Professional Documents
Culture Documents
Legal Notice
Copyright 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (Third Party Programs). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1
Technical Support
Symantec Technical Support maintains support centers globally. Technical Supports primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantecs support offerings include the following:
A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services
For information about Symantecs support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.
Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description:
Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes
Customer service
Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues:
Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals
Contents
Technical Support ............................................................................................... 4 Chapter 1 Introducing Symantec AntiVirus for Network Attached Storage ........................................................... 13
About Symantec AntiVirus for Network Attached Storage ................... About software components ..................................................... About Symantec Scan Engine ................................................... About the connector ............................................................... Supported storage devices ............................................................. How to use the Symantec AntiVirus for Network Attached Storage documentation ...................................................................... About the Symantec Scan Engine Implementation Guide ............... About the Symantec AntiVirus for Network Attached Storage Integration Guide ............................................................. Why you need virus protection in a network attached storage environment ......................................................................... How the scan engine protects against viruses .............................. About Symantec Security Response ........................................... About preparing for installation ..................................................... Windows system requirements ................................................. Solaris system requirements .................................................... Linux system requirements ...................................................... Post-installation tasks .................................................................. 13 14 14 15 15 16 17 17 18 19 20 20 20 21 22 24
Chapter 2
Contents
About configuring Symantec Scan Engine ......................................... Editing the service startup properties ........................................ Configuring RPC protocol options ............................................. Notifying the NetApp Filer when virus definitions are updated .......................................................................... Notifying a requesting user that a virus was found ....................... About quarantining unrepairable infected files ............................ Specifying which embedded files to scan .................................... Scheduling LiveUpdate to update virus definitions automatically .................................................................. Configuring Rapid Release updates to occur automatically ............. About configuring the client NetApp Filer ........................................ About verifying that the scan engine is registered with the filer ............................................................................... About activating virus scanning ................................................ About specifying the file extensions to be scanned on the NetApp Filer .............................................................................. About working with unresponsive scan engines ........................... How virus scanning affects backups on NetApp Filer .................... About clearing the scanned files cache ....................................... About notifying a requesting user that a virus was found ..............
31 31 32 35 36 38 39 42 43 44 45 45 45 46 46 47 47
Chapter 3
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance ............................ 49
About software components ........................................................... How Symantec Scan Engine works with the Sun StorageTek 5000 NAS Appliance ...................................................................... How are files scanned ............................................................. How caching works ................................................................ About specifying which file types are scanned ............................. About specifying the scan policy ............................................... About handling infected files on the NAS device .......................... About preparing for installation ..................................................... About configuring Symantec Scan Engine ......................................... Configuring ICAP-specific options ............................................. Specifying which file types to scan on the scan engine .................. Specifying container handling limits ......................................... Scheduling LiveUpdate to update virus definitions automatically .................................................................. Configuring Rapid Release updates to occur automatically ............. About configuring the Sun StorageTek 5000 NAS Appliance ................ Registering Symantec Scan Engine ............................................ 49 50 50 51 51 52 52 53 53 53 56 59 60 61 62 63
Contents
About configuring virus scanning on the Sun StorageTek 5000 NAS Appliance ................................................................ 63 Recommendations while integrating multiple scan engines ................. 65
Chapter 4
Chapter 5
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc ...................... 85
About software components ........................................................... How Symantec Scan Engine works with BlueArc Storage System and Hitachi High-performance NAS Platform ................................... What happens when a file is scanned ......................................... About connecting to Symantec Scan Engine ................................ About limiting scanning by file type .......................................... About handling infected files ................................................... About user identification and notification when a virus is found ............................................................................. About preparing for installation ..................................................... 86 86 87 87 87 88 88 89
10
Contents
About configuring Symantec Scan Engine ......................................... 90 Editing the service startup properties ........................................ 90 About configuring RPC protocol options ..................................... 91 Notifying a requesting user that a virus was found ....................... 94 About quarantining unrepairable infected files ............................ 95 Specifying which embedded files to scan .................................... 97 Scheduling LiveUpdate to update virus definitions automatically .................................................................. 99 Configuring Rapid Release updates to occur automatically ........... 100 About configuring BlueArc Storage System or Hitachi High-performance NAS Platform ............................................ 102 About verifying that the scan engine is registered with the NAS Server .......................................................................... 102 About activating virus scanning .............................................. 103 About specifying the file extensions to be scanned on the NAS Server .......................................................................... 103 About executing a full file system scan ..................................... 103 About working with unavailable scan engines ............................ 103 About working with unresponsive scan engines ......................... 104
Chapter 6
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform ............................................ 105
About software components ......................................................... How Symantec Scan Engine works with the Hitachi Essential NAS Platform ............................................................................. What happens when a file is scanned ....................................... About handling infected files .................................................. About configuring Symantec Scan Engine ....................................... Configuring ICAP-specific options ........................................... Specifying which file types to scan on the scan engine ................ About specifying container handling limits ............................... Scheduling LiveUpdate to update virus definitions automatically ................................................................ 105 106 106 106 107 107 110 113 113
Chapter 7
Contents
11
About preparing for installation .................................................... About configuring Symantec Scan Engine ....................................... Configuring ICAP-specific options ........................................... Specifying which file types to scan on the scan engine ................ About specifying container handling limits ............................... Scheduling LiveUpdate to update virus definitions automatically ................................................................ About configuring the ONStor VirusScan Applet .............................. Virus-Scan Server Recommendations for the VirusScan Applet .......................................................................... Installing the VirusScan Applet for the Symantec AntiVirus Scan Engine .......................................................................... Configuring the VirusScan Applet for the Symantec AntiVirus Scan Engine ..................................................................
118 118 118 121 123 124 125 126 126 127
Chapter 8
Configuring Symantec AntiVirus for EMC Celerra Network Server ........................................... 131
About software components ......................................................... How Symantec Scan Engine works with EMC Celerra Network Server ................................................................................ How are files scanned ............................................................ About scanning on read ......................................................... About specifying which file types are scanned ........................... About specifying the scan policy ............................................. About preparing for installation .................................................... About configuring Symantec Scan Engine ....................................... Configuring ICAP-specific options ........................................... Specifying which file types to scan on the scan engine ................ Specifying container handling limits ........................................ Scheduling LiveUpdate to update virus definitions automatically ................................................................ Configuring Rapid Release updates to occur automatically ........... About configuring EMC Celerra Network Server ............................... About installing the Celerra Anti Virus Agent ............................ About registering Symantec Scan Engine .................................. About configuring virus scanning on EMC Celerra Network Server .......................................................................... About starting the Virus-checking client ................................... About executing a full file system scan ..................................... Known issue with EMC Celerra Network Server ................................ Recommendations while integrating multiple scan engines ................ 131 132 133 133 134 135 135 136 136 139 142 143 144 145 145 146 146 149 149 149 149
12
Contents
Chapter
About Symantec AntiVirus for Network Attached Storage Supported storage devices How to use the Symantec AntiVirus for Network Attached Storage documentation Why you need virus protection in a network attached storage environment About preparing for installation Post-installation tasks
14
Introducing Symantec AntiVirus for Network Attached Storage About Symantec AntiVirus for Network Attached Storage
Symantec Scan Engine, which provides the virus scanning and repair services See About Symantec Scan Engine on page 14. Connector, which lets the NAS device communicate with Symantec Scan Engine See About the connector on page 15.
Figure 1-1 shows a typical integration of a network attached storage device with Symantec Scan Engine. Figure 1-1 Integration of a network attached storage device with the Symantec Scan Engine
1 2 3 4
The client tries to access a file on the network attached storage device. The network attached storage device, by means of a connector, sends the file to the Symantec Scan Engine for scanning. Symantec Scan Engine scans the file, repairs it if it is infected, and returns the clean file to the network attached storage device. The network attached storage device writes the cleaned file to disk, caches the fact that the file has been cleaned, and sends the file to the client.
Introducing Symantec AntiVirus for Network Attached Storage Supported storage devices
15
scanning capabilities to any application on an IP network, regardless of platform. Any application can pass files to Symantec Scan Engine for scanning. Symantec Scan Engine accepts scan requests from client applications that use the following protocols:
The Internet Content Adaptation Protocol (ICAP), version 1.0, as presented in RFC 3507 (April 2003) A proprietary implementation of remote procedure call (RPC) Symantec Scan Engine native protocol
Symantec Scan Engine is included in the Symantec AntiVirus for Network Attached Storage distribution package. For more information about the scan engine, see the Symantec Scan Engine Implementation Guide on the product CD.
Network Appliance (NetApp) Filer Sun StorageTek 5000 NAS Appliance Sun Storage 7000 Series BlueArc Storage System Hitachi High-performance NAS Platform Hitachi Essential NAS Platform ONStor EverON EMC Celerra Network Server
16
Introducing Symantec AntiVirus for Network Attached Storage How to use the Symantec AntiVirus for Network Attached Storage documentation
Table 1-1gives the list of storage devices, its supported versions, and the protocol that Symantec Scan Engine uses to interface with these storage devices. Table 1-1 Storage device
Network Appliance (NetApp) Filer
Supported version
Data ONTAP version 6.1.3R2 or later Sun NAS Firmware 4.21 M1 or later Sun Storage 7xxx version 2008.10 4.0 or later 4.0 or later
Sun StorageTek 5000 NAS ICAP Appliance Sun Storage 7000 Series ICAP
BlueArc Storage System Hitachi High-performance NAS Platform Hitachi Essential NAS Platform ONStor EverON EMC Celerra Network Server
RPC RPC
ICAP
6.2 or later
ICAP ICAP
Note: If the scan engine uses RPC protocol to interface with your network attached storage device, Symantec Scan Engine must be installed on Windows 2000 Server/Windows 2003 Server/Windows 2008 Server platforms only.
How to use the Symantec AntiVirus for Network Attached Storage documentation
To configure Symantec AntiVirus for Network Attached Storage to work with one of the supported NAS devices, you need the documentation that is included in the Symantec AntiVirus for Network Attached Storage distribution package. You need the documentation that is provided by the manufacturer of the NAS device as well. The Symantec AntiVirus for Network Attached Storage distribution package includes the following documents:
Introducing Symantec AntiVirus for Network Attached Storage How to use the Symantec AntiVirus for Network Attached Storage documentation
17
The manufacturer of the NAS device develops the connector to integrate Symantec Scan Engine. The manufacturer of the NAS device also prepares and distributes supporting documentation for the connector. Obtain the connector and any supporting documentation from the manufacturer if you do not receive it with the NAS device.
About the Symantec AntiVirus for Network Attached Storage Integration Guide
The Symantec AntiVirus for Network Attached Storage Integration Guide includes a chapter for each supported NAS device. Use the guidance and recommendations that are in the appropriate chapter of this guide with the manufacturer-prepared documentation to implement virus scanning. Each chapter in the Symantec AntiVirus for Network Attached Storage Integration Guide includes the following information:
General information on how antivirus scanning works with the NAS device Virus scanning functionality can differ depending on the capabilities of the NAS device and the complexity of the connector. Some of the virus scanning functions include handling of infected files, timing of file scanning, and logging of infections found. This section provides an overview of how Symantec Scan Engine and the NAS device interact during virus scanning.
18
Introducing Symantec AntiVirus for Network Attached Storage Why you need virus protection in a network attached storage environment
Information for configuring the scan engine This section discusses the configuration to work with the NAS device options on the scan engine that must be configured to work with the NAS device. It may highlight other options that are important in setting up comprehensive virus protection as well. This information does not replace the Symantec Scan Engine Implementation Guide. Consult the implementation guide for installation information and for additional information on configuring Symantec Scan Engine to meet your needs. Information on configuring the NAS device This section discusses any configuration to work with the scan engine options on the NAS device that must be configured to work with Symantec Scan Engine. It may make recommendations for configuring the NAS device to ensure comprehensive virus protection. This information does not replace the documentation that is provided by the manufacturer of the NAS device. Consult the product documentation for additional information on configuring the NAS device for virus scanning. Known issues This section describes the issues that can affect operation between Symantec Scan Engine and the NAS device.
Introducing Symantec AntiVirus for Network Attached Storage Why you need virus protection in a network attached storage environment
19
Dedicated antivirus protection for a NAS system should be part of a comprehensive security policy for the following reasons:
Storage servers are susceptible to attacks from viruses, worms, Trojan horses, and other malicious code because large number of users access them and they contain large amounts of data. Malicious code can result in lost, stolen, or corrupted files, which can result in costly downtime to the enterprise. The NAS system can become a vector for the malicious code when a threat is stored on the NAS system. It can compromise the computers and the data of the users who access the NAS system. Malicious code can be replicated multiple times in multiple locations through NAS backup, mirroring of data, and archiving. The malicious code can be re-introduced to the NAS system when NAS data that contains malicious code is restored from one of these locations. This re-introduction can potentially reinfect the network. Malicious code could replicate on the NAS system in multiple locations and infect other parts of the network. The effort to remove a threat becomes a time-consuming task that involves significant downtime as well as time and money for data recovery. The NAS system can be used as an access point to the rest of the network or as a launch point for an attack. For example, a denial-of-service attack can be launched in a NAS system. Industry regulations and laws now require that organizations that maintain financial, medical, personal, and email data should protect the data from being stolen, altered, or destroyed. Organizations are legally responsible for providing comprehensive protection for stored data.
20
Introducing Symantec AntiVirus for Network Attached Storage About preparing for installation
a file and its contents, the maximum file size for container files, and the maximum number of nested levels to be decomposed for scanning. Symantec Scan Engine also detects mobile code such as Java, ActiveX, and standalone script-based threats. Symantec Scan Engine uses Symantec antivirus technologies, including Bloodhound, for heuristic detection of new or unknown viruses; NAVEX, which provides protection from new classes of viruses automatically through LiveUpdate; and Striker, for the detection of polymorphic viruses. The scan engine can also be configured to send alerts when specific thresholds are met or exceeded. For example, if the same type of virus has been detected ten times in a 20-minute interval, the scan engine can be configured to send an alert to any of the scan engine logging or alerting destinations.
Introducing Symantec AntiVirus for Network Attached Storage About preparing for installation
21
Operating system
Windows 2000 Server with the latest service pack Windows Server 2003 (32-bit) Windows Server 2003 R2 (32-bit) Windows Server 2003 R2 (64-bit) Windows Server 2008 (32-bit) Windows Server 2008 (64-bit) Windows Server 2008 R2 (64-bit)
Pentium 4 processor 1 GHz or higher 1 GB of RAM or higher 500 MB of hard disk space 1 network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions
Software
J2SE Runtime Environment (JRE) 5.0 (update 13 or later) or JRE 6.0 The most current version of JRE 5.0 and JRE 6.0 at the time of product ship is provided on the product CD in the following folder: Tools\Java\Win2K One of the following Web browsers to access the Symantec Scan Engine console Microsoft Internet Explorer 6 (SP1) or later Use Microsoft Internet Explorer to access the Symantec Scan Engine console from a Windows client computer. Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symantec Scan Engine console from a Solaris or Linux client computer. The Web browser is only required for Web-based administration. You must install the Web browser on a computer from which you want to access the Symantec Scan Engine console. The computer must have access to the server on which Symantec Scan Engine runs.
22
Introducing Symantec AntiVirus for Network Attached Storage About preparing for installation
Operating system
Solaris 9 and 10 Ensure that your operating system has the latest patches that are available.
SPARC 1 GB of RAM or higher 500 MB of hard disk space 1 network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions
Software
J2SE Runtime Environment (JRE) 5.0 (update 13 or later) or JRE 6.0 The most current version of JRE 5.0 and JRE 6.0 at the time of product ship is provided on the product CD in the following folder: Tools\Java\Solaris If you install the self-extracting JRE, ensure that you note the installation location. You must provide the location of the JRE if the installer is unable to detect it. One of the following Web browsers to access the Symantec Scan Engine console Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symantec Scan Engine console from a Solaris or Linux client computer. Microsoft Internet Explorer 6 (SP1) or later Use Microsoft Internet Explorer to access the Symantec Scan Engine console from a Windows client computer. The Web browser is only required for Web-based administration. You must install the Web browser on a computer from which you want to access the Symantec Scan Engine console. The computer must have access to the server on which Symantec Scan Engine runs.
Introducing Symantec AntiVirus for Network Attached Storage About preparing for installation
23
Operating system
Red Hat Linux Enterprise Server 3 and 4 Red Hat Linux Advanced Server 3 and 4 Red Hat Enterprise Linux 5 SuSE Linux Enterprise Server 9 and 10 Red Hat Enterprise Linux 5 (64-bit)
Pentium 4 processor 1 GHZ or higher 1 GB of RAM or higher 500 MB of hard disk space 1 network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions
24
Software
Ensure that the following packages are installed: GNU sharutils-4.6.1-2 or later Use this package to expand the Rapid Release packages.
ncompress-4.2.4-44 or later Use this package to expand the Rapid Release packages. initscripts This package is required for Red Hat Linux only. aaa_base package This package is required for SuSE only. J2SE Runtime Environment (JRE) 5.0 (update 13 or later) or JRE 6.0 The most current version of JRE 5.0 and JRE 6.0 at the time of product ship is provided on the product CD in the following folder: Tools\Java\Red Hat Install the JRE using Red Hat Package Manager (RPM). Ensure that you note the installation location. You must provide the location of the JRE if the installer is unable to detect it. One of the following Web browsers to access the Symantec Scan Engine console Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symantec Scan Engine console from a Solaris or Linux client computer. Microsoft Internet Explorer 6 (SP1) or later Use Microsoft Internet Explorer to access the Symantec Scan Engine console from a Windows client computer. The Web browser is only required for Web-based administration. You must install the Web browser on a computer from which you want to access the Symantec Scan Engine console. The computer must have access to the server on which Symantec Scan Engine runs.
Post-installation tasks
The Symantec AntiVirus for Network Attached Storage connectors do not require licensing from Symantec. However, you must install the appropriate licenses for Symantec Scan Engine. These licenses are required to activate antivirus scanning functionality for the scan engine and to receive updated virus definitions.
25
For more information about licensing, see the Symantec Scan Engine Implementation Guide. After you install and configure the scan engine, you must configure the connector for your network attached storage device to send files to the scan engine. For more information about integrating a specific connector with the scan engine, see the appropriate chapter in this guide.
26
Chapter
About software components How Symantec Scan Engine works with the NetApp Filer client About preparing for installation About configuring Symantec Scan Engine About configuring the client NetApp Filer
Symantec Scan Engine, which provides the virus scanning and repair services For more information, see the Symantec Scan Engine Implementation Guide. The NetApp Filer Some options are configured directly on the NetApp Filer. No additional code is necessary to connect Symantec Scan Engine to the NetApp Filer.See About configuring the client NetApp Filer on page 44.
28
Configuring Symantec AntiVirus for NetApp Filer How Symantec Scan Engine works with the NetApp Filer client
How Symantec Scan Engine works with the NetApp Filer client
Symantec AntiVirus for Network Attached Storage provides virus scanning and repair capabilities for the NetApp Filer storage appliances that support Data ONTAP version 6.1.3 or later. Each Filer must be running Data ONTAP 6.1.3 or later if you plan to use a single Symantec Scan Engine to support multiple Filer storage appliances. Symantec Scan Engine must be installed on a computer that is running Windows 2000 Server/Windows 2003 Server/Windows 2008 Server. It must be located in the same domain as the NetApp Filer for which it provides scanning and repair services. Symantec Scan Engine uses the proprietary Network Appliance adaptation of the RPC protocol to interface with NetApp Filer storage appliances. A single Symantec Scan Engine can support multiple NetApp Filers. You can use multiple scan engines to support one or more filers for sites with larger scan volumes. Load balancing is handled through the NetApp Filer interface. Virus scanning on the NetApp Filer is available only for those files that are requested through the Common Internet File System (CIFS). Files that are requested through the Network File System (NFS) are not scanned for viruses.
Configuring Symantec AntiVirus for NetApp Filer How Symantec Scan Engine works with the NetApp Filer client
29
run on the filer, or when the scan engine is restarted. If the cache is full and a file that is not in the cache is accessed, the oldest information in the cache is purged. This ensures that the scanning results for the newly scanned file can be stored.
30
Configuring Symantec AntiVirus for NetApp Filer How Symantec Scan Engine works with the NetApp Filer client
Scan Only
Deny access to the infected file, but do nothing to the infected file. Try to repair the infected file, and deny access to any unrepairable file. Try to repair the infected file, and delete any unrepairable file.
You can also configure the scan engine to quarantine unrepairable files. See About quarantining unrepairable infected files on page 38.
Date and time of the event File name of the infected file Virus name and ID Virus definition date and revision number Manner in which the infected file was handled (for example, the file was repaired or deleted) Scan policy
Configuring Symantec AntiVirus for NetApp Filer About preparing for installation
31
To use the user notification feature, the Windows Messenger service must be running on the computer that is running Symantec Scan Engine, and on the users computer. See Notifying a requesting user that a virus was found on page 36.
32
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
The user account must have local administrator permissions on the computer that has the scan engine. The user account must have Backup Operator privileges or above on the NetApp Filer.
You must change the service startup properties if the list of NetApp Filers is edited as well. To edit the service startup properties
1 2 3 4 5
In the Windows 2000/2003/2008 Control Panel, click Administrative Tools. Click Services. In the list of services, right-click Symantec Scan Engine, and then click Properties. In the Properties dialog box, on the Log On tab, click This Account. Type the account name and password for the user account that has local administrator rights on the computer that has the scan engine. This account should also have domain backup operator privileges or above. Use the following format for the account name: domain\username
6 7
Click OK. Stop and start the Symantec Scan Engine service. For more information on stopping and starting the Symantec Scan Engine service, see the Symantec Scan Engine Implementation Guide.
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
33
Note: You must select Scan and repair or delete if you plan
to quarantine the infected files that cannot be repaired. For more information, see the Symantec Scan Engine Implementation Guide. Automatically send antivirus You can configure Symantec Scan Engine to automatically update notifications notify the NetApp Filer when new virus definitions are used. This notification causes the NetApp filer to clear its cache of scanned files.
34
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
Provide an IP address for each NetApp Filer for which Symantec Scan Engine should provide scanning services. You can add or delete filers from this list at any time. Configure the additional RPC-specific options.
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the right pane, under Select Communication Protocol, click RPC. The configuration settings are displayed for the selected protocol.
In the Manual Restart Required dialog box, click OK. Whenever you switch protocols, you must restart the server. You can continue to make and apply changes in the administrative interface. However, the changes do not take effect until you restart the Symantec Scan Engine service.
To add a NetApp Filer to the list of RPC clients, type the IP address of the NetApp Filer for which Symantec Scan Engine should provide scanning services. Type one entry per line. To delete a NetApp Filer from the list of RPC clients, select and delete the IP address of the NetApp Filer. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. You must perform a manual restart for the changes to take place and for a proper connection to the NetApp Filer.
