Symatec AtiVirus for Network Attached Storage Itegratio Guide
2 Symatec AtiVirus for Network Attached Storage Itegratio Guide The software described i this book is furished uder a licese agreemet ad may be used oly i accordace with the terms of the agreemet. Documetatio versio 5.2.8 Legal Notice Copyright 2010 Symatec Corporatio. All rights reserved. Symatec ad the Symatec Logo are trademarks or registered trademarks of Symatec Corporatio or its affiliates i the U.S ad other coutries. Other ames may be trademarks of their respective owers. This Symatec product may cotai third party software for which Symatec is required to provide attributio to the third party ( Third Party Programs ). Some of the Third Party Programs are available uder ope source or free software liceses. The Licese Agreemet accompayig the Software does ot alter ay rights or obligatios you may have uder those ope source or free software liceses. Please see the Third Party Legal Notice Appedix to this Documetatio or TPIP ReadMe File accompayig this Symatec product for more iformatio o the Third Party Programs. The product described i this documet is distributed uder liceses restrictig its use, copyig, distributio, ad decompilatio/reverse egieerig. No part of this documet may be reproduced i ay form by ay meas without prior writte authorizatio of Symatec Corporatio ad its licesors, if ay. THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON- INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licesed Software ad Documetatio are deemed to be commercial computer software as defied i FAR 12.212 ad subject to restricted rights as defied i FAR Sectio 52.227-19 Commercial Computer Software - Restricted Rights ad DFARS 227.7202, Rights i Commercial Computer Software or Commercial Computer Software Documetatio, as applicable, ad ay successor regulatios. Ay use, modificatio, reproductio release, performace, display or disclosure of the Licesed Software ad Documetatio by the U.S Govermet shall be solely i accordace with the terms of this Agreemet. Symatec Corporatio 350 Ellis Street Moutai View, CA 94043 http://www.symatec.com
3 Techical support Cotactig Techical Support Symatec Techical Support maitais support ceters globally. Techical Support s primary role is to respod to specific queries about product features ad fuctioality. The Techical Support group also creates cotet for our olie Kowledge Base. The Techical Support group works collaboratively with the other fuctioal areas withi Symatec to aswer your questios i a timely fashio. For example, the Techical Support group works with Product Egieerig ad Symatec Secuirty Respose to provide alertig services ad virus defiitio updates. Symatec s maiteace offerigs iclude the followig: A rage of support optios that give you the flexibility to select the right amout of service for ay site orgaizatio Telephoe ad Web-based support that provides rapid respose ad up-tothe-miute iformatio Upgrade assurace that delivers automatic software upgrade protectio Global support purchased o a regioal busiess hours or 24 hours a day, 7 days a week basis Premium service offerigs that iclude Accout Maagemet Services For iformatio about Symatec s Maiteace Programs, you ca visit our Web site at the followig URL: www.symatec.com/busiess/support/ All support services will be delivered i accordace with your support agreemet ad the the-curret eterprise techical support policy. Customers with a curret maiteace agreemet may access Techical Support iformatio at the followig URL: www.symatec.com/busiess/support/ Before cotactig Techical Support, make sure that you have satisfied the system requiremets that are listed i your product documetatio. Also, you should be at the computer o which the problem occurred, i case it is ecessary to replicate the problem. Whe you cotact Techical Support, please have the followig iformatio available: Product release level Hardware iformatio Available memory, disk space, ad NIC iformatio Operatig system Versio ad patch level
4 Network topology Router, gateway, ad IP address iformatio Problem descriptio: Error messages ad log files Troubleshootig that was performed before cotactig Symatec Recet software cofiguratio chages ad etwork chages Licesig ad registratio Customer Service If your Symatec product requires registratio or a licese key, access our techical support Web page at the followig URL: www.symatec.com/busiess/support/ Customer service iformatio is available at the followig URL: www.symatec.com/busiess/support/ Customer Service is available to assist with the followig types of issues: Questios regardig product licesig or serializatio Product registratio updates such as address or ame chages Geeral product iformatio (features, laguage availability, local dealers) Latest iformatio about product updates ad upgrades Iformatio about upgrade assurace ad maiteace cotracts Iformatio about the Symatec Buyig Programs Advice about Symatec s techical support optios Notechical presales questios Issues that are related to CD-ROMs or mauals Support agreemet resources If you wat to cotact Symatec regardig a existig maiteace agreemet, please cotact the maiteace agreemet admiistratio team for your regio as follows: Asia-Pacific ad Japa Europe, Middle-East, ad Africa North America ad Lati America customercare_apac@symatec.com semea@symatec.com supportsolutios@symatec.com
Cotets Techical support Chapter 1 Chapter 2 Itroducig Symatec AtiVirus for Network Attached Storage About Symatec AtiVirus for Network Attached Storage... 11 About software compoets... 12 About Symatec Sca Egie... 12 About the coector... 13 Supported storage devices... 13 How to use the Symatec AtiVirus for Network Attached Storage documetatio... 14 About the Symatec Sca Egie Implemetatio Guide... 15 About the Symatec AtiVirus for Network Attached Storage Itegratio Guide... 15 Why you eed virus protectio i a etwork attached storage eviromet 16 How the sca egie protects agaist viruses... 17 About Symatec Security Respose... 18 About preparig for istallatio... 18 Widows system requiremets... 19 Solaris system requiremets... 20 Liux system requiremets... 21 Post-istallatio tasks... 22 Cofigurig Symatec AtiVirus for NetApp Filer About software compoets... 25 How Symatec Sca Egie works with the NetApp Filer cliet... 26 What happes whe a file is scaed... 26 About coectig to Symatec Sca Egie... 27 About limitig scaig by file type... 27 About hadlig ifected files... 28 About user idetificatio ad otificatio whe a virus is foud... 28 About preparig for istallatio... 29 About cofigurig Symatec Sca Egie... 30 Editig the service startup properties... 30 Cofigurig RPC protocol optios... 31
6 Cotets Notifyig the NetApp Filer whe virus defiitios are updated... 34 Notifyig a requestig user that a virus was foud... 35 About quaratiig urepairable ifected files... 36 Specifyig which embedded files to sca... 37 Schedulig LiveUpdate to update virus defiitios automatically... 40 Cofigurig Rapid Release updates to occur automatically... 41 About cofigurig the cliet NetApp Filer... 42 About verifyig that the sca egie is registered with the filer... 42 About activatig virus scaig... 43 About specifyig the file extesios to be scaed o the NetApp Filer 43 About workig with uresposive sca egies... 44 How virus scaig affects backups o NetApp Filer... 44 About clearig the scaed files cache... 44 About otifyig a requestig user that a virus was foud... 45 Chapter 3 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About software compoets... 48 How Symatec Sca Egie works with the Su StorageTek 5000 NAS Appliace 48 How are files scaed... 48 How cachig works... 49 About specifyig which file types are scaed... 49 About specifyig the sca policy... 51 About hadlig ifected files o the NAS device... 51 About preparig for istallatio... 52 About cofigurig Symatec Sca Egie... 52 Cofigurig ICAP-specific optios... 52 Specifyig which file types to sca o the sca egie... 55 Specifyig cotaier hadlig limits... 57 Schedulig LiveUpdate to update virus defiitios automatically... 58 Cofigurig Rapid Release updates to occur automatically... 59 About cofigurig the Su StorageTek 5000 NAS Appliace... 60 Registerig Symatec Sca Egie... 60 About cofigurig virus scaig o the Su StorageTek 5000 NAS Appliace... 61 Recommedatios while itegratig multiple sca egies... 63 Chapter 4 Cofigurig Symatec AtiVirus for Su Storage 7000 Series About software compoets... 66 How Symatec Sca Egie works with the Su Storage 7000 Series NAS device
Cotets 7 66 How are files scaed... 66 How cachig works... 67 About specifyig which file types are scaed... 67 About specifyig the sca policy... 68 About hadlig ifected files o the NAS device... 68 About preparig for istallatio... 69 About cofigurig Symatec Sca Egie... 69 Cofigurig ICAP-specific optios... 69 Specifyig which file types to sca o the sca egie... 72 Specifyig cotaier hadlig limits... 75 Schedulig LiveUpdate to update virus defiitios automatically... 75 Cofigurig Rapid Release updates to occur automatically... 76 About cofigurig the Su Storage 7000 Series NAS device... 78 Registerig Symatec Sca Egie... 78 About cofigurig virus scaig o the Su Storage 7000 Series NAS device... 78 Recommedatios while itegratig multiple sca egies... 80 Chapter 5 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc About software compoets... 82 How Symatec Sca Egie works with BlueArc Storage System ad Hitachi High-performace NAS Platform... 82 What happes whe a file is scaed... 83 About coectig to Symatec Sca Egie... 83 About limitig scaig by file type... 83 About hadlig ifected files... 84 About user idetificatio ad otificatio whe a virus is foud... 84 About preparig for istallatio... 85 About cofigurig Symatec Sca Egie... 86 Editig the service startup properties... 86 Cofigurig RPC protocol optios... 87 Notifyig a requestig user that a virus was foud... 90 About quaratiig urepairable ifected files... 91 Specifyig which embedded files to sca... 92 Schedulig LiveUpdate to update virus defiitios automatically... 95 Cofigurig Rapid Release updates to occur automatically... 96 About cofigurig BlueArc Storage System or Hitachi High-performace NAS Platform... 97 About verifyig that the sca egie is registered with the NAS Server 98 About activatig virus scaig... 98
