SMB2 11 Write Response
265 10.73.xx.xx 10.73.xx.xx 70.363930 SMB2 11 Read Request Len:2048 Off:0 File: vscan
266 10.73.xx.xx 10.73.xx.xx 70.363962 SMB2 11 Read Response, Error: STATUS_PENDING
268 10.73.xx.xx 10.73.xx.xx 71.366315 VSCAN2 11 Scan Request: \volB\New folder\a.txt
269 10.73.xx.xx 10.73.xx.xx 71.369419 SMB2 11 Read Request Len:2048 Off:0 File: vscan
270 10.73.xx.xx 10.73.xx.xx 71.369451 SMB2 11 Read Response, Error: STATUS_PENDING
The AV connector sends the request to the Trend Macro software.
*AV Connector Logs*
71.417: [pipe: xxxx.xxx.xxxxx.xxx]Server: Received 110 bytes, ofsPartReq: [0]
71.417:
[Pipe: xxxx.xxx.xxxxx.xxx]
magic_num : [4e74417041760002]
session_id : [efefbbe7642b6820]
len : [110]
reqId : [362917]
type : [4, req_SCAN]
71.417: Sending id 1 (rsrv-id: 0) for \?\UNC\xxx_xxx.xxx.xxx.xxx\ontap_admin$\volB\New folder\a.txt
71.417: Sent!
The Trend Macro software reports that it received the request but then skips the scan and sends a response back to the AV connector.
5632: 4868:0722095301482:SPNT(00000800):* CheckScanTimeOutThread schedule checking ...
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195581], TimeOut[24000]
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195581], TimeOut[24000]
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest(), submit time[1469195560] ==>
5632: 4868:0722095307482:SPNT(00000800):* CheckScanTimeOutThread schedule checking ...
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195587], TimeOut[24000]
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195587], TimeOut[24000]
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest(), submit time[1469195560] ==>
5632: 4868:0722095307482:SPNT(00000800):File [24][\test_svm.na.bayer.cnb\ontap_admin$\volB\New folder\a.txt] been skipped <<<<<***
5632: 4868:0722095307482:SPNT(00000800):SendScanResultBackToFiler, send result back to Shim
5632: 7912:0722095310201:SPNT(00000800):Receive VS_ScanRequest(25, \?\UNC\xxx_xxx.xxx.xxx.xxx\ontap_admin$\volB\New folder\a.txt) from filer [MOQZ34]
5632: 7912:0722095310201:SPNT(00000800):GetFilerByName: pszFilerName=MOQZ34, bAddFiler=0
5632: 7912:0722095310201:SPNT(00000800):GetFilerByName: g_FilerList.GetCount()=1
5632: 7912:0722095310201:SPNT(00000800):VS_ScanRequest, Type is SCANTYPE_rpc_cluster
There is no response received by the AV connector for this skip event.
The filer then sends the request again with the same result.
*Packet Trace*
340 10.73.xx.xx 10.73.104.xx 105.377182 VSCAN2 11 Scan Request: \volB\New folder\a.txt
341 10.73.xx.xx 10.73.104.xx 105.380104 SMB2 11 Read Request Len:2048 Off:0 File: vscan
342 10.73.xx.xx 10.73.104.xx 105.380134 SMB2 11 Read Response, Error: STATUS_PENDING
382 10.73.xx.xx 10.73.104.xx 120.909309 VSCAN2 11 Set Extended Stats
383 10.73.xx.xx 10.73.104.xx 120.909346 SMB2 11 Write Response
476 10.73.xx.xx 10.73.104.xx 135.624036 VSCAN2 11 Scan Request: \volB\New folder\a.txt
477 10.73.xx.xx 10.73.104.xx 135.627476 SMB2 11 Read Request Len:2048 Off:0 File: vscan
478 10.73.xx.xx 10.73.104.xx 135.627518 SMB2 11 Read Response, Error: STATUS_PENDING
After a response is not received again, the vscan session is torn down and the filer disconnects from the vscan server.
*Packet Trace*
503 10.73.xx.xx 10.73.xx.xx 142.483259 VSCAN2 11 Session Teardown Request
504 10.73.xx.xx 10.73.xx.xx 142.485052 VSCAN2 11 Session Teardown Reply
505 10.73.xx.xx 10.73.xx.xx 142.485112 SMB2 11 Write Response, Error: STATUS_END_OF_FILE
506 10.73.xx.xx 10.73.xx.xx 142.485870 SMB2 11 Close Request File: vscan
507 10.73.xx.xx 10.73.xx.xx 142.485901 SMB2 11 Close Response, Error: STATUS_FILE_CLOSED
543 10.73.xx.xx 10.73.xx.xx 162.783746 SMB2 11 Tree Disconnect Request
544 10.73.xx.xx 10.73.xx.xx 162.783775 SMB2 11 Tree Disconnect Response
545 10.73.xx.xx 10.73.xx.xx 162.783783 SMB2 11 Session Logoff Request
546 10.73.xx.xx 10.73.xx.xx 162.783805 SMB2 11 Session Logoff Response