6 7
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
35
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. Under RPC Configuration, in the Check RPC connection every box, type how frequently Symantec Scan Engine checks the RPC connection with the NetApp Filer to ensure that the connection is active. The default interval is 20 seconds.
In the Maximum number of reconnect attempts box, type the maximum number of tries that the Symantec Scan Engine should undertake to reestablish a lost connection with the NetApp Filer. The default setting is 0. Symantec Scan Engine tries indefinitely to reestablish a connection. Use the default setting if the scan engine provides scanning for multiple NetApp Filers.
In the Antivirus scan policy list, select how you want Symantec Scan Engine to handle infected files. The default setting is Scan and repair or delete.
36
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
NetApp Filer to clear its cache of scanned files. Any new requests for files causes the file to be sent to the scan engine again for scanning. The scanned clean files are cached, and these cached files are sent to the requesting user. You can manually clear the cache of scanned files at the command line interface of the NetApp Filer as well. See About clearing the scanned files cache on page 47. The process of automatically notifying the NetApp Filer about virus definitions updates could affect system performance, depending on how frequently you schedule LiveUpdate. You can send the notification manually to minimize the impact on scanning resources. To automatically notify the NetApp Filer when virus definitions are updated
1 2 3
On the administrative interface, in the left pane, click Configuration. Under Views, click Protocol. Under RPC Configuration, check Automatically send AntiVirus update notifications. This option is disabled by default.
To manually notify the NetApp Filer when virus definitions are updated
1 2 3
On the administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the left pane, under Tasks, click Send AntiVirus Update Notification.
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
37
displayed only if the user uses a Windows computer. In addition, the requesting users computer must be in the same domain as the scan engine. Both the users computer and the scan engine must have the Windows Messenger service running to use this feature. The notification message includes the following information:
The date and time of the event The event security level (for example, Warning) The scan policy (for example, scan and repair or delete) The file name of the infected file The virus name and ID The manner in which the infected file was handled (for example, the file was repaired or deleted) The disposition of the file (for example, infected) The IP address and name of the requesting users computer The date and revision number of the virus definitions used The duration (in seconds) of scan and connection time
You can enable the NetApp Filer to display warning messages to the requestinguser as well. See About notifying a requesting user that a virus was found on page 47. To notify a requesting user that a virus was found
1 2
On the Symantec Scan Engine administrative interface, in the left pane, click Monitors. Under Views, click Alerting.
38
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
In the right pane, under Log Windows Messenger, check Enable Windows Messenger Logging. User notification is disabled by default.
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
39
1 2 3 4 5
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Quarantine, check Quarantine files. In the Central server quarantine host or IP box, type the host name or the IP address for the computer on which Symantec Central Quarantine is installed. In the Port box, type the TCP/IP port number to be used by the Symantec Scan Engine to pass files to the Symantec Central Quarantine. This setting must match the port number that is selected at installation for Symantec Central Quarantine.
40
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
Note: During virus outbreaks, you might want to scan all files even if you normally control the file types that are scanned with the file type or file extension exclusion list.
1 2 3 4
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.
To scan all files except for those that are in the file extension exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. On activating this option, both the file extension exclude list and the file type exclude list gets activated automatically.
Type each file extension that you want to add to the list on a separate line. Use a period with each extension in the list.
To remove a file extension from the list, select it and delete it from the File extension exclude list.
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
41
To restore the default file extension exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
To scan all file types except those in the file type exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you activate this option, both the file type exclude list and the file extension exclude list are activated automatically.
Type each file type you want to add to the list on a separate line. To include all subtypes for a file type, use the wildcard character /*.
To remove a file type from the list, select it and delete it from the File type exclude list.
42
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
To restore the default file type exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
1 2
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click LiveUpdate Content.
Configuring Symantec AntiVirus for NetApp Filer About configuring Symantec Scan Engine
43
In the right pane, under LiveUpdate Content, check Enable scheduled LiveUpdate. This option is enabled by default.
In the LiveUpdate interval drop-down list, choose an interval. You can select from 2, 4, 8, 10, 12, or 24-hour intervals. The default LiveUpdate interval is 2 hours.
44
Configuring Symantec AntiVirus for NetApp Filer About configuring the client NetApp Filer
You can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that Symantec Scan Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default. Configuring Rapid Release updates to occur automatically
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click Rapid Release Content. In the content area under Rapid Release Content, check Enable scheduled Rapid Release to enable automatic downloads of Rapid Release definitions. This option is disabled by default.
In the Rapid Release interval box, to specify the interval between which you want Symantec Scan Engine to download Rapid Release definitions, do any of the following steps:
Type the interval. Click the up arrow or down arrow to select the interval.
You can select any number between 5 minutes and 120 minutes. The default value is 30 minutes.
Configuring Symantec AntiVirus for NetApp Filer About configuring the client NetApp Filer
45
Each NetApp Filer should be installed and configured in accordance with the accompanying product documentation. Each filer should be functional before you initiate virus scanning using Symantec Scan Engine.
About verifying that the scan engine is registered with the filer
You can verify that the scan engine is registered with the filer after you install Symantec Scan Engine. Registration is automatic if you have provided the correct information to Symantec Scan Engine for contacting the filer. Registration occurs when the scan engine connects to the Filer. Use the vscan command at the command line interface to check the list of registered scan engines. Note: The service startup properties for Symantec Scan Engine must be changed to identify an account that has the appropriate permissions on the filer. If the change has not been done, the scan engine cannot register with the filer because it does not have sufficient permission. See Editing the service startup properties on page 31.
46
Configuring Symantec AntiVirus for NetApp Filer About configuring the client NetApp Filer
exclude remove would successfully remove extensions from the exclude list on the NetApp Filer. To rollback to the default include list, use the vscan extensions include reset command at the command line interface. The wildcard extension (???), which scans all files regardless of file extension, might negatively impact performance. The highest level of protection is achieved by scanning all file types; however, viruses are found only in those file types that contain executable code. So, every file type need not be scanned. You can save bandwidth and time by limiting the files to be scanned to only those file types that can contain viruses. For more information, see the NetApp Filer documentation.
Configuring Symantec AntiVirus for NetApp Filer About configuring the client NetApp Filer
47
Note: Ensure that you have edited the service startup privileges appropriately, or disable virus scanning before you initiate a backup of the NetApp Filer. See Editing the service startup properties on page 30. See Editing the service startup properties on page 31.
48
Configuring Symantec AntiVirus for NetApp Filer About configuring the client NetApp Filer
Chapter
About software components How Symantec Scan Engine works with the Sun StorageTek 5000 NAS Appliance About preparing for installation About configuring Symantec Scan Engine About configuring the Sun StorageTek 5000 NAS Appliance Recommendations while integrating multiple scan engines
Symantec Scan Engine, which provides the virus scanning and repair services
50
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance How Symantec Scan Engine works with the Sun StorageTek 5000 NAS Appliance
For more information, see the Symantec Scan Engine Implementation Guide.
The NAS Anti Virus Agent, which provides the virus scanning functionalityand ensures the seamless integration of Symantec Scan Engine with the Sun StorageTek 5000 NAS Appliance. The NAS Anti Virus Agent is an integral part of the Sun StorageTek 5000 NAS Appliance. No separate license is required. See About configuring the Sun StorageTek 5000 NAS Appliance on page 62.
How Symantec Scan Engine works with the Sun StorageTek 5000 NAS Appliance
Symantec AntiVirus for Network Attached Storage provides virus scanning and repair capabilities for the Sun StorageTek 5000 series of network-attached storage devices that support the Sun NAS firmware version 4.21 M1 and later. Virus scanning and repair is provided for files on the Common Internet File System (CIFS). The Internet Content Adaptation Protocol (ICAP) is used to communicate with Symantec Scan Engine. In a typical Sun StorageTek 5000 NAS environment, a minimum of two scan engines is required to handle scan volume. A maximum of four scan engines can be supported per Sun StorageTek 5000 NAS Appliance. The NAS Anti Virus Agent handles load balancing across multiple scan engines automatically.
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance How Symantec Scan Engine works with the Sun StorageTek 5000 NAS Appliance
51
See About quarantining unrepairable files on Symantec Scan Engine on page 53.
52
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance How Symantec Scan Engine works with the Sun StorageTek 5000 NAS Appliance
Note: Exclusion lists ensure that all file types are not scanned; therefore, new types of viruses might not be detected. Scanning all files regardless of extension and type is the most secure setting, but it imposes the heaviest demand on resources. During virus outbreaks, you might want to scan all files even if you normally control the file types that are scanned with the exclusion list. For more information, see the Symantec Scan Engine Implementation Guide. See Specifying which file types to scan on the scan engine on page 56.
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About preparing for installation
53
54
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
55
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the right pane, under Select Communication Protocol, click ICAP. The configuration settings are displayed for the selected protocol. If you change the protocol setting from RPC to ICAP through the Symantec Scan Engine administrative interface, you must manually stop and start the service.
56
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
Under ICAP Configuration, in the Bind address box, select the scanning IP addresses that you want to bind to Symantec Scan Engine. Check Select All to select every IP Address in the Bind address table. By default, Symantec Scan Engine binds to all interfaces.
In the Port number box, type the TCP/IP port number that the NAS Anti Virus Agent uses to pass files to Symantec Scan Engine for scanning. The default setting for ICAP is port 1344.
In the Scan policy list, select how you want Symantec Scan Engine to handle infected files. The default setting is Scan and repair or delete, which is the recommended setting.
Check Enable trickle to enable the data trickle feature. The scan policy is automatically set to Scan only. However, enabling data trickle can compromise antivirus integrity. The data that is trickled to the user might contain a virus. You also cannot use the Quarantine feature when you enable data trickling. For more information, see the Symantec Scan Engine Implementation Guide.
Type the number of seconds that the scan process should run before data trickling begins. The setting defaults to 5 seconds and can be up to a maximum of 86400 seconds.
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
57
You can control which embedded files are scanned by using an extension or type exclusion list, or you can scan all files regardless of extension and type. A prepopulated extension and type exclusion list exists that you can modify. The Symantec Scan Engine is configured by default to scan all files. Note: Symantec Scan Engine examines the first few bytes of every file to determine whether the file could contain a virus. This action occurs even if the file extension is not one that was identified for scanning. Based on this examination, the scan engine may scan a file even though it has not been identified for scanning. For more information, see the Symantec Scan Engine Implementation Guide. See About configuring virus scanning on the Sun StorageTek 5000 NAS Appliance on page 63.
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file extension exclude list and the file type exclude list are activated automatically.
Type each file extension that you want to add to the list on a separate line. Use a period with each extension in the list.
To remove a file extension from the list, select it and delete it from the File extension exclude list.
58
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
To restore the default file extension exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
To scan all file types except those in the file type exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file type exclude list and the file extension exclude list are activated automatically.
Type each file type you want to add to the list on a separate line. To include all subtypes for a file type, use the wildcard character /*. For more information on how to write the file types, see the Symantec Scan Engine Implementation Guide.
To remove a file type from the list, select it and delete it from the File type exclude list.
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
59
To restore the default file type exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
1 2 3 4
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.
60
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
You can specify the following limits for handling container files:
The maximum amount of time, in seconds, that is spent decomposing a container file and its contents This setting does not apply to .hqx or .amg files. The maximum file size, in megabytes, for the individual files that are in a container file The maximum number of nested levels to decompose for scanning The maximum number of bytes that are read when determining whether a file is MIME-encoded
You can specify whether to allow or deny access to the file if any of these specified limits is met or exceeded. Symantec Scan Engine blocks container files based on their type, because only certain file types contain virus or malicious code.You can configure Symantec Scan Engine to block partial container files, malformed container files, and encrypted container files as well. For more information on container handling limits, see the Symantec Scan Engine Implementation Guide.