8 Cotets About specifyig the file extesios to be scaed o the NAS Server 98 About executig a full file system sca... 99 About workig with uavailable sca egies... 99 About workig with uresposive sca egies... 99 Chapter 6 Chapter 7 Chapter 8 Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About software compoets...101 How Symatec Sca Egie works with the Hitachi Essetial NAS Platform 102 What happes whe a file is scaed...102 About hadlig ifected files...103 About cofigurig Symatec Sca Egie...103 Cofigurig ICAP-specific optios...103 Specifyig which file types to sca o the sca egie...106 About specifyig cotaier hadlig limits...108 Schedulig LiveUpdate to update virus defiitios automatically...109 Cofigurig Symatec AtiVirus for ONStor EverON About software compoets...111 How Symatec Sca Egie works with the ONStor EverON...112 What happes whe a file is scaed...112 About hadlig ifected files...113 About cofigurig Symatec Sca Egie...113 Cofigurig ICAP-specific optios...113 Specifyig which file types to sca o the sca egie...116 About specifyig cotaier hadlig limits...118 Schedulig LiveUpdate to update virus defiitios automatically...119 About cofigurig the ONStor VirusSca Applet...120 Cofigurig the VirusSca Applet for the Symatec Sca Egie...120 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About software compoets...124 How Symatec Sca Egie works with EMC Celerra Network Server...124 How are files scaed...125 About scaig o read...125 About specifyig which file types are scaed...126 About specifyig the sca policy...127 About preparig for istallatio...128 About cofigurig Symatec Sca Egie...128 Cofigurig ICAP-specific optios...128 Specifyig which file types to sca o the sca egie...131
Cotets 9 About specifyig cotaier hadlig limits...133 Schedulig LiveUpdate to update virus defiitios automatically...134 Cofigurig Rapid Release updates to occur automatically...135 About cofigurig EMC Celerra Network Server...136 About istallig the Celerra Ati Virus Aget...136 About registerig Symatec Sca Egie...137 About cofigurig virus scaig o EMC Celerra Network Server.137 About startig the Virus-checkig cliet...139 About executig a full file system sca...140 Kow issue with EMC Celerra Network Server...140 Recommedatios while itegratig multiple sca egies...140 Idex
10 Cotets
Chapter 1 Itroducig Symatec AtiVirus for Network Attached Storage This chapter icludes the followig topics: About Symatec AtiVirus for Network Attached Storage Supported storage devices How to use the Symatec AtiVirus for Network Attached Storage documetatio Why you eed virus protectio i a etwork attached storage eviromet About preparig for istallatio Post-istallatio tasks About Symatec AtiVirus for Network Attached Storage Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair services for a umber of etwork-attached storage (NAS) devices. You ca sca files for viruses automatically as they are accessed from storage before the requestig user gais access to it. Based o a cofigurable virus sca policy, whe a virus is foud i a file, the file is repaired. The clea file is stored o the NAS device ad oly the is the requestig user grated access.
12 Itroducig Symatec AtiVirus for Network Attached Storage About Symatec AtiVirus for Network Attached Storage About software compoets I most cases, addig virus scaig to a supported NAS device requires istallatio ad cofiguratio of the followig compoets: Symatec Sca Egie, which provides the virus scaig ad repair services See About Symatec Sca Egie o page 12. Coector, which lets the NAS device commuicate with Symatec Sca Egie See About the coector o page 13. Figure 1-1 shows a typical itegratio of a etwork attached storage device with Symatec Sca Egie. Figure 1-1 Itegratio of a etwork attached storage device with the Symatec Sca Egie 1. The cliet tries to access a file o the etwork attached storage device. 2. The etwork attached storage device, by meas of a coector, seds the file to the Symatec Sca Egie for scaig. 3. Symatec Sca Egie scas the file, repairs it if it is ifected, ad returs the clea file to the etwork attached storage device. 4. The etwork attached storage device writes the cleaed file to disk, caches the fact that the file has bee cleaed, ad seds the file to the cliet. About Symatec Sca Egie Symatec Sca Egie, formerly marketed as Symatec AtiVirus Sca Egie, is a carrier-class cotet scaig egie. Symatec Sca Egie provides cotet scaig capabilities to ay applicatio o a IP etwork, regardless of platform. Ay applicatio ca pass files to Symatec Sca Egie for scaig.
Itroducig Symatec AtiVirus for Network Attached Storage Supported storage devices 13 Symatec Sca Egie accepts sca requests from cliet applicatios that use the followig protocols: The Iteret Cotet Adaptatio Protocol (ICAP), versio 1.0, as preseted i RFC 3507 (April 2003) A proprietary implemetatio of remote procedure call (RPC) Symatec Sca Egie ative protocol Symatec Sca Egie is icluded i the Symatec AtiVirus for Network Attached Storage distributio package. For more iformatio about the sca egie, see the Symatec Sca Egie Implemetatio Guide o the product CD. About the coector The coector hadles the commuicatio betwee the sca egie ad the NAS device ad iterprets the results that are retured from the sca egie after scaig. The maufacturer of the NAS device develops ad provides support for the coector. The coector typically is istalled ad cofigured o the NAS device. (I some cases, the maufacturer pre-istalls the coector.) I some cases, o coector is ecessary. The NAS device hadles the commuicatio with the sca egie, ad ay cofiguratio optios are available directly o the device. Supported storage devices Symatec AtiVirus for Network Attached Storage supports the followig storage devices: Network Appliace (NetApp) Filer Su StorageTek 5000 NAS Appliace Su Storage 7000 Series BlueArc Storage System Hitachi High-performace NAS Platform Hitachi Essetial NAS Platform ONStor EverON EMC Celerra Network Server
14 Itroducig Symatec AtiVirus for Network Attached Storage How to use the Symatec AtiVirus for Network Attached Storage documetatio Table 1-1 gives the list of storage devices, its supported versios, ad the protocol that Symatec Sca Egie uses to iterface with these storage devices. Table 1-1 Supported storage devices ad protocols Storage device Protocol used Supported versio Network Appliace (NetApp) Filer RPC Data ONTAP versio 6.1.3R2 or later Su StorageTek 5000 NAS Appliace ICAP Su NAS Firmware 4.21 M1 or later Su Storage 7000 Series ICAP Su Storage 7xxx versio 2008.10 BlueArc Storage System RPC 4.0 or later Hitachi High-performace NAS Platform RPC 4.0 or later Hitachi Essetial NAS Platform ICAP 6.2 or later ONStor EverON ICAP 4.0 or later EMC Celerra Network Server ICAP CAVA 4.5 or later Note: If the sca egie uses RPC protocol to iterface with your etwork attached storage device, Symatec Sca Egie must be istalled o Widows 2000 Server/Widows 2003 Server/Widows 2008 Server platforms oly. How to use the Symatec AtiVirus for Network Attached Storage documetatio To cofigure Symatec AtiVirus for Network Attached Storage to work with oe of the supported NAS devices, you eed the documetatio that is icluded i the Symatec AtiVirus for Network Attached Storage distributio package. You eed the documetatio that is provided by the maufacturer of the NAS device as well. The Symatec AtiVirus for Network Attached Storage distributio package icludes the followig documets: Symatec Sca Egie Implemetatio Guide Symatec AtiVirus for Network Attached Storage Itegratio Guide
Itroducig Symatec AtiVirus for Network Attached Storage How to use the Symatec AtiVirus for Network Attached Storage documetatio 15 The maufacturer of the NAS device develops the coector to itegrate Symatec Sca Egie. The maufacturer of the NAS device also prepares ad distributes supportig documetatio for the coector. Obtai the coector ad ay supportig documetatio from the maufacturer if you do ot receive it with the NAS device. About the Symatec Sca Egie Implemetatio Guide Use the Symatec Sca Egie Implemetatio Guide as the primary guide for istallig ad cofigurig Symatec Sca Egie. This guide cotais the iformatio that you eed to cosider about the sca egie cofiguratio optios. Refer to the Symatec AtiVirus for Network Attached Storage Itegratio Guide for istructios o cofigurig Symatec Sca Egie to work with a specific NAS device. About the Symatec AtiVirus for Network Attached Storage Itegratio Guide The Symatec AtiVirus for Network Attached Storage Itegratio Guide icludes a chapter for each supported NAS device. Use the guidace ad recommedatios that are i the appropriate chapter of this guide with the maufacturer-prepared documetatio to implemet virus scaig. Each chapter i the Symatec AtiVirus for Network Attached Storage Itegratio Guide icludes the followig iformatio: Geeral iformatio o how ativirus scaig works with the NAS device Virus scaig fuctioality ca differ depedig o the capabilities of the NAS device ad the complexity of the coector. Some of the virus scaig fuctios iclude hadlig of ifected files, timig of file scaig, ad loggig of ifectios foud. This sectio provides a overview of how Symatec Sca Egie ad the NAS device iteract durig virus scaig.
