跳转到主内容

在日志中跳过 Vscan 服务器报告文件

Views:
15
Visibility:
Public
Votes:
0
Category:
data-ontap-7
Specialty:
core
Last Updated:

适用于

  • 防病毒
  • 所有 ONTAP 版本

问题

在日志中访问 vscan 策略中包含的卷上的文件时,如果请求被发送到 AV Connector ,则会跳过 Vscan 服务器报告文件。

* 数据包跟踪 *

No.     Source                Destination           Time        Protocol Stream
    262 10.73.xx.xx          10.73.xx.xx          70.359527   VSCAN2   11         Session Setup Request (test_svm)
    263 10.73.xx.xx          10.73.xx.xx          70.362714   VSCAN2   11         Session Setup Reply
    264 10.73.xx.xx          10.73.xx.xx          70.362750   SMB2     11         Write Response
    265 10.73.xx.xx          10.73.xx.xx          70.363930   SMB2     11         Read Request Len:2048 Off:0 File: vscan
    266 10.73.xx.xx          10.73.xx.xx          70.363962   SMB2     11         Read Response, Error: STATUS_PENDING
    268 10.73.xx.xx          10.73.xx.xx          71.366315   VSCAN2   11        Scan Request: \volB\New folder\a.txt
    269 10.73.xx.xx          10.73.xx.xx          71.369419   SMB2     11         Read Request Len:2048 Off:0 File: vscan
    270 10.73.xx.xx          10.73.xx.xx          71.369451   SMB2     11         Read Response, Error: STATUS_PENDING


AV 连接器将请求发送到 Trend Macro 软件。

* AV Connector Logs*

71.417: [pipe: xxxx.xxx.xxxxx.xxx]Server: Received 110 bytes, ofsPartReq: [0]
71.417:

[Pipe: xxxx.xxx.xxxxx.xxx]
 magic_num    : [4e74417041760002]
 session_id   : [efefbbe7642b6820]
 len          : [110]
 reqId        : [362917]
 type         : [4, req_SCAN]

71.417: Sending id 1 (rsrv-id: 0) for \?\UNC\xxx_xxx.xxx.xxx.xxx\ontap_admin$\volB\New folder\a.txt
71.417: Sent!


趋势宏软件报告它已收到请求,但随后会跳过扫描并将响应发送回 AV 连接器。

5632: 4868:0722095301482:SPNT(00000800):* CheckScanTimeOutThread schedule checking ...
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195581], TimeOut[24000]
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195581], TimeOut[24000]
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest(), submit time[1469195560] ==>

5632: 4868:0722095307482:SPNT(00000800):* CheckScanTimeOutThread schedule checking ...
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195587], TimeOut[24000]
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195587], TimeOut[24000]
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest(), submit time[1469195560] ==>
5632: 4868:0722095307482:SPNT(00000800):File [24][\test_svm.na.bayer.cnb\ontap_admin$\volB\New folder\a.txt] been skipped <<<<<***
5632: 4868:0722095307482:SPNT(00000800):SendScanResultBackToFiler, send result back to Shim
5632: 7912:0722095310201:SPNT(00000800):Receive VS_ScanRequest(25, \?\UNC\xxx_xxx.xxx.xxx.xxx\ontap_admin$\volB\New folder\a.txt) from filer [MOQZ34]
5632: 7912:0722095310201:SPNT(00000800):GetFilerByName: pszFilerName=MOQZ34, bAddFiler=0
5632: 7912:0722095310201:SPNT(00000800):GetFilerByName: g_FilerList.GetCount()=1
5632: 7912:0722095310201:SPNT(00000800):VS_ScanRequest, Type is SCANTYPE_rpc_cluster


AV 连接器未收到此跳过事件的响应。
然后,存储器会使用相同的结果再次发送请求。

* 数据包跟踪 *

    340 10.73.xx.xx          10.73.104.xx          105.377182  VSCAN2   11         Scan Request: \volB\New folder\a.txt
    341 10.73.xx.xx          10.73.104.xx          105.380104  SMB2     11         Read Request Len:2048 Off:0 File: vscan
    342 10.73.xx.xx          10.73.104.xx          105.380134  SMB2     11         Read Response, Error: STATUS_PENDING
    382 10.73.xx.xx          10.73.104.xx          120.909309  VSCAN2   11         Set Extended Stats
    383 10.73.xx.xx          10.73.104.xx          120.909346  SMB2     11         Write Response
    476 10.73.xx.xx          10.73.104.xx          135.624036  VSCAN2   11         Scan Request: \volB\New folder\a.txt
    477 10.73.xx.xx          10.73.104.xx          135.627476  SMB2     11         Read Request Len:2048 Off:0 File: vscan
    478 10.73.xx.xx          10.73.104.xx          135.627518  SMB2     11         Read Response, Error: STATUS_PENDING


未再次收到响应后, vscan 会话将被中断,而存储器将与 vscan 服务器断开连接。

* 数据包跟踪 *
       503 10.73.xx.xx          10.73.xx.xx          142.483259  VSCAN2   11         Session Teardown Request
    504 10.73.xx.xx          10.73.xx.xx          142.485052  VSCAN2   11         Session Teardown Reply
    505 10.73.xx.xx          10.73.xx.xx          142.485112  SMB2     11         Write Response, Error: STATUS_END_OF_FILE
    506 10.73.xx.xx          10.73.xx.xx          142.485870  SMB2     11         Close Request File: vscan
    507 10.73.xx.xx          10.73.xx.xx          142.485901  SMB2     11         Close Response, Error: STATUS_FILE_CLOSED
    543 10.73.xx.xx          10.73.xx.xx          162.783746  SMB2     11         Tree Disconnect Request
    544 10.73.xx.xx          10.73.xx.xx          162.783775  SMB2     11         Tree Disconnect Response
    545 10.73.xx.xx          10.73.xx.xx          162.783783  SMB2     11         Session Logoff Request
    546 10.73.xx.xx          10.73.xx.xx          162.783805  SMB2     11         Session Logoff Response

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support