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring Symantec Scan Engine
61
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click LiveUpdate Content. In the right pane, under LiveUpdate Content, check Enable scheduled LiveUpdate. This option is enabled by default.
In the LiveUpdate interval drop-down list, choose an interval. You can select from 2, 4, 8, 10, 12, or 24-hour intervals. The default LiveUpdate interval is 2 hours.
62
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring the Sun StorageTek 5000 NAS Appliance
If you use a proxy or firewall that blocks FTP communications, the Rapid Release feature does not function. Your environment must allow FTP traffic for the FTP session to succeed. You can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that Symantec Scan Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default. Configuring Rapid Release updates to occur automatically
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click Rapid Release Content. In the content area under Rapid Release Content, check Enable scheduled Rapid Release to enable automatic downloads of Rapid Release definitions. This option is disabled by default.
In the Rapid Release interval box, to specify the interval between which you want Symantec Scan Engine to download Rapid Release definitions, do any of the following steps:
Type the interval. Click the up arrow or down arrow to select the interval.
You can select any number between 5 minutes and 120 minutes. The default value is 30 minutes.
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring the Sun StorageTek 5000 NAS Appliance
63
the virus scan functionality in accordance with the Sun StorageTek documentation. The Sun StorageTek 5000 NAS Appliance for which you provide virus scanning must be in the 5000 series of network-attached storage devices. For more information, see the appropriate Sun StorageTek documentation.
About configuring virus scanning on the Sun StorageTek 5000 NAS Appliance
You must configure virus scanning (the NAS Anti Virus Agent) for each Sun StorageTek 5000 NAS Appliance. You configure the virus scan functionality through the Configure AntiVirus setup screen for each NAS Appliance. Note: The virus scan functionality for each Sun StorageTek 5000 NAS Appliance accessing a scan engine must be configured identically to avoid inconsistency. The scan results and repair results for infected files will be inconsistent if the settings differ for each appliance. Table 3-2 describes the settings that you should configure for virus scan functionality.
64
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance About configuring the Sun StorageTek 5000 NAS Appliance
Maximum Connections
Specify the number of concurrent scan requests that can be handled by the scan engine. The default setting on the NAS Anti Virus Agent is 2. The similar configurable option on the Symantec Scan Engine defaults to 128. Select whether to specify an upper limit for the size of files to be scanned. Although you can choose a file size between 1 MB and 9999 MB, the Symantec Scan Engine can scan a maximum file size of 2047 MB (or 2GB). The default setting is 1GB. You can choose to allow or deny access to files that are larger than the limit that is specified in Maximum scan size.
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance Recommendations while integrating multiple scan engines
65
If the Symantec Scan Engines scanning results indicate that the file is unrepairable and must be deleted, then the NAS AntiVirus Agent quarantines the file. All access to the file is denied. If the file is infected but repairable, the repaired file is passed to the requesting user. The stored version of the infected file is replaced with the repaired file. If one scan engine does not respond, the NAS AntiVirus Agent requests virus scanning for a given file from other registered scan engines. If none respond, then file access is denied.
Configure the settings on each Symantec Scan Engine to be identical. Schedule LiveUpdate and Rapid Release to occur at the same time on all of the scan engines. This ensures that virus definitions are consistent. Configure the virus scan functionality to be identical for each Sun StorageTek 5000 NAS Appliance in a group to avoid inconsistency. The scan results and repair results for infected files will be inconsistent if the settings differ for each appliance in a group.
66
Configuring Symantec AntiVirus for Sun StorageTek 5000 NAS Appliance Recommendations while integrating multiple scan engines
Chapter
About software components How Symantec Scan Engine works with the Sun Storage 7000 Series NAS device About preparing for installation About configuring Symantec Scan Engine About configuring the Sun Storage 7000 Series NAS device Recommendations while integrating multiple scan engines
Symantec Scan Engine, which provides the virus scanning and repair services For more information, see the Symantec Scan Engine Implementation Guide. The VSCAN service, which provides the virus scanning functionality and ensures the seamless integration of Symantec Scan Engine with the Sun Storage
68
Configuring Symantec AntiVirus for Sun Storage 7000 Series How Symantec Scan Engine works with the Sun Storage 7000 Series NAS device
7000 Series NAS device. The VSCAN service is an integral part of the Sun Storage 7000 Series NAS device. No separate license is required. See About configuring the Sun Storage 7000 Series NAS device on page 81.
How Symantec Scan Engine works with the Sun Storage 7000 Series NAS device
Symantec AntiVirus for Network Attached Storage provides virus scanning and capabilities for the Sun Storage 7000 Series of network-attached storage (NAS) devices. Symantec AntiVirus for Network Attached Storage is certified with Sun Storage 7000 Series NAS device that supports the Sun Storage 7xxx version 2008.10 firmware version. The Internet Content Adaptation Protocol (ICAP) is used to communicate with Symantec Scan Engine. In a typical Sun Storage 7000 Series NAS device environment, a minimum of two scan engines is required to handle scan volume. A maximum of four scan engines can be supported per Sun Storage 7000 Series NAS device. The VSCAN service handles load balancing across multiple scan engines automatically.
Configuring Symantec AntiVirus for Sun Storage 7000 Series How Symantec Scan Engine works with the Sun Storage 7000 Series NAS device
69
The cache is purged when the virus definitions on Symantec Scan Engine are updated and when the Sun Storage 7000 Series NAS device is restarted. Individual cache entries are updated whenever a stored file is changed.
70
Configuring Symantec AntiVirus for Sun Storage 7000 Series About preparing for installation
The Sun Storage 7000 Series NAS device does not support the repair of infected files. Hence, it is recommended that you select the Scan only scan policy on the Symantec Scan Engine administrative interface. See Configuring ICAP-specific options on page 71.
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
71
72
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
73
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the right pane, under Select Communication Protocol, click ICAP. The configuration settings are displayed for the selected protocol.
Under ICAP Configuration, in the Bind address box, select the scanning IP addresses that you want to bind to Symantec Scan Engine. Check Select All to select every IP Address in the Bind address table. In the Port number box, type the TCP/IP port number that the NAS Anti Virus Agent uses to pass files to Symantec Scan Engine for scanning.
74
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
6 7
In the Scan policy list, select how you want Symantec Scan Engine to handle infected files. Check Enable trickle to enable the data trickle feature. The scan policy is automatically set to Scan only. However, enabling data trickle can compromise antivirus integrity. The data that is trickled to the user might contain a virus. You also cannot use the Quarantine feature when you enable data trickling. Note: Note: The Sun Storage 7000 Series does not support the trickle feature. For more information, see the Symantec Scan Engine Implementation Guide.
Type the number of seconds that the scan process should run before data trickling begins. The setting defaults to 5 seconds and can be up to a maximum of 86400 seconds.
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
75
Note: Symantec Scan Engine examines the first few bytes of every file to determine whether the file could contain a virus. This action occurs even if the file extension is not one that was identified for scanning. Based on this examination, the scan engine may scan a file even though it has not been identified for scanning. For more information, see the Symantec Scan Engine Implementation Guide See About configuring virus scanning on the Sun Storage 7000 Series NAS device on page 81.
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file extension exclude list and the file type exclude list are activated automatically.
Type each file extension that you want to add to the list on a separate line. Use a period with each extension in the list.
To remove a file extension from the list, select it and delete it from the File extension exclude list.
76
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
To restore the default file extension exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
To scan all file types except those in the file type exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file type exclude list and the file extension exclude list are activated automatically.
Type each file type you want to add to the list on a separate line. To include all subtypes for a file type, use the wildcard character /*. For more information on how to write the file types, see the Symantec Scan Engine Implementation Guide.
To remove a file type from the list, select it and delete it from the File type exclude list.
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
77
To restore the default file type exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
1 2 3 4
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.
78
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
You can specify the following limits for handling container files:
The maximum amount of time, in seconds, that is spent decomposing a container file and its contents This setting does not apply to .hqx or .amg files. The maximum file size, in megabytes, for the individual files that are in a container file The maximum number of nested levels to decompose for scanning The maximum number of bytes that are read when determining whether a file is MIME-encoded
You can specify whether to allow or deny access to the file if any of these specified limits is met or exceeded. Symantec Scan Engine blocks container files based on their type, because only certain file types contain virus or malicious code.You can configure Symantec Scan Engine to block partial container files, malformed container files, and encrypted container files as well. For more information on container handling limits, see the Symantec Scan Engine Implementation Guide.
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
79
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click LiveUpdate Content. In the right pane, under LiveUpdate Content, check Enable scheduled LiveUpdate. This option is enabled by default.
In the LiveUpdate interval drop-down list, choose an interval. You can select from 2, 4, 8, 10, 12, or 24-hour intervals. The default LiveUpdate interval is 2 hours
80
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring Symantec Scan Engine
Warning: Rapid Release definitions do not undergo the same rigorous quality assurance tests as LiveUpdate and Intelligent Updater definitions. Symantec encourages users to rely on the full quality-assurance-tested definitions whenever possible. Ensure that you deploy Rapid Release definitions to a test environment before you install them on your network. If you use a proxy or firewall that blocks FTP communications, the Rapid Release feature does not function. Your environment must allow FTP traffic for the FTP session to succeed. You can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that Symantec Scan Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default. Configuring Rapid Release updates to occur automatically
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click Rapid Release Content. In the content area under Rapid Release Content, check Enable scheduled Rapid Release to enable automatic downloads of Rapid Release definitions. This option is disabled by default.
In the Rapid Release interval box, to specify the interval between which you want Symantec Scan Engine to download Rapid Release definitions, do any of the following steps:
Type the interval. Click the up arrow or down arrow to select the interval. You can select any number between 5 minutes and 120 minutes. The default value is 30 minutes.
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring the Sun Storage 7000 Series NAS device
81
About configuring virus scanning on the Sun Storage 7000 Series NAS device
You must configure virus scanning (the VSCAN service) for each Sun Storage 7000 Series NAS device. You configure the virus scan functionality through the Virus Scan setup screen for each Sun Storage 7000 Series NAS device.
82
Configuring Symantec AntiVirus for Sun Storage 7000 Series About configuring the Sun Storage 7000 Series NAS device
Note: The virus scan functionality for each Sun Storage 7000 Series NAS device accessing a scan engine must be configured identically to avoid inconsistency. The scan results for infected files will be inconsistent if the settings differ for each appliance. Table 4-2 describes the settings that you should configure for virus scan functionality. Table 4-2 Setting
Maximum file size to scan
You can choose to allow or deny access to files that are larger than the limit that is specified in Maximum file size to scan. Allowing access to files that have not been scanned can make your network vulnerable to virus attacks.
In the fields Host and Port, type the IP address and the port number of each scan engine to be used for scanning. Ensure that the entered port number matches the one used while installing the scan engine. In the field Maximum Connections, specify the number of concurrent scan requests that the scan engine can handle. The default setting on the VSCAN service is 32. The similar configurable option on the Symantec Scan Engine defaults to 128. Put a check mark against a Symantec Scan Engine under the Enable field to activate it for scanning. Each Sun Storage 7000 Series NAS device can support up to four scan engines.
Configuring Symantec AntiVirus for Sun Storage 7000 Series Recommendations while integrating multiple scan engines
83
If the Symantec Scan Engines scanning results indicate that the file is infected, then the VSCAN service quarantines the file. All access to the file is denied. You can only view and delete the quarantined file in a file browser. If one scan engine does not respond, the VSCAN service requests virus scanning for a given file from other registered scan engines. If none respond, then file access is denied.