16 Itroducig Symatec AtiVirus for Network Attached Storage Why you eed virus protectio i a etwork attached storage eviromet Iformatio for cofigurig the sca egie to work with the NAS device Iformatio o cofigurig the NAS device to work with the sca egie This sectio discusses the cofiguratio optios o the sca egie that must be cofigured to work with the NAS device. It may highlight other optios that are importat i settig up comprehesive virus protectio as well. This iformatio does ot replace the Symatec Sca Egie Implemetatio Guide. Cosult the implemetatio guide for istallatio iformatio ad for additioal iformatio o cofigurig Symatec Sca Egie to meet your eeds. This sectio discusses ay cofiguratio optios o the NAS device that must be cofigured to work with Symatec Sca Egie. It may make recommedatios for cofigurig the NAS device to esure comprehesive virus protectio. This iformatio does ot replace the documetatio that is provided by the maufacturer of the NAS device. Cosult the product documetatio for additioal iformatio o cofigurig the NAS device for virus scaig. Kow issues This sectio describes the issues that ca affect operatio betwee Symatec Sca Egie ad the NAS device. Why you eed virus protectio i a etwork attached storage eviromet Network attached storage provides may beefits, such as icreased performace, heterogeeous data access, data redudacy, ease of storage maagemet, ad real-time backup recovery. However, the implemetatio of a NAS system itroduces security risks that should be addressed. Data ca be accessed ad compromised more quickly whe it is cosolidated ito a cetralized NAS system. This occurs because NAS systems are typically coected directly to the local etwork. Istallig virus protectio software at key locatios i the corporate etwork is ot sufficiet to protect data o NAS servers. Examples of such key locatios are firewalls, email gateways, ad desktops.
Itroducig Symatec AtiVirus for Network Attached Storage Why you eed virus protectio i a etwork attached storage eviromet 17 Dedicated ativirus protectio for a NAS system should be part of a comprehesive security policy for the followig reasos: Storage servers are susceptible to attacks from viruses, worms, Troja horses, ad other malicious code because large umber of users access them ad they cotai large amouts of data. Malicious code ca result i lost, stole, or corrupted files, which ca result i costly dowtime to the eterprise. The NAS system ca become a vector for the malicious code whe a threat is stored o the NAS system. It ca compromise the computers ad the data of the users who access the NAS system. Malicious code ca be replicated multiple times i multiple locatios through NAS backup, mirrorig of data, ad archivig. The malicious code ca be re-itroduced to the NAS system whe NAS data that cotais malicious code is restored from oe of these locatios. This re-itroductio ca potetially reifect the etwork. Malicious code could replicate o the NAS system i multiple locatios ad ifect other parts of the etwork. The effort to remove a threat becomes a time-cosumig task that ivolves sigificat dowtime as well as time ad moey for data recovery. The NAS system ca be used as a access poit to the rest of the etwork or as a lauch poit for a attack. For example, a deial-of-service attack ca be lauched i a NAS system. Idustry regulatios ad laws ow require that orgaizatios that maitai fiacial, medical, persoal, ad email data should protect the data from beig stole, altered, or destroyed. Orgaizatios are legally resposible for providig comprehesive protectio for stored data. How the sca egie protects agaist viruses Symatec Sca Egie detects viruses, worms, ad Troja horses i all major file types (for example, Widows files, DOS files, ad Microsoft Word ad Excel files). Symatec Sca Egie icludes a decomposer that hadles most compressed ad archive file formats ad ested levels of files. You ca cofigure the sca egie to limit scaig to certai file types by a file extesio ad file type exclusio list. Symatec Sca Egie provides protectio agaist those cotaier files that ca cause deial-of-service attacks. Examples are those cotaier files that are overly large, that cotai large umbers of embedded compressed files, or that have bee desiged to use resources maliciously ad degrade performace. You ca specify the maximum amout of time that the sca egie devotes to
18 Itroducig Symatec AtiVirus for Network Attached Storage About preparig for istallatio extractig a file ad its cotets, the maximum file size for cotaier files, ad the maximum umber of ested levels to be decomposed for scaig. Symatec Sca Egie also detects mobile code such as Java, ActiveX, ad stadaloe script-based threats. Symatec Sca Egie uses Symatec ativirus techologies, icludig Bloodhoud, for heuristic detectio of ew or ukow viruses; NAVEX, which provides protectio from ew classes of viruses automatically through LiveUpdate; ad Striker, for the detectio of polymorphic viruses. The sca egie ca also be cofigured to sed alerts whe specific thresholds are met or exceeded. For example, if the same type of virus has bee detected te times i a 20-miute iterval, the sca egie ca be cofigured to sed a alert to ay of the sca egie loggig or alertig destiatios. About Symatec Security Respose Symatec Sca Egie is supported by the Symatec Security Respose team. These Symatec egieers work 24 hours per day, 7 days per week, trackig ew virus outbreaks ad idetifyig ew virus threats. For more iformatio about protectio agaist a specific virus, visit the Symatec Security Respose Web site at: http://securityrespose.symatec.com For more iformatio, see the Symatec Sca Egie Implemetatio Guide. About preparig for istallatio Before you istall Symatec Ativirus for Network Attached Storage, you should esure that your computer meets the system requiremets for istallig the sca egie. The sca egie is icluded o the Symatec AtiVirus for Network Attached Storage CD. If the sca egie uses RPC protocol to iterface with your etwork attached storage device, Symatec Sca Egie must be istalled o Widows 2000 Server/Widows 2003 Server/Widows 2008 Server platforms oly. For more iformatio about istallig the sca egie, see the Symatec Sca Egie Implemetatio Guide o the product CD.
