文件扫描失败后Vscan超时和断开连接

适用场景

• ONATP 9.x
• Vscan
• Trellx/McAfee

问题描述

• 文件需要很长时间才能打开、因为Vscan请求已发送到AV服务器、并在几秒钟后超时。
• 用户可以在此过程后打开文件、但扫描的病毒尚未对文件执行扫描。
• 也未发现AV连接器问题。测试通过情况令人满意
• McAfee机下超时配置设置为建议值(25秒)或非常接近该值、具体请参见下面在追加信息部分中附加的知识库文章。
• EMS错误(Vscan服务器断开连接并重新连接)：

OffboxVScanTableUpd: Nblade.scannerDisconnected:notice]: Vserver "USCA3CDOT501" disconnected from Vscan server (IP: xx.xx.xx.xx)
OffboxVScanTableUpd: Nblade.scannerConnected:notice]: Vserver "USCA3CDOT501"connected to Vscan server (IP: xx.xx.xx.xx).
mgwd: vscan.pool.largeReqTimeout:notice]: For scanner-pool 'trellix_scan' created on Vserver 'XXXXXXXXXX', request-timeout is configured as 40s but that would internally be taken as 35s if the applicable On-Access policy has scan-mandatory set to "off". This ensures that the file-access is granted to theclient for such policy

• 在对Trellix NetApp活动日志进行验证后、在将扫描请求发送到服务器后立即出现错误333300002：

292039 2021-12-28 05:23:34.024798 y.y.y.y z.z.z.z VSCAN2 Scan Failed (block if mandatory scan is set) 0.047805000 Scan Reply:
Scan Failed (block if mandatory scan is set): \cifs02_vol01\profiles\bbergct\Desktop\DataAdmin.laccdb
Scan Reply
Scan Result: Offbox vscan use vscan engine status (268435456)
Engine Status: Scan Failed (block if mandatory scan is set) (333300002)
Engine Status String: Error reading file, the scanner does not have rights to open/read file.
[filename: \cifs02_vol01\profiles\bbergct\Desktop\DataAdmin.laccdb]

• 此外、在Trellix日志中还发现了其他服务帐户身份验证错误