Configure the settings on each Symantec Scan Engine to be identical. Schedule LiveUpdate and Rapid Release to occur at the same time on all of the scan engines. This ensures that virus definitions are consistent.
84
Configuring Symantec AntiVirus for Sun Storage 7000 Series Recommendations while integrating multiple scan engines
Configure the virus scan functionality to be identical for each Sun Storage 7000 Series NAS device in a group to avoid inconsistency. The scan results for infected files will be inconsistent if the settings differ for each appliance in a group.
Chapter
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc
This chapter includes the following topics:
About software components How Symantec Scan Engine works with BlueArc Storage System and Hitachi High-performance NAS Platform About preparing for installation About configuring Symantec Scan Engine About configuring BlueArc Storage System or Hitachi High-performance NAS Platform
86
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About software components
Symantec Scan Engine, which provides the virus scanning and repair services For more information, see the Symantec Scan Engine Implementation Guide. BlueArc Storage System or Hitachi High-performance NAS Platform Some options are configured directly on the NAS Server. No additional code is necessary to connect Symantec Scan Engine to the NAS Server. See About configuring BlueArc Storage System or Hitachi High-performance NAS Platform on page 102.
How Symantec Scan Engine works with BlueArc Storage System and Hitachi High-performance NAS Platform
Symantec AntiVirus for Network Attached Storage provides virus scanning and repair capabilities for BlueArc Storage System and Hitachi High-performance NAS Platform storage appliances that have firmware version 4.0 or later. Symantec Scan Engine must be installed on a computer that is running Windows 2000 Server/Windows 2003 Server/Windows 2008 Server. It must be located in the same domain as the NAS Server for which it provides scanning and repair services. Symantec Scan Engine uses the RPC protocol to interface with BlueArc Storage System and Hitachi High-performance NAS Platform storage appliances. On the NAS Server, you can enable virus scanning individually for each Enterprise Virtual Server (EVS). An EVS is a virtual NAS system that consists of CIFS shares with individual IP addresses. A single Symantec Scan Engine can support multiple EVSs. Hence, represent each EVS as an RPC client through the Symantec Scan Engine administrative interface, You can use multiple scan engines to support one or more EVSs for sites with larger scan volumes. Load balancing is handled through the NAS Servers administrative interface to achieve high availability and performance scaling. Virus scanning on BlueArc Storage System and Hitachi High-performance NAS Platform is available only for those files that are requested through the Common Internet File System (CIFS).
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc How Symantec Scan Engine works with BlueArc Storage System and Hitachi High-performance NAS Platform
87
88
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc How Symantec Scan Engine works with BlueArc Storage System and Hitachi High-performance NAS Platform
You can control the files that are initially submitted to the scan engine by BlueArc Storage System or Hitachi High-performance NAS Platform for scanning.
The NAS Server lets you specify by file extension the files that are to be passed to Symantec Scan Engine for scanning. You configure the file types that you want to submit for scanning through the NAS Server interface in accordance with the product documentation. See About specifying the file extensions to be scanned on the NAS Server on page 103.
You can control the files that are embedded in archival file formats (for example, .zip or .lzh files) that are to be scanned by Symantec Scan Engine.
The file extension exclusion list and the file type exclusion lists let you specify the file types and the file extensions that you do not want to scan. The file extensions exclusion list and the file type exclusion list achieve this purpose. You can also scan all file types regardless of extension. You configure which embedded files are scanned through the Symantec Scan Engine administrative interface. See Specify which embedded files to scan on page 97.
You can also configure the scan engine to quarantine unrepairable files. See About quarantining unrepairable infected files on page 95.
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About preparing for installation
89
about the user who requested the infected file. This information includes the security identifier of the user and the IP address and host name of the requesting computer. The identification information supplements the information that is contained in Infection Found log messages that are logged to the local logs, the Windows Event Log, and SMTP. This information does not appear in the Infection Found messages that are logged to SNMP or SESA. Note: Symantec Scan Engine can obtain only the information that is made available by the NAS Server. In some cases, all or some of this information is not available. The information that is obtained is reported in the related log entries. Any identification information that is not obtained from the NAS Server is omitted from the log messages and from the user notification window. You also can configure Symantec Scan Engine to notify the requesting user that the retrieval of a file failed because a virus was found. The notification message only appears if the user uses a Windows computer. The notification message includes the following:
Date and time of the event File name of the infected file Virus name and ID Virus definition date and revision number Manner in which the infected file was handled (for example, the file was repaired or deleted) Scan policy Disposition of the file (for example, infected) Duration of scan time and connection time
The Windows Messenger service must be running on the computer that is running the Symantec Scan Engine and on the users computer to use the user notification feature. See Notifying a requesting user that a virus was found on page 94.
90
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
Symantec Scan Engine. As a prerequisite, ensure that each NAS Server for which the scan engine is to provide scanning and repair services meets this requirement. To use RPC, Symantec Scan Engine must be installed on a computer that is running Windows 2000 Server/Windows 2003 Server/Windows 2008 Server. The computer on which you plan to install Symantec Scan Engine must meet the system requirements that are listed in the Symantec Scan Engine Implementation Guide. After you install Symantec Scan Engine, configure the NAS Server to work with the scan engine. See About configuring BlueArc Storage System or Hitachi High-performance NAS Platform on page 102.
The account must have local administrator permissions on the computer that has the scan engine. The user account must have Backup Operator privileges or above on the NAS Server. For more information on how to set up a shared account with local group backup operator privileges on the NAS Server, see the appropriate product documentation.
You must change the service startup properties if the list of NAS Servers is edited as well.
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
91
1 2 3 4 5
In the Windows 2000/2003/2008 Control Panel, click Administrative Tools. Click Services. In the list of services, right-click Symantec Scan Engine, and then click Properties. In the Properties dialog box, on the Log On tab, click This Account. Type the account name and password for the user account that has local administrator rights on the computer that has the scan engine. This account should also have Backup Operator privileges or above on the NAS Server. Use the following format for the account name: domain\username
6 7 8
Click OK. Stop and start the Symantec Scan Engine service. For more information on stopping and starting the Symantec Scan Engine service, see the Symantec Scan Engine Implementation Guide.
92
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
93
Provide an IP address for each EVS for which Symantec Scan Engine should provide scanning services. You can add or delete Enterprise Virtual Servers from this list at any time. Configure the additional RPC-specific options.
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the right pane, under Select Communication Protocol, click RPC. The configuration settings are displayed for the selected protocol.
4 5
In the Manual Restart Required dialog box, click OK. To add an EVS to the list of RPC clients, type the IP address of the EVS for which Symantec Scan Engine should provide scanning services. Type one entry per line.
6 7
To delete an EVS from the list of RPC clients, select and delete the IP address of the EVS. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. You must perform a manual restart for the changes to take place and for a proper connection to the EVS.
1 2
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol.
94
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
Under RPC Configuration, in the Check RPC connection every box, type how frequently Symantec Scan Engine checks the RPC connection with the EVS to ensure that the connection is active. The default interval is 20 seconds.
In the Maximum number of reconnect attempts box, type the maximum number of tries that the Symantec Scan Engine should undertake to reestablish a lost connection with the EVS. The default setting is 0. Symantec Scan Engine tries indefinitely to reestablish a connection. Use the default setting if the scan engine provides scanning for multiple enterprise virtual servers.
In the Antivirus scan policy list, select how you want Symantec Scan Engine to handle infected files. The default setting is Scan and repair or delete.
The date and time of the event The event security level (for example, Warning)
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
95
The scan policy (for example, scan and repair or delete) The file name of the infected file The virus name and ID The manner in which the infected file was handled (for example, the file was repaired or deleted) The disposition of the file (for example, infected) The IP address and name of the requesting users computer The date and revision number of the virus definitions used The duration (in seconds) of scan and connection time
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Monitors. Under Views, click Alerting. In the right pane, under Log Windows Messenger, check Enable Windows Messenger Logging. User notification is disabled by default.
96
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
Symantec Scan Engine forwards the infected files that cannot be repaired to Symantec Central Quarantine. Typically, the heuristically-detected viruses that cannot be eliminated by the current set of virus definitions are forwarded to the quarantine. They are isolated so that the viruses cannot spread. The infected items can be submitted to Symantec Security Response for analysis from the quarantine. New virus definitions are posted if a new virus is identified. You must select Scan and repair or delete as the RPC scan policy to forward files to the quarantine. The original infected file is deleted when a copy of an infected file is forwarded to the quarantine. If submission to the quarantine is not successful, the original file is not deleted, and an error message is returned to the NAS Server. Access to the infected file is denied. See About configuring RPC protocol options on page 91. For more information about installing and configuring Symantec Central Quarantine, see the Symantec Central Quarantine Administrators Guide. To quarantine unrepairable infected files
1 2 3 4 5
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Quarantine, check Quarantine files. In the Central server quarantine host or IP box, type the host name or the IP address for the computer on which Symantec Central Quarantine is installed. In the Port box, type the TCP/IP port number to be used by the Symantec Scan Engine to pass files to the Symantec Central Quarantine. This setting must match the port number that is selected at installation for Symantec Central Quarantine.
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
97
1 2 3 4
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.
98
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
To scan all files except for those that are in the file extension exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. On activating this option, both the file extension exclude list and the file type exclude list gets activated automatically.
Type each file extension that you want to add to the list on a separate line. Use a period with each extension in the list.
5 6
To remove a file extension from the list, select it and delete it from the File extension exclude list. To restore the default file extension exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
To scan all file types except those in the file type exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you activate this option, both the file type exclude list and the file extension exclude list are activated automatically.
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
99
Type each file type that you want to add to the list on a separate line. To include all subtypes for a file type, use the wildcard character /*. For more information on how to write the file types, see the Symantec Scan Engine Implementation Guide.
5 6
To remove a file type from the list, select it and delete it from the File type exclude list. To restore the default file type exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file type exclude list and the file extension exclude list.
100
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click LiveUpdate Content. In the right pane, under LiveUpdate Content, check Enable scheduled LiveUpdate. This option is enabled by default.
In the LiveUpdate interval drop-down list, choose an interval. You can select from 2, 4, 8, 10, 12, or 24-hour intervals. The default LiveUpdate interval is 2 hours.
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring Symantec Scan Engine
101
If you use a proxy or firewall that blocks FTP communications, the Rapid Release feature does not function. Your environment must allow FTP traffic for the FTP session to succeed. You can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that Symantec Scan Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default. To configure Rapid Release updates to occur automatically
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click Rapid Release Content. In the content area under Rapid Release Content, check Enable scheduled Rapid Release to enable automatic downloads of Rapid Release definitions. This option is disabled by default.
In the Rapid Release interval box, to specify the interval between which you want Symantec Scan Engine to download Rapid Release definitions, do any of the following steps:
Type the interval. Click the up arrow or down arrow to select the interval.
You can select any number between 5 minutes and 120 minutes. The default value is 30 minutes.
102
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring BlueArc Storage System or Hitachi High-performance NAS Platform
About verifying that the scan engine is registered with the NAS Server
You can verify that the scan engine is registered with the NAS Server after you install Symantec Scan Engine. Registration is automatic if you have provided the correct information to Symantec Scan Engine for contacting the EVS. Registration occurs when Symantec Scan Engine connects to the EVS. The Registered Virus Scanners field in the NAS Servers administrative interface contains the names of the registered scan engines. Ensure that at least one registered scan engine is present to be assured of virus protection for each EVS. Note: The service startup properties for Symantec Scan Engine must be changed to identify an account that has the appropriate permissions on the EVS. If the change has not been done, the scan engine cannot register with the EVS because it does not have sufficient permission. See Editing the service startup properties on page 90.
