Having CIFS enabled with shares won't scan the NFS data.  As you state, the A/V products from Symantec & McAfee are CIFS only.  Even on a multi-protocol data set, only file access via CIFS will trigger the NetApp to request a scan from the scanner machines.

Let's say you have a qtree that is exported via NFS and shared via CIFS.  If the data is only accessed via NFS, your scanners will never scan the files.  If this qtree is then accessed by a CIFS user, only the files that are accessed will be scanned as requested by the filer.  However, this still leaves all the unaccessed files unscanned.

We've found that the only way to reliably scan NFS-only data is with a *nix-native scanner client (we use RHEL 4 + McAfee).  We just have this client perform scheduled scans and constantly run them.  It's not ideal, but until someone comes up with an on-access style *nix A/V product, it's really the only option we see.

On a side note, has anyone ever heard of *any* on-access style *nix A/V scanners?  We'd be very interested...

Jeff Mery - MCSE, MCP
National Instruments

-------------------------------------------------------------------------
"Allow me to extol the virtues of the Net Fairy, and of all the fantastic
dorks that make the nice packets go from here to there. Amen."
TB - Penny Arcade
-------------------------------------------------------------------------

"Milazzo Giacomo" <G.Milazzo@sinergy.it> Sent by: owner-toasters@mathworks.com 11/01/2007 06:10 AM

To "Richard Distrajo" <chardux@yahoo.com>, "Conner, Neil" <neil@mbari.org>, <toasters@mathworks.com> cc Subject R: Symantec Antivirus Corporate Edition 10.1 and vscan on filer

Hi
 
CIFS and its shares must be enabled on volumes to be scanned (also if they contains NFS data) because the Symantec av for NetApp engine runs on a Windows server (and this last can "see" the data only through SMB protocol). You can eventually disable some share from scanning with the "cifs shares - change <share_name> novscan" options.
Reading about your issues I suspect something in firewall protection that block the RPC ports between filer and scan engine and the "no network provider" is a windows communication error...
 
Suggestion: if you're in time as antivirus engine for NetApp I suggest the McAfee one: it costs very less, it's tiered for filer (roughly 1000 $ for NAS) and not for users and it runs better!!

---

Da: owner-toasters@mathworks.com per conto di Richard Distrajo
Inviato: mar 30/10/2007 5.50
A: Conner, Neil; toasters@mathworks.com
Oggetto: RE: Symantec Antivirus Corporate Edition 10.1 and vscan on filer

Thanks Neil for your time....yes the vscan enabled...I don't seee any problem from the filer side....the problem I'm having is from the antivirus because It seems that it is not accepting the filers hostname/IP...

"Conner, Neil" <neil@mbari.org> wrote:
Have you enabled vscan on the filer?
 
-Neil
 

---

From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Richard Distrajo
Sent: Monday, October 29, 2007 11:51 AM
To: toasters@mathworks.com
Subject: Symantec Antivirus Corporate Edition 10.1 and vscan on filer
 
 
Any help on registering the filer to the Symantec antivirus server. I tried to put the filer's hostname /ip address to the symantec antivirus center console but no success. Is this version of antivirus can register the CIFS only filer (ONTAP 7.2.2)?
I'm getting error "no network provider accepted the given network path" every time I add the filer's IP address to the symantec antivirus console center...both sides can able to ping each other's hostname and user's permission is already been added as operator on the filer's side....
Thanks for your time on this....
 
 
Best regards,
Richard
 
 Send instant messages to your online friends http://uk.messenger.yahoo.com

Send instant messages to your online friends http://uk.messenger.yahoo.com

Send instant messages to your online friends http://uk.messenger.yahoo.com