Itroducig Symatec AtiVirus for Network Attached Storage About preparig for istallatio 19 Widows system requiremets The followig are the system requiremets for istallig Symatec AtiVirus for Network Attached Storage o a Widows 2000 Server/Widows 2003 Server/Widows 2008 Server: Operatig system Widows 2000 Server with the latest service pack Widows Server 2003 (32-bit) Widows Server 2003 R2 (32-bit) Widows Server 2003 R2 (64-bit) Widows Server 2008 (32-bit) Widows Server 2008 (64-bit) Widows Server 2008 R2 (64-bit) Processor Memory Disk space Petium 4 processor 1 GHz or higher 1 GB of RAM or higher 500 MB of hard disk space Hardware 1 etwork iterface card (NIC) ruig TCP/IP with a static IP address Iteret coectio to update defiitios 100 Mbits/s Etheret lik (1 Gbit/s recommeded) Software J2SE Rutime Eviromet (JRE) 5.0 (update 13 or later) or JRE 6.0 The most curret versio of JRE 5.0 ad JRE 6.0 at the time of product ship is provided o the product CD i the followig folder: Tools\Java\Wi32 Oe of the followig Web browsers to access the Symatec Sca Egie cosole Microsoft Iteret Explorer 6 (SP1) or later Use Microsoft Iteret Explorer to access the Symatec Sca Egie cosole from a Widows cliet computer. Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symatec Sca Egie cosole from a Solaris or Liux cliet computer. The Web browser is oly required for Web-based admiistratio. You must istall the Web browser o a computer from which you wat to access the Symatec Sca Egie cosole. The computer must have access to the server o which Symatec Sca Egie rus.
20 Itroducig Symatec AtiVirus for Network Attached Storage About preparig for istallatio Solaris system requiremets The followig are the system requiremets for istallig Symatec AtiVirus for Network Attached Storage o a Su Solaris system: Operatig system Solaris 9 ad 10 Esure that your operatig system has the latest patches that are available. Processor Memory Disk space SPARC 1 GB of RAM or higher 500 MB of hard disk space Hardware 1 etwork iterface card (NIC) ruig TCP/IP with a static IP address Iteret coectio to update defiitios 100 Mbits/s Etheret lik (1 Gbit/s recommeded) Software J2SE Rutime Eviromet (JRE) 5.0 (update 13 or later) or JRE 6.0 The most curret versio of JRE 5.0 ad JRE 6.0 at the time of product ship is provided o the product CD i the followig folder: Tools\Java\Solaris If you istall the self-extractig JRE, esure that you ote the istallatio locatio. You must provide the locatio of the JRE if the istaller is uable to detect it. Oe of the followig Web browsers to access the Symatec Sca Egie cosole Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symatec Sca Egie cosole from a Solaris or Liux cliet computer. Microsoft Iteret Explorer 6 (SP1) or later Use Microsoft Iteret Explorer to access the Symatec Sca Egie cosole from a Widows cliet computer. The Web browser is oly required for Web-based admiistratio. You must istall the Web browser o a computer from which you wat to access the Symatec Sca Egie cosole. The computer must have access to the server o which Symatec Sca Egie rus.
Itroducig Symatec AtiVirus for Network Attached Storage About preparig for istallatio 21 Liux system requiremets The followig are the system requiremets for istallig Symatec AtiVirus for Network Attached Storage o a Liux system: Operatig system Red Hat Liux Eterprise Server 3 ad 4 Red Hat Liux Advaced Server 3 ad 4 Red Hat Eterprise Liux 5 SuSE Liux Eterprise Server 9 ad 10 Red Hat Eterprise Liux 5 (64-bit) Processor Memory Disk space Petium 4 processor 1 GHZ or higher 1 GB of RAM or higher 500 MB of hard disk space Hardware 1 etwork iterface card (NIC) ruig TCP/IP with a static IP address Iteret coectio to update defiitios 100 Mbits/s Etheret lik (1 Gbit/s recommeded)
22 Itroducig Symatec AtiVirus for Network Attached Storage Post-istallatio tasks Software Esure that the followig packages are istalled: GNU sharutils-4.6.1-2 or later Use this package to expad the Rapid Release packages. compress-4.2.4-44 or later Use this package to expad the Rapid Release packages. GNU C Library (glibc) iitscripts This package is required for Red Hat Liux oly. aaa_base package This package is required for SuSE oly. J2SE Rutime Eviromet (JRE) 5.0 (update 13 or later) or JRE 6.0 The most curret versio of JRE 5.0 ad JRE 6.0 at the time of product ship is provided o the product CD i the followig folder: Tools\ Java\RedHat Istall the JRE usig Red Hat Package Maager (RPM). Esure that you ote the istallatio locatio. You must provide the locatio of the JRE if the istaller is uable to detect it. Oe of the followig Web browsers to access the Symatec Sca Egie cosole Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symatec Sca Egie cosole from a Solaris or Liux cliet computer. Microsoft Iteret Explorer 6 (SP1) or later Use Microsoft Iteret Explorer to access the Symatec Sca Egie cosole from a Widows cliet computer. The Web browser is oly required for Web-based admiistratio. You must istall the Web browser o a computer from which you wat to access the Symatec Sca Egie cosole. The computer must have access to the server o which Symatec Sca Egie rus. Post-istallatio tasks The Symatec AtiVirus for Network Attached Storage coectors do ot require licesig from Symatec. However, you must istall the appropriate liceses for Symatec Sca Egie. These liceses are required to activate ativirus scaig fuctioality for the sca egie ad to receive updated virus defiitios. For more iformatio about licesig, see the Symatec Sca Egie Implemetatio Guide.
Itroducig Symatec AtiVirus for Network Attached Storage Post-istallatio tasks 23 After you istall ad cofigure the sca egie, you must cofigure the coector for your etwork attached storage device to sed files to the sca egie. For more iformatio about itegratig a specific coector with the sca egie, see the appropriate chapter i this guide.
24 Itroducig Symatec AtiVirus for Network Attached Storage Post-istallatio tasks
Chapter 2 Cofigurig Symatec AtiVirus for NetApp Filer This chapter icludes the followig topics: About software compoets How Symatec Sca Egie works with the NetApp Filer cliet About preparig for istallatio About cofigurig Symatec Sca Egie About cofigurig the cliet NetApp Filer About software compoets Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for Network Appliace (NetApp) Filer storage appliaces. Cofigure the followig compoets to add ativirus scaig to the NetApp Filer: Symatec Sca Egie, which provides the virus scaig ad repair services For more iformatio, see the Symatec Sca Egie Implemetatio Guide.
26 Cofigurig Symatec AtiVirus for NetApp Filer How Symatec Sca Egie works with the NetApp Filer cliet The NetApp Filer Some optios are cofigured directly o the NetApp Filer. No additioal code is ecessary to coect Symatec Sca Egie to the NetApp Filer. See About cofigurig the cliet NetApp Filer o page 42 How Symatec Sca Egie works with the NetApp Filer cliet Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for the NetApp Filer storage appliaces that support Data ONTAP versio 6.1.3 or later. Each Filer must be ruig Data ONTAP 6.1.3 or later if you pla to use a sigle Symatec Sca Egie to support multiple Filer storage appliaces. Symatec Sca Egie must be istalled o a computer that is ruig Widows 2000 Server/Widows 2003 Server/Widows 2008 Server. It must be located i the same domai as the NetApp Filer for which it provides scaig ad repair services. Symatec Sca Egie uses the proprietary Network Appliace adaptatio of the RPC protocol to iterface with NetApp Filer storage appliaces. A sigle Symatec Sca Egie ca support multiple NetApp Filers. You ca use multiple sca egies to support oe or more filers for sites with larger sca volumes. Load balacig is hadled through the NetApp Filer iterface. Virus scaig o the NetApp Filer is available oly for those files that are requested through the Commo Iteret File System (CIFS). Files that are requested through the Network File System (NFS) are ot scaed for viruses. What happes whe a file is scaed The NetApp Filer submits files to Symatec Sca Egie for scaig o both read ad write. That is, files are scaed whe they are accessed from storage (read), reamed (write) ad whe submitted for storage, if modified (write). Whe a user tries to access a file, the filer passes the file to Symatec Sca Egie for scaig. After a file is scaed, Symatec Sca Egie idicates the scaig results to the filer. If a file is ifected ad ca be repaired, the sca egie returs the repaired file based o a cofigurable virus sca policy. Clea files are passed to the requestig user after the filer receives the scaig results. The repaired file is passed to the requestig user if the file is ifected ad ca be repaired. The stored versio of the ifected file is the replaced with the repaired file. The user is deied access to the file if the file is ifected ad
Cofigurig Symatec AtiVirus for NetApp Filer How Symatec Sca Egie works with the NetApp Filer cliet 27 caot be repaired, ad the ifected file is deleted from storage. Symatec Sca Egie ca be cofigured to quaratie these urepairable files. See About quaratiig urepairable ifected files o page 36. The filer caches scaig results for each clea file to avoid redudat scas of those files that have already bee scaed. The cache is purged whe the virus defiitios o Symatec Sca Egie are updated, the vsca reset commad is ru o the filer, or whe the sca egie is restarted. If the cache is full ad a file that is ot i the cache is accessed, the oldest iformatio i the cache is purged. This esures that the scaig results for the ewly scaed file ca be stored. About coectig to Symatec Sca Egie A coectio is maitaied betwee each NetApp Filer ad Symatec Sca Egie. Symatec Sca Egie moitors the coectio with each NetApp Filer by checkig the coectio at a cofigured time iterval. The sca egie tries to recoect if it determies that the coectio is ot active. (The umber of times that the sca egie tries to re-establish the coectio ca also be cofigured.) About limitig scaig by file type Viruses are foud oly i the file types that cotai executable code. Oly those file types that ca cotai viruses eed be scaed. Limitig scaig by file type saves badwidth ad time. You have the followig levels of cotrol over which files are scaed: You ca cotrol the files that are iitially submitted to the sca egie by the NetApp Filer for scaig The NetApp Filer lets you specify by file extesio the files that are to be passed to Symatec Sca Egie for scaig. You cofigure the file types that you wat to submit for scaig through the NetApp Filer iterface i accordace with the product documetatio. See About specifyig the file extesios to be scaed o the NetApp Filer o page 43.
28 Cofigurig Symatec AtiVirus for NetApp Filer How Symatec Sca Egie works with the NetApp Filer cliet You ca cotrol the files that are embedded i archival file formats (for example,.zip or.lzh files) that are to be scaed by Symatec Sca Egie The sca egie lets you specify the file types ad the file extesios that you do ot wat to sca. The file extesios exclusio list ad the file type exclusio list achieve this purpose. You ca also sca all file types regardless of extesio. You cofigure which embedded files are scaed through the Symatec Sca Egie admiistrative iterface. See Specifyig which embedded files to sca o page 37. About hadlig ifected files You ca cofigure Symatec Sca Egie to do ay of the followig whe a ifected file is foud: Sca Oly Sca ad repair files Sca ad repair or delete Dey access to the ifected file, but do othig to the ifected file. Try to repair the ifected file, ad dey access to ay urepairable file. Try to repair the ifected file, ad delete ay urepairable file. You ca also cofigure the sca egie to quaratie urepairable files. See About quaratiig urepairable ifected files o page 36. About user idetificatio ad otificatio whe a virus is foud Whe a virus is foud i a file that is requested from the NetApp Filer, Symatec Sca Egie automatically obtais (for loggig purposes) idetificatio iformatio about the user who requested the ifected file. This iformatio icludes the security idetifier of the user ad the IP address ad host ame of the requestig computer. The idetificatio iformatio supplemets the iformatio that is cotaied i Ifectio Foud log messages that are logged to the local logs, the Widows Evet Log, ad SMTP. This iformatio does ot appear i the Ifectio Foud messages that are logged to SNMP or SSIM.
Cofigurig Symatec AtiVirus for NetApp Filer About preparig for istallatio 29 Note: Symatec Sca Egie ca obtai oly the iformatio that is made available by the NetApp Filer. I some cases, all or some of this iformatio is ot available. The iformatio that is obtaied is reported i the related log etries. Ay idetificatio iformatio that is ot obtaied from the NetApp Filer is omitted from the log messages ad from the user otificatio widow. You also ca cofigure Symatec Sca Egie to otify the requestig user that the retrieval of a file failed because a virus was foud.the otificatio message icludes the followig: Date ad time of the evet File ame of the ifected file Virus ame ad ID Virus defiitio date ad revisio umber Maer i which the ifected file was hadled (for example, the file was repaired or deleted) Sca policy Dispositio of the file Duratio of sca time ad coectio time To use the user otificatio feature, the Widows Messeger service must be ruig o the computer that is ruig Symatec Sca Egie, ad o the user s computer. See Notifyig a requestig user that a virus was foud o page 35. About preparig for istallatio The Network Appliace Filer storage appliace must support Data ONTAP versio 6.1.3 or later to iterface with Symatec Sca Egie. If you pla to use a sigle Symatec Sca Egie to support multiple filer storage appliaces, each filer must support Data ONTAP versio 6.1.3 or later. As a prerequisite, esure that each NetApp Filer for which the sca egie is to provide scaig ad repair services meets this requiremet. To use RPC, Symatec Sca Egie must be istalled o a computer that is ruig Widows 2000 Server/Widows 2003 Server/Widows 2008 Server. The computer o which you pla to istall Symatec Sca Egie must meet the system requiremets that are listed i the Symatec Sca Egie Implemetatio Guide.
30 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie After you istall Symatec Sca Egie, cofigure the NetApp Filer to work with the sca egie. See About cofigurig the cliet NetApp Filer o page 42. About cofigurig Symatec Sca Egie Cofigure Symatec Sca Egie to use RPC as the commuicatio protocol. The Iteret Cotet Adaptatio Protocol (ICAP) is the default protocol at istallatio, but you ca chage the protocol to RPC through the admiistrative iterface. The you ca cofigure the RPC-specific optios. See Cofigurig RPC protocol optios o page 31 You must also chage the Widows service startup properties to idetify a accout that has the appropriate permissios. See Editig the service startup properties o page 30. Editig the service startup properties If you chage the protocol settig to RPC, you eed to chage the service startup properties to idetify a accout that has the followig appropriate permissios: The user accout must have local admiistrator permissios o the computer that has the sca egie. The user accout must have Backup Operator privileges or above o the NetApp Filer. You must chage the service startup properties if the list of NetApp Filers is edited as well. To edit the service startup properties 1 I the Widows 2000/2003/2008 Cotrol Pael, click Admiistrative Tools. 2 Click Services. 3 I the list of services, right-click Symatec Sca Egie, ad the click Properties. 4 I the Properties dialog box, o the Log O tab, click This Accout. 5 Type the accout ame ad password for the user accout that has local admiistrator rights o the computer that has the sca egie. This accout should also have domai backup operator privileges or above. Use the followig format for the accout ame: domai\userame
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie 31 6 Click OK. 7 Stop ad start the Symatec Sca Egie service. For more iformatio o stoppig ad startig the Symatec Sca Egie service, see the Symatec Sca Egie Implemetatio Guide. Cofigurig RPC protocol optios After you istall Symatec Sca Egie, you ca cofigure settigs that are specific to the RPC protocol. You must maually stop ad start the sca egie service whe you chage to the RPC protocol. A proper coectio to the NetApp Filer is esured. Table 2-1 describes the protocol-specific optios for RPC. Table 2-1 Optio RPC cliet list Protocol-specific optios for RPC Descriptio A sigle Symatec Sca Egie ca support oe or more NetApp Filers. NetApp Filers must be located i the same domai as the sca egie. You must provide the IP address of each NetApp Filer. Note: Multiple sca egies ca support a sigle NetApp Filer. Cofigure the multiple sca egies through the NetApp Filer iterface. Check RPC coectio every secods Maximum umber of recoect attempts Symatec Sca Egie maitais a coectio with the NetApp Filer. Symatec Sca Egie ca be cofigured to check the coectio with the NetApp Filer at a prescribed iterval to esure that the coectio is active. The default value is 20 secods. You ca cofigure the sca egie to make a specified umber of tries to re-establish a lost coectio with the NetApp Filer. By default, Symatec Sca Egie is cofigured to try to recoect with the NetApp Filer idefiitely. Note: Do ot set a maximum umber of recoect attempts if the sca egie provides scaig for multiple NetApp Filers. Use the default settig.
32 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie Table 2-1 Optio Ativirus sca policy Protocol-specific optios for RPC Descriptio You ca cofigure Symatec Sca Egie to do oe of the followig whe a ifected file is foud: Sca oly: Dey access to the ifected file, but do othig to the ifected file. Sca ad repair files: Try to repair the ifected file, ad dey access to ay urepairable file. Sca ad repair or delete: Try to repair the ifected file, ad delete ay urepairable file from archive files. Note: You must select Sca ad repair or delete if you pla to quaratie the ifected files that caot be repaired. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. Automatically sed ativirus update otificatios You ca cofigure Symatec Sca Egie to automatically otify the NetApp Filer whe ew virus defiitios are used. This otificatio causes the NetApp filer to clear its cache of scaed files. Cofigure RPC protocol optios To cofigure RPC, do the followig: Provide a IP address for each NetApp Filer for which Symatec Sca Egie should provide scaig services. You ca add or delete filers from this list at ay time. Cofigure the additioal RPC-specific optios. To edit the list of NetApp Filers 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the right pae, uder Select Commuicatio Protocol, click RPC. The cofiguratio settigs are displayed for the selected protocol. 4 I the Maual Restart Required dialog box, click OK. Wheever you switch protocols, you must restart the server. You ca cotiue to make ad apply chages i the admiistrative iterface. However, the chages do ot take effect util you restart the Symatec Sca Egie service.
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie 33 5 To add a NetApp Filer to the list of RPC cliets, type the IP address of the NetApp Filer for which Symatec Sca Egie should provide scaig services. Type oe etry per lie. 6 To delete a NetApp Filer from the list of RPC cliets, select ad delete the IP address of the NetApp Filer. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place ad for a proper coectio to the NetApp Filer. To cofigure additioal RPC-specific optios 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 Uder RPC Cofiguratio, i the Check RPC coectio every box, type how frequetly Symatec Sca Egie checks the RPC coectio with the NetApp Filer to esure that the coectio is active. The default iterval is 20 secods. 4 I the Maximum umber of recoect attempts box, type the maximum umber of tries that the Symatec Sca Egie should udertake to reestablish a lost coectio with the NetApp Filer. The default settig is 0. Symatec Sca Egie tries idefiitely to reestablish a coectio. Use the default settig if the sca egie provides scaig for multiple NetApp Filers. 5 I the Ativirus sca policy list, select how you wat Symatec Sca Egie to hadle ifected files. The default settig is Sca ad repair or delete.
34 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie 6 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place ad for a proper coectio to the NetApp Filer. Notifyig the NetApp Filer whe virus defiitios are updated Whe Symatec Sca Egie scas a file, it is stored i the NetApp Filer s cache. This cached file is set to ay user who subsequetly requests the same file thus coservig scaig resources. You ca cofigure the sca egie to automatically otify the NetApp Filer whe the sca egie begis usig ew virus defiitios. This otificatio prompts the NetApp Filer to clear its cache of scaed files. Ay ew requests for files causes the file to be set to the sca egie agai for scaig. The scaed clea files are cached, ad these cached files are set to the requestig user. You ca maually clear the cache of scaed files at the commad lie iterface of the NetApp Filer as well. See About clearig the scaed files cache o page 44. The process of automatically otifyig the NetApp Filer about virus defiitios updates could affect system performace, depedig o how frequetly you schedule LiveUpdate. You ca sed the otificatio maually to miimize the impact o scaig resources. To automatically otify the NetApp Filer whe virus defiitios are updated 1 O the admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 Uder RPC Cofiguratio, check Automatically sed AtiVirus update otificatios. This optio is disabled by default.
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie 35 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place. To maually otify the NetApp Filer whe virus defiitios are updated 1 O the admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the left pae, uder Tasks, click Sed AtiVirus Update Notificatio. Notifyig a requestig user that a virus was foud You ca cofigure Symatec Sca Egie to otify the requestig user that the retrieval of a file failed because a virus was foud. The otificatio message is displayed oly if the user uses a Widows computer. I additio, the requestig user s computer must be i the same domai as the sca egie. Both the user s computer ad the sca egie must have the Widows Messeger service ruig to use this feature. The otificatio message icludes the followig iformatio: The date ad time of the evet The evet security level (for example, Warig) The sca policy (for example, sca ad repair or delete) The file ame of the ifected file The virus ame ad ID The maer i which the ifected file was hadled (for example, the file was repaired or deleted) The dispositio of the file (for example, ifected) The IP address ad ame of the requestig user s computer The date ad revisio umber of the virus defiitios used The duratio (i secods) of sca ad coectio time
36 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie You ca eable the NetApp Filer to display warig messages to the requestig user as well. See About otifyig a requestig user that a virus was foud o page 45. To otify a requestig user that a virus was foud 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Moitors. 2 Uder Views, click Alertig. 3 I the right pae, uder Log Widows Messeger, check Eable Widows Messeger Loggig. User otificatio is disabled by default. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place. About quaratiig urepairable ifected files You ca quaratie urepairable ifected files whe you use the RPC protocol. To achieve the quaratie feature, Symatec Cetral Quaratie must be istalled separately o a computer that rus Widows 2000 Server/Widows 2003 Server/Widows 2008 Server. Symatec Cetral Quaratie is icluded o the Symatec Sca Egie distributio CD alog with supportig documetatio. Symatec Sca Egie forwards the ifected files that caot be repaired to Symatec Cetral Quaratie. Typically, the heuristically-detected viruses that caot be elimiated by the curret set of virus defiitios are forwarded to the quaratie. They are isolated so that the viruses caot spread. The ifected items ca be submitted to Symatec Security Respose for aalysis from the quaratie. New virus defiitios are posted if a ew virus is idetified.
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie 37 Note: You must select Sca ad repair or delete as the RPC sca policy to forward files to the quaratie. The origial ifected file is deleted whe a copy of a ifected file is forwarded to the quaratie. If submissio to the quaratie is ot successful, the origial file is ot deleted, ad a error message is retured to the NetApp Filer. Access to the ifected file is deied. For more iformatio about istallig ad cofigurig Symatec Cetral Quaratie, see the Symatec Cetral Quaratie Admiistrator s Guide. To quaratie urepairable ifected files 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Quaratie, check Quaratie files. 4 I the Cetral server quaratie host or IP box, type the host ame or the IP address for the computer o which Symatec Cetral Quaratie is istalled. 5 I the Port box, type the TCP/IP port umber to be used by the Symatec Sca Egie to pass files to the Symatec Cetral Quaratie. This settig must match the port umber that is selected at istallatio for Symatec Cetral Quaratie. 6 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Specifyig which embedded files to sca The NetApp Filer submits files to Symatec Sca Egie for scaig based o the file extesio of the top-level file. You ca cofigure the file types that are submitted for scaig through the filer admiistrative iterface. The top-level files that are set to Symatec Sca Egie are scaed regardless of file extesio.
38 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie Whe the sca egie receives a archive file (for example, a.zip or.lzh file) that cotais embedded files, it must break dow the archive file ad sca each embedded file. You ca cotrol, through the sca egie admiistrative iterface, which embedded files are scaed by usig a file extesio ad file type exclusio list. You ca also sca all files regardless of extesio. Symatec Sca Egie is cofigured by default to sca all files. The file type ad file extesio exclusio list is prepopulated with the file types that are ulikely to cotai viruses, but you ca edit this list. Note: Durig virus outbreaks, you might wat to sca all files eve if you ormally cotrol the file types that are scaed with the file type or file extesio exclusio list. Specify which embedded files to sca You ca sca all files regardless of extesio, or you ca cotrol which files are scaed by specifyig the extesios or the file types that you wat to exclude. Symatec Sca Egie is cofigured by default to sca all files. To sca all files regardless of extesio or type 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all files except for those that are i the file extesio exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig.
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie 39 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. O activatig this optio, both the file extesio exclude list ad the file type exclude list gets activated automatically. 4 Type each file extesio that you wat to add to the list o a separate lie. Use a period with each extesio i the list. 5 To remove a file extesio from the list, select it ad delete it from the File extesio exclude list. 6 To restore the default file extesio exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all file types except those i the file type exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you activate this optio, both the file type exclude list ad the file extesio exclude list are activated automatically. 4 Type each file type you wat to add to the list o a separate lie. To iclude all subtypes for a file type, use the wildcard character /*. For more iformatio o how to write the file types, see the Symatec Sca Egie Implemetatio Guide. 5 To remove a file type from the list, select it ad delete it from the File type exclude list. 6 To restore the default file type exclude list, i the left pae, uder Tasks, click Reset Default List.
