How to Configure McAfee VirusScan Enterprise for the Oracle ZFS Storage Appliance
4
How VSCAN Works
When virus scanning is enabled on a populated volume, a scan is not initiated across all
files. Instead, the VSCAN service initiates a request for a virus scan to the virus scanning
engine (in this case, VSE antivirus scanner) each time a "file open" or a "file close"
request is issued. Thus, only files that are created, modified, or opened for read
operations are scanned.
This approach ensures efficiency in that files are only scanned on demand. However, it
does not support a pre-emptive scan of file system contents. A second limitation is that
only shares using access protocols that issue "file open" and "file close" requests, such as
CIFS and NFS v4, are candidates for virus protection using the VSCAN service. A share
that is published using NFS v3 cannot be scanned using VSCAN because NFS v3 does
not issue the "file open" or "file close" requests that trigger the ICAP client.
Note: As an alternative, a share can be scanned by mounting or mapping it to a host
server running an antivirus client and then scanning it locally.
The VSCAN service maintains several file attributes that it uses when processing the
results of a scan. These attributes describe:
The configuration of the virus scan engine that was used for the most recent scan
of the file (referred to as the scanstamp).
Whether the file is quarantined, based on the evaluation of the file returned by the
virus scan engine.
The modified attribute, which the file system sets when the file has been changed
or renamed. After a successful scan of a file, the VSCAN service clears the
modified attribute.
A file is scanned when a "file open" or "file close" request is initiated and one of the
following is true:
The file does not have a scanstamp attribute, indicating it has never been scanned
before.
The scanstamp of the file does not match the virus pattern and scan options
(ISTag string) specified in the current configuration of the virus scan engine.
The modified attribute of the file is not cleared.
The VSCAN service communicates with the virus scan engine using ICAP. The Oracle
ZFS Storage Appliance acts as an ICAP client and the virus scan engine acts as the ICAP
server. When the Oracle ZFS Storage Appliance requests that a file be scanned, the file is
transmitted without encryption to the ICAP server for analysis.
(81 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales