在日志中跳过 Vscan 服务器报告文件
适用场景
- 防病毒
- 所有 ONTAP 版本
问题描述
在日志中访问 vscan 策略中包含的卷上的文件时,如果请求被发送到 AV Connector ,则会跳过 Vscan 服务器报告文件。
* 数据包跟踪 *No. Source Destination Time Protocol Stream
262 10.73.xx.xx 10.73.xx.xx 70.359527 VSCAN2 11 Session Setup Request (test_svm)
263 10.73.xx.xx 10.73.xx.xx 70.362714 VSCAN2 11 Session Setup Reply
264 10.73.xx.xx 10.73.xx.xx 70.362750 SMB2 11 Write Response
265 10.73.xx.xx 10.73.xx.xx 70.363930 SMB2 11 Read Request Len:2048 Off:0 File: vscan
266 10.73.xx.xx 10.73.xx.xx 70.363962 SMB2 11 Read Response, Error: STATUS_PENDING
268 10.73.xx.xx 10.73.xx.xx 71.366315 VSCAN2 11 Scan Request: \volB\New folder\a.txt
269 10.73.xx.xx 10.73.xx.xx 71.369419 SMB2 11 Read Request Len:2048 Off:0 File: vscan
270 10.73.xx.xx 10.73.xx.xx 71.369451 SMB2 11 Read Response, Error: STATUS_PENDING
AV 连接器将请求发送到 Trend Macro 软件。
* AV Connector Logs*71.417: [pipe: xxxx.xxx.xxxxx.xxx]Server: Received 110 bytes, ofsPartReq: [0]
71.417:
[Pipe: xxxx.xxx.xxxxx.xxx]
magic_num : [4e74417041760002]
session_id : [efefbbe7642b6820]
len : [110]
reqId : [362917]
type : [4, req_SCAN]
71.417: Sending id 1 (rsrv-id: 0) for \?\UNC\xxx_xxx.xxx.xxx.xxx\ontap_admin$\volB\New folder\a.txt
71.417: Sent!
趋势宏软件报告它已收到请求,但随后会跳过扫描并将响应发送回 AV 连接器。
5632: 4868:0722095301482:SPNT(00000800):* CheckScanTimeOutThread schedule checking ...
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195581], TimeOut[24000]
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195581], TimeOut[24000]
5632: 4868:0722095301482:SPNT(00000800):RemoveTimeOutRequest(), submit time[1469195560] ==>
5632: 4868:0722095307482:SPNT(00000800):* CheckScanTimeOutThread schedule checking ...
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195587], TimeOut[24000]
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest() Now[1469195587], TimeOut[24000]
5632: 4868:0722095307482:SPNT(00000800):RemoveTimeOutRequest(), submit time[1469195560] ==>
5632: 4868:0722095307482:SPNT(00000800):File [24][\test_svm.na.bayer.cnb\ontap_admin$\volB\New folder\a.txt] been skipped <<<<<***
5632: 4868:0722095307482:SPNT(00000800):SendScanResultBackToFiler, send result back to Shim
5632: 7912:0722095310201:SPNT(00000800):Receive VS_ScanRequest(25, \?\UNC\xxx_xxx.xxx.xxx.xxx\ontap_admin$\volB\New folder\a.txt) from filer [MOQZ34]
5632: 7912:0722095310201:SPNT(00000800):GetFilerByName: pszFilerName=MOQZ34, bAddFiler=0
5632: 7912:0722095310201:SPNT(00000800):GetFilerByName: g_FilerList.GetCount()=1
5632: 7912:0722095310201:SPNT(00000800):VS_ScanRequest, Type is SCANTYPE_rpc_cluster
AV 连接器未收到此跳过事件的响应。
然后,存储器会使用相同的结果再次发送请求。
* 数据包跟踪 * 340 10.73.xx.xx 10.73.104.xx 105.377182 VSCAN2 11 Scan Request: \volB\New folder\a.txt
341 10.73.xx.xx 10.73.104.xx 105.380104 SMB2 11 Read Request Len:2048 Off:0 File: vscan
342 10.73.xx.xx 10.73.104.xx 105.380134 SMB2 11 Read Response, Error: STATUS_PENDING
382 10.73.xx.xx 10.73.104.xx 120.909309 VSCAN2 11 Set Extended Stats
383 10.73.xx.xx 10.73.104.xx 120.909346 SMB2 11 Write Response
476 10.73.xx.xx 10.73.104.xx 135.624036 VSCAN2 11 Scan Request: \volB\New folder\a.txt
477 10.73.xx.xx 10.73.104.xx 135.627476 SMB2 11 Read Request Len:2048 Off:0 File: vscan
478 10.73.xx.xx 10.73.104.xx 135.627518 SMB2 11 Read Response, Error: STATUS_PENDING
未再次收到响应后, vscan 会话将被中断,而存储器将与 vscan 服务器断开连接。
* 数据包跟踪 *
503 10.73.xx.xx 10.73.xx.xx 142.483259 VSCAN2 11 Session Teardown Request
504 10.73.xx.xx 10.73.xx.xx 142.485052 VSCAN2 11 Session Teardown Reply
505 10.73.xx.xx 10.73.xx.xx 142.485112 SMB2 11 Write Response, Error: STATUS_END_OF_FILE
506 10.73.xx.xx 10.73.xx.xx 142.485870 SMB2 11 Close Request File: vscan
507 10.73.xx.xx 10.73.xx.xx 142.485901 SMB2 11 Close Response, Error: STATUS_FILE_CLOSED
543 10.73.xx.xx 10.73.xx.xx 162.783746 SMB2 11 Tree Disconnect Request
544 10.73.xx.xx 10.73.xx.xx 162.783775 SMB2 11 Tree Disconnect Response
545 10.73.xx.xx 10.73.xx.xx 162.783783 SMB2 11 Session Logoff Request
546 10.73.xx.xx 10.73.xx.xx 162.783805 SMB2 11 Session Logoff Response