I just talked with Dave Zuckerman at Symantec (the guy whose number is on the press release).
Here's a little of what I found out:
- The product, CarrierScan, sits on a box, like an NT box. - RPC is set up between the NT box and the Filer (ontap 6.1) - Any time a new file is introduced, modified, etc, the file is piped to CarrierScan. CarrierScan scans the file (with Norton). - If the file is clean, a clean bit is set on the file so it won't be scanned anymore unless it's modified. - If the file is infected, the file is removed. - The end user simply sees "access denied" to the file.
I have a couple outstanding questions with them, like what CarrierScan's abilities and action "flow" is when it finds an infected file (send e-mail, send an snmp trap, etc), but all in all I'm kind of jazzed on it.
It's obviously not a cheap product, but it seems logical to have one central point to manage and protect against virii. Integration of that into an already central file storage system is icing.
Don't want to sound like an ad for Symantec, but this product seems damn cool so far, and it runs on both the filer and netcache. The two of them working together would make an enterprise pretty bulletproof.
jamie