Yes, this is a known problem which should have been fixed in 7.2.3 but apparently isn´t - the workaround is
 
priv set diag ; setflag smb_vscan_delay_close_resp 1 ; priv set;vscan off ; vscan on
 
Try that - if it works, then put it in the /etc/rc of your filer(s) - works fine for us - I tried it without the workaround after the last few ONTAP-Updates since it should be fixed, but always had to put it back into /etc/rc...
 
Greetz,
 
Rob
 
-----Ursprüngliche Nachricht-----
Von: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com]Im Auftrag von JamieB
Gesendet: Dienstag, 13. Januar 2009 23:57
An: toasters@mathworks.com
Betreff: VSCAN messages

NetApp FAS270 FAS3020 and FAS3140A DOT ver 7.2.3
McAfee Vscan for NetApp Filers v7.1
 
I am seeing a lot of the following messages in /etc/messages
 
ERROR: [vscan.virus.detected:error]: CIFS: Virus Detected - <file path> in share [Share name not available] accessed by client **unknown** (**unknown**) running as user **unknown** is infected. The filer received status message Error 5 ...Continuing and error code [5] from vscan (anti-virus) server **unknown**.
 
The service account of the Vscan application is in the local admin group of the filer.  NetApp has recommended upgrading to DOT 7.3 but I am somewhat hesitant since all of filers are using quotas and usermap.cfgs - have seen a few emails concerning "panic" problems.
 
Has anyone else seen similar results with their Vscan application on the filers?
 
Regards,