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring BlueArc Storage System or Hitachi High-performance NAS Platform
103
104
Configuring Symantec AntiVirus for BlueArc Storage System and Hitachi Highperformance NAS Platform, powered by BlueArc About configuring BlueArc Storage System or Hitachi High-performance NAS Platform
You can deactivate virus scanning until the scan engines are available again so that file access is still available. BlueArc Storage System and Hitachi Highperformance NAS Platform keeps a track of all files that are not scanned in this duration. As soon as virus scanning is activated, the files that were created/ modified in the duration are scanned without fail. For more information, see the appropriate NAS Server documentation.
Chapter
About software components How Symantec Scan Engine works with the Hitachi Essential NAS Platform About configuring Symantec Scan Engine
Symantec Scan Engine is installed when Symantec AntiVirus for Network Attached Storage is installed. Provides the virus scanning and repair services. For more information, see the Symantec Scan Engine Implementation Guide. Hitachi Essential NAS Platform Some options are configured directly on the NAS server. No additional code is necessary to connect Symantec Scan Engine to the NAS server.
106
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform How Symantec Scan Engine works with the Hitachi Essential NAS Platform
How Symantec Scan Engine works with the Hitachi Essential NAS Platform
Symantec AntiVirus for Network Attached Storage provides virus scanning and repair capabilities for the Hitachi Essential NAS Platform. Symantec Scan Engine must be installed on a computer that is running Windows 2000 Server/Windows 2003 Server/Windows 2008 Server. It must be located in the same domain as the NAS server for which it provides scanning and repair services. Symantec Scan Engine uses the proprietary Network Appliance adaptation of the RPC protocol to interface with Hitachi Essential NAS Platform. A single Symantec Scan Engine can support multiple NAS servers. You can use multiple scan engines to support one or more servers for sites with larger scan volumes. Load balancing is handled through the NAS server interface. Virus scanning on the Hitachi Essential NAS Platform is available only for those files that are requested through the Common Internet File System (CIFS).
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
107
Try to repair the infected file, and deny access to any irreparable file. Try to repair the infected file, and delete any irreparable file.
You can also configure the scan engine to quarantine irreparable files.
108
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
Port number
Scan policy
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
109
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the right pane, under Select Communication Protocol, click ICAP. The configuration settings are displayed for the selected protocol. You must manually stop and start the service if you change the protocol setting through the Symantec Scan Engine administrative interface.
Under ICAP Protocol Configuration, in the Bind address box, type a bind address, if necessary. By default, Symantec Scan Engine binds to all interfaces. You can restrict access to a specific interface by typing the appropriate bind address.
In the Port number box, type the TCP/IP port number. The default setting for ICAP is port 1344.
In the Scan policy list, select how you want Symantec Scan Engine to handle infected files. The default setting is Scan and repair or delete, which is the recommended setting.
Check Enable trickle to enable the data trickle feature. The scan policy is automatically set to Scan only. However, enabling data trickle can compromise antivirus integrity. The data that is trickled to the user might contain a virus. You also cannot use the Quarantine feature when you enable data trickling. For more information, see the Symantec Scan Engine Implementation Guide.
110
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
Type the number of seconds that the scan process should run before data trickling begins. The setting defaults to 5 seconds and can be up to a maximum of 86400 seconds (24 hours).
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
111
To scan all files except for those that are in the file extension exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file extension exclude list and the file type exclude list are activated automatically.
4 5 6
Type each file extension that you want to add to the list on a separate line. Use a period with each extension in the list. To remove a file extension from the list, select it and delete it from the File extension exclude list. To restore the default file extension exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
To scan all file types except those in the file type exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file type exclude list and the file extension exclude list are activated automatically.
112
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
Type each file type you want to add to the list on a separate line. To include all subtypes for a file type, use the wildcard character /*. For more information on how to write the file types, see the Symantec Scan Engine Implementation Guide.
5 6
To remove a file type from the list, select it and delete it from the File type exclude list. To restore the default file type exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
1 2 3 4
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
113
The maximum amount of time, in seconds, that is spent decomposing a container file and its contents This setting does not apply to .hqx or .amg files. The maximum file size, in megabytes, for the individual files that are in a container file The maximum number of nested levels to decompose for scanning The maximum number of bytes that are read when determining whether a file is MIME-encoded
You can specify whether to allow or deny access to the file if any of these specified limits is met or exceeded. Symantec Scan Engine blocks container files based on their type, because only certain file types contain virus or malicious code. You can configure Symantec Scan Engine to block partial container files, malformed container files, and encrypted container files as well. For more information on container handling limits, see the Symantec ScanEngine Implementation Guide.
114
Configuring Symantec AntiVirus for Hitachi Essential NAS Platform About configuring Symantec Scan Engine
You can change the LiveUpdate base time. If you change the scheduled LiveUpdate interval, the interval adjusts based on the LiveUpdate base time. To schedule LiveUpdate to update virus definitions automatically
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click LiveUpdate Content. In the right pane, under LiveUpdate Content, check Enable scheduled LiveUpdate. This option is enabled by default.
In the LiveUpdate interval drop-down list, choose an interval. You can select from 2, 4, 8, 10, 12, or 24-hour intervals. The default LiveUpdate interval is 2 hours. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. You must perform a manual restart for the changes to take place.
Chapter
About software components How Symantec Scan Engine works with the ONStor EverON About preparing for installation About configuring Symantec Scan Engine About configuring the ONStor VirusScan Applet
Symantec Scan Engine is installed when Symantec AntiVirus for Network Attached Storage is installed. Provides the virus scanning and repair services. For more information, see the Symantec Scan Engine Implementation Guide. ONStor EverON VirusScan Applet
116
Configuring Symantec AntiVirus for ONStor EverON How Symantec Scan Engine works with the ONStor EverON
The VirusScan applet handles the communication between the NAS server and the virus-scanning function on the server. An InstallShield guides you through the installation process. See About configuring the ONStor VirusScan Applet on page 125.
Configuring Symantec AntiVirus for ONStor EverON How Symantec Scan Engine works with the ONStor EverON
117
modified or the administrator requests a full scan of the files from the NAS servers administrative interface.
You can also configure the scan engine to quarantine irreparable files.
118
Configuring Symantec AntiVirus for ONStor EverON About preparing for installation
File name of the infected file Virus name and ID Virus definition date and revision number Manner in which the infected file was handled (for example, the file was repaired or deleted) Scan rule Disposition of the file Duration of scan time and connection time
To use the user notification feature, the Windows Messenger service must be running on the computer that is running Symantec Scan Engine, and on the users computer.
Configuring Symantec AntiVirus for ONStor EverON About configuring Symantec Scan Engine
119
protocol through the administrative interface if Symantec Scan Engine has already been configured to use another protocol. However, you must manually restart the Symantec Scan Engine. For more information about accessing the administrative interface, see the Symantec Scan Engine Implementation Guide. describes the protocol-specific options for ICAP. Table 7-1 Option
Bind address
Port number
Scan policy
120
Configuring Symantec AntiVirus for ONStor EverON About configuring Symantec Scan Engine
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the right pane, under Select Communication Protocol, click ICAP. The configuration settings are displayed for the selected protocol. You must manually stop and start the service if you change the protocol setting through the Symantec Scan Engine administrative interface.
Under ICAP Protocol Configuration, in the Bind address box, type a bind address, if necessary. By default, Symantec Scan Engine binds to all interfaces. You can restrict access to a specific interface by typing the appropriate bind address.
In the Port number box, type the TCP/IP port number. The default setting for ICAP is port 1344.
In the Scan policy list, select how you want Symantec Scan Engine to handle infected files. The default setting is Scan and repair or delete, which is the recommended setting.
Check Enable trickle to enable the data trickle feature. The scan policy is automatically set to Scan only. However, enabling data trickle can compromise antivirus integrity. The data that is trickled to the user might contain a virus. You also cannot use the Quarantine feature when you enable data trickling. For more information, see the Symantec Scan Engine Implementation Guide.
Configuring Symantec AntiVirus for ONStor EverON About configuring Symantec Scan Engine
121
Type the number of seconds that the scan process should run before data trickling begins. The setting defaults to 5 seconds and can be up to a maximum of 86400 seconds (24 hours).
122
Configuring Symantec AntiVirus for ONStor EverON About configuring Symantec Scan Engine
To scan all files except for those that are in the file extension exclusion list
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file extension exclude list and the file type exclude list are activated automatically.
4 5 6
Type each file extension that you want to add to the list on a separate line. Use a period with each extension in the list. To remove a file extension from the list, select it and delete it from the File extension exclude list. To restore the default file extension exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
To scan all file types except those in the file type exclusion list
1 2 3 4
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. Type each file type you want to add to the list on a separate line. To include all subtypes for a file type, use the wildcard character /*. For more information on how to write the file types, see the Symantec Scan Engine Implementation Guide.
Configuring Symantec AntiVirus for ONStor EverON About configuring Symantec Scan Engine
123
5 6
To remove a file type from the list, select it and delete it from the File type exclude list. To restore the default file type exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
1 2 3 4
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.
124
Configuring Symantec AntiVirus for ONStor EverON About configuring Symantec Scan Engine
on how container files are handled. This reduces the networks exposure to denial-of-service attacks. You can specify the following limits for handling container files:
The maximum amount of time, in seconds, that is spent decomposing a container file and its contents This setting does not apply to .hqx or .amg files. The maximum file size, in megabytes, for the individual files that are in a container file The maximum number of nested levels to decompose for scanning The maximum number of bytes that are read when determining whether a file is MIME-encoded
You can specify whether to allow or deny access to the file if any of these specified limits is met or exceeded. Symantec Scan Engine blocks container files based on their type, because only certain file types contain virus or malicious code. You can configure Symantec Scan Engine to block partial container files, malformed container files, and encrypted container files as well. For more information on container handling limits, see the Symantec ScanEngine Implementation Guide.
Configuring Symantec AntiVirus for ONStor EverON About configuring the ONStor VirusScan Applet
125
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click LiveUpdate Content. In the right pane, under LiveUpdate Content, check Enable scheduled LiveUpdate. This option is enabled by default.
In the LiveUpdate interval drop-down list, choose an interval. You can select from 2, 4, 8, 10, 12, or 24-hour intervals. The default LiveUpdate interval is 2 hours. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. You must perform a manual restart for the changes to take place.
Verify that your NAS server is installed, powered up, and configured. Ensure that the Symantec AntiVirus Scan Engine is installed and configured to use Internet Content Adaptation Protocol (ICAP). Refer to the Symantec AntiVirus Scan Engine documentation on how to do this. Verify that both the VirusScan applet and the virus-scan engine are installed on servers configured with a static IP address. You are logged in as an administrator or with an account that has administrator privileges for installing the VirusScan applet. CIFS domain users must have administrator privileges on the machine where the applet is installed.
126
Configuring Symantec AntiVirus for ONStor EverON About configuring the ONStor VirusScan Applet
For running the VirusScan applet, we recommend Windows 2000 with Service Pack 2 or a later operating system. The ONStor VirusScan applet needs to access files in read/write mode in the virtual server. Therefore, the user account that launches the applet must be configured with BACKUP and RESTORE privilege. The scope of the privilege can be either VIRTUAL SERVER or CLUSTER. To enable virus scanning, configure the privilege before starting the ONStor VirusScan applet, or restart the applet after you configure the privilege. Use the priv add command to configure privileges for the user account.