40 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Schedulig LiveUpdate to update virus defiitios automatically Schedulig LiveUpdate to occur automatically at a specified time iterval esures that the Symatec Sca Egie always has the most curret virus defiitios. If you use multiple sca egies to support virus scaig, schedule LiveUpdate to occur at the same time for each sca egie. This schedulig esures that all sca egies have the same versio of virus defiitios. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o the NetApp Filer. You must schedule LiveUpdate o each Symatec Sca Egie. Whe LiveUpdate is scheduled, LiveUpdate rus at the specified time iterval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the sca egie was istalled. You ca chage the LiveUpdate base time. If you chage the scheduled LiveUpdate iterval, the iterval adjusts based o the LiveUpdate base time. For more iformatio o chagig the base time, see the Symatec Sca Egie Implemetatio Guide. To schedule LiveUpdate to update virus defiitios automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click LiveUpdate Cotet. 3 I the right pae, uder LiveUpdate Cotet, check Eable scheduled LiveUpdate. This optio is eabled by default. 4 I the LiveUpdate iterval drop-dow list, choose a iterval.
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig Symatec Sca Egie 41 You ca select from 2, 4, 8, 10, 12, or 24-hour itervals. The default LiveUpdate iterval is 2 hours. 5 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Cofigurig Rapid Release updates to occur automatically You ca cofigure Symatec Sca Egie to obtai ucertified defiitio updates with Rapid Release. You ca cofigure Symatec Sca Egie to retrieve Rapid Release defiitios every 5 miutes to every 120 miutes. Rapid Release defiitios are created whe a ew threat is discovered. Rapid Release defiitios udergo basic quality assurace tests by Symatec Security Respose. However, they do ot udergo the itese testig that is required for a LiveUpdate release. Symatec updates Rapid Release defiitios as eeded to respod to high-level outbreaks. Warig: Rapid Release defiitios do ot udergo the same rigorous quality assurace tests as LiveUpdate ad Itelliget Updater defiitios. Symatec ecourages users to rely o the full quality-assurace-tested defiitios wheever possible. Esure that you deploy Rapid Release defiitios to a test eviromet before you istall them o your etwork. If you use a proxy or firewall that blocks FTP commuicatios, the Rapid Release feature does ot fuctio. Your eviromet must allow FTP traffic for the FTP sessio to succeed. You ca schedule Rapid Release updates to occur automatically at a specified time iterval to esure that Symatec Sca Egie always has the most curret defiitios. Scheduled Rapid Release updates are disabled by default. Cofigurig Rapid Release updates to occur automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click Rapid Release Cotet.
42 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig the cliet NetApp Filer 3 I the cotet area uder Rapid Release Cotet, check Eable scheduled Rapid Release to eable automatic dowloads of Rapid Release defiitios. This optio is disabled by default. 4 I the Rapid Release iterval box, to specify the iterval betwee which you wat Symatec Sca Egie to dowload Rapid Release defiitios, do ay of the followig steps: Type the iterval. Click the up arrow or dow arrow to select the iterval. You ca select ay umber betwee 5 miutes ad 120 miutes. The default value is 30 miutes. 5 O the toolbar, select oe of the followig: Save Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Apply Applies your chages. Your chages are ot implemeted util you About cofigurig the cliet NetApp Filer After you cofigure Symatec Sca Egie to use RPC as the commuicatio protocol, you cofigure the cliet NetApp Filers to work with Symatec Sca Egie. NetApp Filer cliets must be ruig Data ONTAP versio 6.1.3 or later to iterface with Symatec Sca Egie. If you pla to support more tha oe filer with a sigle sca egie, each filer must be ruig Data ONTAP 6.1.3 or later. Each NetApp Filer should be istalled ad cofigured i accordace with the accompayig product documetatio. Each filer should be fuctioal before you iitiate virus scaig usig Symatec Sca Egie. About verifyig that the sca egie is registered with the filer You ca verify that the sca egie is registered with the filer after you istall Symatec Sca Egie. Registratio is automatic if you have provided the correct iformatio to Symatec Sca Egie for cotactig the filer. Registratio occurs whe the sca egie coects to the Filer. Use the vsca
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig the cliet NetApp Filer 43 commad at the commad lie iterface to check the list of registered sca egies. Note: The service startup properties for Symatec Sca Egie must be chaged to idetify a accout that has the appropriate permissios o the filer. If the chage has ot bee doe, the sca egie caot register with the filer because it does ot have sufficiet permissio. See Editig the service startup properties o page 30. About activatig virus scaig You ca activate ad deactivate virus scaig. Use the vsca o commad at the commad lie to activate virus scaig. Use the vsca off commad to deactivate virus scaig. About specifyig the file extesios to be scaed o the NetApp Filer Cofigure the list of extesios o the NetApp Filer to cotai oly the file extesios that you wat to sca. This lets you cotrol the file types that are passed to Symatec Sca Egie for scaig. You ca cofigure file extesios usig the extesios iclude ad exclude list. The extesios that are cofigured o the NetApp Filer have preferece over the file types ad the extesios cofigured o Symatec Sca Egie. For example, if.doc is icluded i the extesios iclude list for the NetApp Filer but is excluded o Symatec Sca Egie,.doc files are still scaed. A default list of extesios to be submitted for virus scaig is icluded with the NetApp Filer. To modify the extesios iclude list, at the commad lie iterface, use the vsca extesios iclude add commad to add additioal extesios ad the vsca extesios iclude remove commad to remove extesios from the list. Similarly, for the extesios exclude list, the vsca extesios exclude add commad would add extesios to the exclude list while the vsca extesios exclude remove would successfully remove extesios from the exclude list o the NetApp Filer. To rollback to the default iclude list, use the vsca extesios iclude reset commad at the commad lie iterface. The wildcard extesio (???), which scas all files regardless of file extesio, might egatively impact performace. The highest level of protectio is achieved by scaig all file types; however, viruses are foud oly i those file types that cotai executable code. So, every
44 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig the cliet NetApp Filer file type eed ot be scaed. You ca save badwidth ad time by limitig the files to be scaed to oly those file types that ca cotai viruses. For more iformatio, see the NetApp Filer documetatio. About workig with uresposive sca egies The NetApp Filer ca be cofigured to let the coectio time out while waitig for a reply from Symatec Sca Egie. Coectios mostly time out whe large or complex files are scaed (for example, cotaier files with multiple embedded files or files that cotai polymorphic or macro viruses). The time out optio ca be cofigured by usig the vsca optios time-out commad. The default value is 10 secods. Whe the sca request times out, the NetApp Filer checks to see if the sca egie is curretly at work o its request. If there is still o respose, it seds the sca request to aother sca egie. If oe of the sca egies respod, the the NetApp Filer ca either allow file access without virus scaig or dey file access altogether. Cofigure this optio by usig the vsca optios madatory_sca commad. You ca ed a virus scaig sessio by the vsca scaers stop commad. For more iformatio, see the NetApp Filer documetatio. How virus scaig affects backups o NetApp Filer The service startup properties for Symatec Sca Egie must be edited to idetify a accout with Backup Operator privileges o the NetApp Filer. Otherwise, backups o the filer might ot fiish successfully whe virus scaig is active. The NetApp Filer ca time out while waitig for a reply from the Symatec Sca Egie whe large files are scaed. Virus scaig also icreases the legth of time that is eeded for a backup to fiish. Note: Esure that you have edited the service startup privileges appropriately, or disable virus scaig before you iitiate a backup of the NetApp Filer. See Editig the service startup properties o page 30. About clearig the scaed files cache Whe Symatec Sca Egie scas a file, it is stored i the NetApp Filer s cache. This cached file is set to ay user who subsequetly requests the same file thus coservig scaig resources. Symatec Sca Egie ca automatically otify the NetApp Filer whe the sca egie begis usig ew virus defiitios. This
Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig the cliet NetApp Filer 45 otificatio prompts the NetApp Filer to clear its cache of scaed files. Ay ew requests for files causes the file to be set to the sca egie agai for scaig. See Notifyig the NetApp Filer whe virus defiitios are updated o page 34. You ca maually clear the cache of scaed files by usig the vsca reset commad at the commad lie iterface. About otifyig a requestig user that a virus was foud You ca cofigure Symatec Sca Egie to otify the requestig user that the retrieval of a file failed because a virus was foud. See Notifyig a requestig user that a virus was foud o page 35. You ca also eable Data ONTAP o the NetApp Filer to display warig messages by the vsca optios cliet_msgbox {o off} commad.