Installing the VirusScan Applet for the Symantec AntiVirus Scan Engine
To Install the VirusScan Applet by Using the InstallShield Utility
Double-click the setup application icon to launch the installation wizard. You can click Cancel at any time to stop the installation. Click Next to continue with the installation. Select Symantec as the applet that you want to install and click Next. The Custom Setup dialog box enables you to customize the default setup of the applet. You can make the following changes: Change the directory location where the applet will be installed. Select from a drop-down list whether you want to install the basic features or all features of the applet, and when and where you want to install them. View the disk space requirements for the installation.
2 3
4 5
From the Symantec Virus Scanner drop-down list, select the features you want. If you want to change the location of the applet, click Change on the Custom Setup dialog box. You can either browse to the directory where you want the applet to install or you can enter the directory path. To view disk space requirements for the installation of the applet, click Space on the Custom Setup menu. Disks that are highlighted on the Disk Space Requirements list do not have enough disk space available for the installation of the applet. When you have completed the custom setup, click Next to continue the installation.
Configuring Symantec AntiVirus for ONStor EverON About configuring the ONStor VirusScan Applet
127
8 9
On the Ready to Install the Program window, click Install to continue the installation of the applet. Click Finish to allow the InstallShield wizard to complete the installation and exit.
Configuring the VirusScan Applet for the Symantec AntiVirus Scan Engine
After the InstallShield has installed the VirusScan applet in either the default directory or the one that you specified, configure the applet and register the port map service and applet service. The default directory for the installation is applet_installation_directory. Table 7-2describes the directory containing the VirusScan applet executable and its associated files. Table 7-2 File
ONStorVirusScanApplet.exe VScanEngine.dll oncrpc.dll PortMap.exe
msvcr70d.dll
symcsapi.dll ONStorVirusScanApplet.config
The VirusScan applet file is an XML file that enables you to specify the Symantec AntiVirus Scan Engine IP address and ICAP port number for the applet to use. If no alternate configuration file is available, the applet uses the Symantec AntiVirus Scan Engine on the designated default machine, 127.0.0.1, and it uses the default ICAP port, 1344. The following example shows the applet with the default IP and ICAP port specified:
128
Configuring Symantec AntiVirus for ONStor EverON About configuring the ONStor VirusScan Applet
Note: If you do not use the default port for ICAP, you need to specify the port number in the applet configuration file.
<ONStorVirusScanApplet> <LogFile mode="disable" name="VScanApplet.log" /> <Resource MaxNumberofParallelFileScanning="100" /> <ScanEngine> <Symantec> <Engine IP="127.0.0.1" Port="1344" /> </Symantec> </ScanEngine> </ONStorVirusScanApplet>
You can specify for the virus-scan application to write a virus-scan log to a log file in the same directory in which the applet is installed. The applet shown previously includes a log-file entry that is disabled.
If you specify the log file mode by replacing disable in the shown code with enable, the applet creates a log file or writes to the existing log file either in the current directory or in a path you provide within the applet. If the log file mode is set to disable, the applet sends output to the console only.
Note: Enabling the log file mode is not recommended because it slows down the virus scanning performance. Even when the applet log file mode is disabled, the applet will log errors and some warnings to the Windows Event Log. If the current log file reaches the maximum size of 5MB, the file is automatically renamed (for example, from applet.log to an older version log file, such as applet.log.old). If an older version already exists, the newer version overwrites the older version, and new incoming messages are written to the active log file.
You can configure the applet to scan a number of files concurrently. The MaxNumberOfParallelScanning parameter in the configuration file specifies the maximum number of files the applet can scan concurrently. The default is 100. Note: Parallel scanning affects memory usage. Depending on the memory available, if you set the value for parallel scanning too high, your network operations might take a long time or the entire network might fail.
Configuring Symantec AntiVirus for ONStor EverON About configuring the ONStor VirusScan Applet
129
If you want the applet to use more than one virus-scan engine, add the IP addresses for each into the configuration file so the client library can automatically load balance over the virus scan engines. The following example shows an applet using two Symantec AntiVirus Scan Engines, 10.2.14.150 and 10.2.14.151. Both use the default port, 1344.
<ONStorVirusScanApplet> <LogFile mode="enable" name="VScanApplet.log" /> <Resource MaxNumberofParallelFileScanning="100" /> <ScanEngine> <Symantec> <Engine IP="10.2.14.150" Port="1344" /> <Engine IP="10.2.14.151" Port="1344" /> </Symantec> </ScanEngine> </ONStorVirusScanApplet>
130
Configuring Symantec AntiVirus for ONStor EverON About configuring the ONStor VirusScan Applet
Chapter
About software components How Symantec Scan Engine works with EMC Celerra Network Server About preparing for installation About configuring Symantec Scan Engine About configuring EMC Celerra Network Server Known issue with EMC Celerra Network Server Recommendations while integrating multiple scan engines
132
Configuring Symantec AntiVirus for EMC Celerra Network Server How Symantec Scan Engine works with EMC Celerra Network Server
Provides the virus scanning and repair services. For more information, see the Symantec Scan Engine Implementation Guide.
Provides the virus scanning functionality and ensures the seamless integration of Symantec Scan Engine with EMC Celerra Network Server. See About installing the Celerra Anti Virus Agent on page 145. Use the CAVA calculator to estimate the number of Celerra Anti Virus Agents for your network. For more information on the CAVA calculator, see the appropriate EMC Celerra documentation.
Queues file names to the Celerra Anti Virus Agent. It is the agent component on EMC Celerra Network Server. See About configuring virus scanning on EMC Celerra Network Server on page 146.
How Symantec Scan Engine works with EMC Celerra Network Server
Symantec AntiVirus for Network Attached Storage provides virus scanning and repair capabilities for the EMC Celerra series of network-attached storage devices. The Celerra Anti Virus Agent uses the Internet Content Adaptation Protocol (ICAP) to communicate with Symantec Scan Engine 5.1.X and higher. However, CAVA uses the Native protocol to communicate with Symantec Scan Engine 4.3.X. In a typical EMC Celerra Network Server environment, a minimum of two scan engines is required to handle scan volume. Based on the number of Celerra Anti Virus Agents (CAVAs) and the size of the network, the CAVA sizing tool gives the ideal number of scan engines that must be installed in the network. For more information on the CAVA sizing tool, see the appropriate EMC Celerra documentation. EMC Celerra Network Server handles load balancing across multiple scan engines and Celerra Anti Virus Agents automatically.
Configuring Symantec AntiVirus for EMC Celerra Network Server How Symantec Scan Engine works with EMC Celerra Network Server
133
134
Configuring Symantec AntiVirus for EMC Celerra Network Server How Symantec Scan Engine works with EMC Celerra Network Server
Configuring Symantec AntiVirus for EMC Celerra Network Server About preparing for installation
135
See Specifying which file types to scan on the scan engine on page 139.
136
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
137
138
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
1 2 3 4 5 6
On the Symantec Scan Engine administrative interface, in the left pane, click Configuration. Under Views, click Protocol. In the right pane, under Select Communication Protocol, click ICAP. The configuration settings are displayed for the selected protocol. n the Port number box, type the TCP/IP port number that the NAS Anti Virus Agent uses to pass files to Symantec Scan Engine for scanning. In the Scan policy list, select how you want Symantec Scan Engine to handle infected files.
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
139
Check Enable trickle to enable the data trickle feature. The scan policy is automatically set to Scan only. However, enabling data trickle can compromise antivirus integrity. The data that is trickled to the user might contain a virus. You also cannot use the Quarantine feature when you enable data trickling. For more information, see the Symantec Scan Engine Implementation Guide.
Type the number of seconds that the scan process should run before data trickling begins. The setting defaults to 5 seconds and can be up to a maximum of 86400 seconds.
140
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning. In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file extension exclude list and the file type exclude list are activated automatically.
Type each file extension that you want to add to the list on a separate line. Use a period with each extension in the list.
5 6
To remove a file extension from the list, select it and delete it from the File extension exclude list. To restore the default file extension exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
To scan all file types except those in the file type exclusion list
1 2
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning.
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
141
In the right pane, under Files to Scan, click Scan all files except those in the extension or type exclude lists. When you enable this option, both the file type exclude list and the file extension exclude list are activated automatically.
Type each file type you want to add to the list on a separate line. To include all subtypes for a file type, use the wildcard character /*. For more information on how to write the file types, see the Symantec Scan Engine Implementation Guide.
5 6
To remove a file type from the list, select it and delete it from the File type exclude list. To restore the default file type exclude list, in the left pane, under Tasks, click Reset Default List. This option restores the default file-type exclude list and the file-extension exclude list.
1 2
On the Symantec Scan Engine administrative interface, in the left pane, click Policies. Under Views, click Scanning.
142
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
3 4
In the right pane, under Files to Scan, click Scan all files. On the toolbar, select one of the following:
Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.
The maximum amount of time, in seconds, that is spent decomposing a container file and its contents This setting does not apply to .hqx or .amg files. The maximum file size, in megabytes, for the individual files that are in a container file The maximum number of nested levels to decompose for scanning The maximum number of bytes that are read when determining whether a file is MIME-encoded
You can specify whether to allow or deny access to the file if any of these specified limits is met or exceeded. Symantec Scan Engine blocks container files based on their type, because only certain file types contain virus or malicious code.You can configure Symantec Scan Engine to block partial container files, malformed container files, and encrypted container files as well. For more information on container handling limits, see the Symantec Scan Engine Implementation Guide.
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
143
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click LiveUpdate Content. In the right pane, under LiveUpdate Content, check Enable scheduled LiveUpdate. This option is enabled by default.
In the LiveUpdate interval drop-down list, choose an interval. You can select from 2, 4, 8, 10, 12, or 24-hour intervals. The default LiveUpdate interval is 2 hours.
144
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring Symantec Scan Engine
1 2 3
On the Symantec Scan Engine administrative interface, in the left pane, click System. Under Views, click Rapid Release Content. In the content area under Rapid Release Content, check Enable scheduled Rapid Release to enable automatic downloads of Rapid Release definitions. This option is disabled by default.
In the Rapid Release interval box, to specify the interval between which you want Symantec Scan Engine to download Rapid Release definitions, do any of the following steps:
Type the interval. Click the up arrow or down arrow to select the interval.
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring EMC Celerra Network Server
145
You can select any number between 5 minutes and 120 minutes. The default value is 30 minutes.
Create a user account (for the CAVA server) in the domain to which each EMC Celerra Network Server belongs. Create a local group on each EMC Celerra Network Server and then add the CAVA user to this group. Assign virus-checking rights to this group in accordance with the EMC Celerra documentation. Also, assign local administrative rights to the CAVA user. For more information, see the appropriate EMC Celerra documentation. Configure virus scanning on EMC Celerra Network Server by setting certain virus checking parameters in the viruschecker.conf file. See About configuring virus scanning on EMC Celerra Network Server on page 146. Install the Celerra Anti Virus Agent on each server on which you installed Symantec Scan Engine. For more information, see the appropriate EMC Celerra documentation. Start the Virus-checking client (VC client) on each EMC Celerra Network Server.
146
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring EMC Celerra Network Server
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring EMC Celerra Network Server
147
excl=
Specify the file types that should not be passed to Symantec Scan Engine for scanning. This parameter defines the exclusion list. This setting is similar to the Files to scan setting on Symantec Scan Engine. You must configure this setting on both EMC Celerra Network Server and Symantec Scan Engine.
addr=
Specify the IP address or FQDN of each scan engine to be used for scanning. Enter the IP addresses separated by colons, if there are multiple scan engines.
maxsize=<n>
Specify an upper limit for the size of files to be scanned. The file size is entered as a hexadecimal number with a prefix of 0x. Although you can choose a file size up to 0xFFFFFFFF (4 GB), Symantec Scan Engine can scan a maximum file size of 2047 MB (or 2 GB). If the maxsize parameter is not set or is equal to 0, then there is no limit to the maximum file size.
highWaterMark=<n>
Specify the upper limit for the number of scan requests occurring concurrently. Once this limit is reached, a log event is sent to EMC Celerra Network Server. The default value is 200.
148
Configuring Symantec AntiVirus for EMC Celerra Network Server About configuring EMC Celerra Network Server
lowWaterMark=<n>
surveyTime=<n>
Specify (in seconds) the interval at which registered scan engines are contacted to confirm their status. This parameter works in conjunction with the shutdown parameter and will trigger a shutdown if no scan engine is available. The default value is 60.
shutdown=
Specify the shutdown action to take if no scan engine is available. shutdown=no: Contact the list of registered scan engines continuously even if scan engines are not available. This is the default option. shutdown=viruschecking: Stop the virus checking functionality if there are no available scan engines. shutdown=cifs: Stops CIFS so that clients are denied access to EMC Celerra Network Server.
After configuring the virus checking parameters in the viruschecker.conf file, copy the file to the correct directory in EMC Celerra Network Server and to each EMC Celerra Network Server in the group. For more information, see the appropriate EMC Celerra documentation. Note: The virus scan functionality for each EMC Celerra Network Server in a group must be configured identically to avoid inconsistency. The scan results and repair results for infected files will be inconsistent if the settings differ for each EMC Celerra Network server in the group. Thus, it is necessary that the same viruschecker.conf file be copied to the correct directory and to each EMC Celerra Network Server in the group.
Configuring Symantec AntiVirus for EMC Celerra Network Server Known issue with EMC Celerra Network Server
149
Install the Celerra Anti Virus Agent on each server that functions as the scan engine in the domain. For more information on installing the Celerra Anti Virus Agent, see the appropriate EMC Celerra documentation.
150
Configuring Symantec AntiVirus for EMC Celerra Network Server Recommendations while integrating multiple scan engines
Configure the settings on each Symantec Scan Engine to be identical. Schedule LiveUpdate and Rapid Release to occur at the same time on all of the scan engines. This ensures that virus definitions are consistent. Configure the virus scan functionality to be identical for each EMC Celerra Network Server in a group to avoid inconsistency. The scan results and repair results for infected files will be inconsistent if the settings differ for each appliance in a group. Delete the IP address of the scan engine (that is being removed) from the viruschecker.conf file before shutting down the Celerra Anti Virus Agent.
Index
A
antivirus scan policy configure 34, 93 RPC option 32 scan and repair files 32 scan and repair or delete 32 scan only 32 antivirus scanning 19
BlueArc Storage System and Hitachi High-performance NAS Platform (continued) specifying files to scan 97 system requirements 89 unavailable scan engines 103 unresponsive scan engines 104 user notification of infection found 88, 94 verify scan engine registration 102
B
Bloodhound 19 BlueArc Storage System 15 BlueArc Storage System and Hitachi High-performance NAS Platform activate virus scanning 103 add antivirus scanning 86 antivirus scan policy 91 automatically send antivirus update notifications 91 check RPC connection 91 configuring for virus scanning 102 configuring scan engine 90 connecting to Symantec Scan Engine 87 edit NAS Server list 93 editing service startup properties 90 enable virus scanning 103 file scanning 87 file type scanning 87 firmware version 89, 102 full file system scan 103 handling infected files 88 maximum number of reconnect attempts 91 overview of virus scanning 86 protocol 86 quarantining infected files 95 registered virus scanners 102 reset defaults 103 RPC client list 91 scan all file types 103 software components 86 specify file extensions 103
C
CAVA 132 CAVA sizing tool 132 Celerra Anti Virus Agent installing 145 sending files for scanning 139 Celerra Network Server 15 CIFS 28, 106 Common Internet File System 28, 106 connector about 1415 container files 19 container handling limits 77, 142
D
Data ONTAP 28, 31 decomposer 19 denial-of-file access 146 denial-of-service attack 18, 59, 77 documentation Symantec AntiVirus for Network Attached Storage 16 Symantec Scan Engine Implementation Guide 1617
E
EMC Celerra Network Server 15 EMC Celerra Network Server add antivirus scanning 131 addr parameter 146
152
Index
EMC Celerra Network Server (continued) CAVA calculator 131 Celerra Anti Virus Agent 131 configure virus scanning 145146 file scanning 133 ICAP 132 known issues 149 multiple scan engines 149 native protocol 132 parameters 146 protocol 132 protocol and supported version 15 SAV for NAS supported 15 scan-on-read 133 scanning overview 132 specify file types 134 specifying files to scan 139 VC client 131 virus scan functionality 146 virus scanning commands 133 enable Windows messenger logging 36 event security level 36 excl= 134 exclusion list 134
I
ICAP configure 53, 71, 136 configure options 107, 118 default protocol 31 options 53 ICAP options bind address 53, 71, 136 complete list 71 Enable trickle 71 enable trickle 53, 107, 118, 136 port number 53, 71, 136 scan policy 53, 71, 136 time before trickle data starts 53, 71, 107, 118, 136 inclusion list 134 infected file 32 infected files 29, 106, 117 installation requirements Linux 22 Solaris 21 Windows 20 Internet Content Adaptation Protocol 31 irreparable files 106, 117
F
file access time 133 file attachments 59, 77 file extension exclude list 57, 75 file extension exclusion list 40, 97, 140 file type exclude list 57, 75 file type exclusion list 40, 97 file types scan procedure 57, 140 file types to be scanned BlueArc Storage System and Hitachi High-performance NAS Platform 97 EMC Celerra Network Server 139 NetApp Filer 39 Sun Storage 7000 Series 74 Sun StorageTek 5000 NAS Appliance 56 full file system scan 149 server_viruschk -fsscan 149
L
Linux system requirements 22
M
malicious code 18 masks= 134
N
NAVEX 19 NetApp Filer activate virus scanning 45 adding Symantec AntiVirus 27 backups 46 cache 35, 47 configure 44, 125 configuring for virus scanning 44 Data ONTAP 28 edit list 34 editing service startup properties 31
H
Hitachi Essential NAS Platform 15 High-performance NAS Platform 15
Index
153
NetApp Filer (continued) overview of virus scanning 28, 106, 116 protocol 28 protocol and supported version 15 quarantining infected files 38 rollback 45 software components 27, 105 specify file extensions 45 Symantec antivirus supported 15 system requirements 31 user notification of infection found 36, 117 verify scan engine registration 45 vscan extensions exclude add 45 vscan extensions exclude remove 45 vscan extensions include add 45 vscan extensions include remove 45 vscan extensions include reset 45 NetApp Filer:specifying files to scan 39 Network Appliance Filer 15, 27 Network File System 28 NFS 28 notification message event security level 94 information contained 36, 94 scan policy 94 virus name 36, 94 notification of infection found BlueArc Storage System and Hitachi High-performance NAS Platform 88, 94 NetApp Filer 36, 117
quarantining infected files BlueArc Storage System and Hitachi High-performance NAS Platform 95 NetApp Filer 38
R
Rapid Release automatic update 100 RPC client list 32 configure 32, 93 handling infected files 29, 106, 117 reconnect attempts 32 RPC client list 32, 107, 118 RPC options antivirus scan policy 91 automatically send antivirus update notifications 91 check RPC connection 91 maximum number of reconnect attempts 91 RPC client list 91 RPC protocol NetApp Filer 28, 116 options 32, 91
S
scan policy notification message 36 specify 52, 70 server_viruschk 133 service startup properties BlueArc Storage System and Hitachi High-performance NAS Platform 90 edit for RPC 31, 90 NetApp Filer 31 software components about 14 BlueArc Storage System and Hitachi High-performance NAS Platform 86 NetApp Filer 27, 105 Solaris system requirements 21 Striker 19 Sun Storage 7000 Series 15 StorageTek 5000 NAS Appliance 15 Sun Storage 7000 Series caching 68
O
ONStor EverON 15
P
policy virus scan 13 polymorphic viruses 19 Preparing for installation 31
Q
quarantine irreparable file 28, 38, 106, 116117 procedure 38, 95 RPC scan policy 38, 95 unrepairable file 29, 95
154
Index
Sun Storage 7000 Series (continued) configure virus scanning 81 file scanning 68 firmware version 68 handling infected files 70 ICAP 68 installation 20 known issues 83 registering Symantec Scan Engine 81 scanning overview 68 software components 67 specify file types 69 specifying files to scan 74 Symantec antivirus supported 15 Sun StorageTek 5000 NAS Appliance caching 51 Common Internet File System (CIFS) 50 configure virus scanning 6263 enable Anti Virus 63 extensions for scanning 63 file scanning 50 handling infected files 52 known issues 65, 149 maximum connections 63 maximum file size for scanning 63 NAS Anti Virus Agent 49 NAS Anti Virus Agent settings 63, 81 protocol 50 registering Symantec Scan Engine 63 scan engine IP address and port number 63 scanning overview 50 specify file types 51 specifying files to scan 56 Symantec antivirus supported 15 Symantec anitvirus technology Bloodhound 19 examples 19 NAVEX 19 Striker 19 Symantec AntiVirus for Network Attached Storage documentation 16 Integration Guide 17 Symantec Antivirus for Network Attached Storage software components 14 supported devices 15 Symantec Central Quarantine 38, 95 Symantec Scan Engine about 14 administrative interface 31
Symantec Scan Engine (continued) change protocol 31 configure 31 configuring for EMC Celerra Network Server 136 configuring for NetApp Filer 31, 107, 118 configuring for Sun Storage 7000 Series 71 container handling limits 59 default list 57, 75 documentation 17 enable Windows messenger logging 94 LiveUpdate 60, 78, 99, 143 protocols 1415 quarantine 28, 53, 135 Rapid Release 43, 61, 79, 144 scan all files 40, 97 scan policy 134135 specify file types 51 virus protection 19 Symantec Scan Engine Implementation Guide about 17 Symantec Scan Engine:configuring for Sun StorageTek 5000 NAS Appliance 53 Symantec Security Response about 20 infected files 38, 95 website 20
T
trojan horses 19
U
unrepairable files 29 unrepairable infected file 38 unresponsive scan engines 46
V
virus definition date 88 heuristically detected 38, 95 notification 30, 88, 106, 117 user identification 30, 88, 117 virus checker configuration file 133 virus definition automatic notification 35 automatic update 42, 60, 78, 99, 143 manual notification 112, 121 new 38, 95 on updating 35
Index
155
virus definition (continued) Rapid Release definitions 43, 79, 100, 144 virus definition date 117 virus protection description 19 for network attached storage 18 why 18 virus scan functionality 63, 81 virus scan policy 13 virus scanning add 14 virus-checking client specify file types 134 starting 149 virus-checking rights 145 viruschecker.conf 134, 146 viruschecker.conf file parameters addr= 146 excl= 146 highWaterMark= 146 lowWaterMark= 146 masks= 146 maxsize= 146 shutdown= 146 surveyTime= 146 VSCAN 67 vscan 45 vscan off 45 vscan on 45 vscan options mandatory_scan 46 vscan options timeout 46 vscan reset 28
W
wildcard extension ??? 45 Windows messenger service 36 Windows service startup properties 31