46 Cofigurig Symatec AtiVirus for NetApp Filer About cofigurig the cliet NetApp Filer
Chapter 3 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace This chapter icludes the followig topics: About software compoets How Symatec Sca Egie works with the Su StorageTek 5000 NAS Appliace About preparig for istallatio About cofigurig Symatec Sca Egie About cofigurig the Su StorageTek 5000 NAS Appliace Recommedatios while itegratig multiple sca egies
48 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About software compoets About software compoets Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for the Su StorageTek 5000 series of etwork-attached storage (NAS) devices. To add ativirus scaig to the Su StorageTek 5000 NAS Appliace, cofigure the followig compoets: Symatec Sca Egie, which provides the virus scaig ad repair services For more iformatio, see the Symatec Sca Egie Implemetatio Guide. The NAS Ati Virus Aget, which provides the virus scaig fuctioality ad esures the seamless itegratio of Symatec Sca Egie with the Su StorageTek 5000 NAS Appliace. The NAS Ati Virus Aget is a itegral part of the Su StorageTek 5000 NAS Appliace. No separate licese is required. See About cofigurig virus scaig o the Su StorageTek 5000 NAS Appliace o page 61. How Symatec Sca Egie works with the Su StorageTek 5000 NAS Appliace How are files scaed Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for the Su StorageTek 5000 series of etwork-attached storage devices that support the Su NAS firmware versio 4.21 M1 ad later. Virus scaig ad repair is provided for files o the Commo Iteret File System (CIFS). The Iteret Cotet Adaptatio Protocol (ICAP) is used to commuicate with Symatec Sca Egie. I a typical Su StorageTek 5000 NAS eviromet, a miimum of two sca egies is required to hadle sca volume. A maximum of four sca egies ca be supported per Su StorageTek 5000 NAS Appliace. The NAS Ati Virus Aget hadles load balacig across multiple sca egies automatically. The NAS Ati Virus Aget is cofigured to sca a file i real-time (that is, whe a file is opeed ad whe it is closed, if it has bee modified). Whe a user tries to access a file from storage, the NAS Ati Virus Aget opes a coectio with Symatec Sca Egie. The NAS Ati Virus Aget the passes
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace How Symatec Sca Egie works with the Su StorageTek 5000 NAS Appliace 49 How cachig works the file to the sca egie for scaig. Whe scaig is complete, the NAS Ati Virus Aget closes the coectio with the sca egie. The Symatec Sca Egie idicates the scaig results to the NAS Ati Virus Aget after a file is scaed. The sca egie also returs the repaired file if a file is ifected ad ca be repaired. After the NAS Ati Virus Aget receives the scaig results, the file is hadled i the followig way: Oly clea files are passed to the requestig user. The repaired file is passed to the requestig user if the file is ifected ad ca be repaired. The stored versio of the ifected file is the replaced with the repaired file. If the file is ifected ad caot be repaired, the user is deied access to the file, ad the ifected file is quaratied. The user ca also cofigure the Symatec Sca Egie to quaratie a urepairable file. See About quaratiig urepairable files o Symatec Sca Egie o page 51. The NAS Ati Virus Aget caches scaig results for each clea file. The cached iformatio icludes the date ad revisio umber of the virus defiitios that were used to perform the sca. So, if a secod user requests access to a file that has already bee scaed ad if the virus defiitios have ot chaged, a redudat sca is avoided. The cache is purged whe the virus defiitios o Symatec Sca Egie are updated ad whe the Su StorageTek 5000 NAS Appliace is restarted. Idividual cache etries are updated wheever a stored file is chaged. About specifyig which file types are scaed To specify the file types to be scaed for viruses, cofigure settigs o both the NAS Ati Virus Aget ad Symatec Sca Egie. About specifyig file types o the NAS Ati Virus Aget Based o file extesios, the NAS Ati Virus Aget determies, iitially, whether it should pass a file to Symatec Sca Egie for scaig. You cofigure which files are passed to Symatec Sca Egie for scaig whe you set up the NAS Ati Virus Aget.
50 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace How Symatec Sca Egie works with the Su StorageTek 5000 NAS Appliace You ca cotrol which files are scaed by usig the exclusio or a iclusio list, or you ca sca all files regardless of extesio. Cofigure the NAS Ati Virus Aget to pass all file types to the sca egie except those that are cotaied i the exclusio list. The exclusio list ca iclude extesios for those file types that are ot likely to cotai viruses ad ca be excluded from scaig. See About cofigurig virus scaig o the Su StorageTek 5000 NAS Appliace o page 61. About specifyig file types o Symatec Sca Egie You ca cofigure Symatec Sca Egie so that selected file types ad file extesios are excluded from scaig. The settig o Symatec Sca Egie is as importat as the NAS Ati Virus Aget settig. This settig o the sca egie determies which files to sca upo receivig a file from the NAS Ati Virus Aget. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by usig the file type ad extesio exclusio list, or you ca sca all files regardless of extesio. Note: Exclusio lists esure that all file types are ot scaed; therefore, ew types of viruses might ot be detected. Scaig all files regardless of extesio ad type is the most secure settig, but it imposes the heaviest demad o resources. Durig virus outbreaks, you might wat to sca all files eve if you ormally cotrol the file types that are scaed with the exclusio list. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. See Specifyig which file types to sca o the sca egie o page 55.
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace How Symatec Sca Egie works with the Su StorageTek 5000 NAS Appliace 51 About specifyig the sca policy You cofigure the sca policy through the Symatec Sca Egie admiistrative iterface. Whe a ifected file is foud, the sca egie ca do ay of the followig: Sca oly Sca ad delete Sca ad repair files Sca ad repair or delete Sca files for viruses, but do othig to ifected files Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair Try to repair ifected files, but do othig to urepairable files (that is, do ot delete the files from archive or cotaier files). Try to repair ifected files, ad delete urepairable files from archive or cotaier files About hadlig ifected files o the NAS device Whe a urepairable ifected file is foud, the NAS Ati Virus Aget does ot delete the file, eve though the sca egie tells it to. Istead, the NAS Ati Virus Aget quaraties the file ad deies ay access to the file. The quaratied files ca be deleted or removed from quaratie by usig the commad-lie iterface i the Su StorageTek 5000 NAS Appliace or through Widows Explorer o the requestig CIFS cliet. For more iformatio, see the appropriate Su StorageTek documetatio. About quaratiig urepairable files o Symatec Sca Egie You ca cofigure Symatec Sca Egie to quaratie files that are ifected with viruses ad are urepairable. You must provide the host ame or IP address of a Widows 2000 Server/Widows 2003 Server/Widows 2008 Server computer that has the Symatec Quaratie Server istalled. For more iformatio, see the Symatec Sca Egie Implemetatio Guide.
52 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About preparig for istallatio About preparig for istallatio The computer o which you pla to istall Symatec Sca Egie must meet the system requiremets that are listed i the Symatec Sca Egie Implemetatio Guide. After you have istalled the Symatec Sca Egie, cofigure the virus scaig fuctioality o the Su StorageTek 5000 NAS device. About cofigurig Symatec Sca Egie You must cofigure several settigs o each Symatec Sca Egie that is used to support scaig for the Su StorageTek 5000 NAS family. Note: The cofiguratio settigs o each sca egie must be idetical if you use multiple sca egies to support scaig. LiveUpdate ad Rapid Release should be scheduled to occur at the same time o all sca egies so that virus defiitios are cosistet at all times. The sca egie must be cofigured to use ICAP as the commuicatio protocol. ICAP is the default protocol at istallatio. After you have selected ICAP, you ca cofigure ICAP-specific optios. Cofigurig ICAP-specific optios After you istall Symatec Sca Egie, you ca cofigure several settigs that are specific to the ICAP protocol through the Symatec Sca Egie admiistrative iterface. If Symatec Sca Egie has already bee cofigured to use aother protocol, you also ca chage the protocol through the admiistrative iterface. However, you must maually restart the Symatec Sca Egie. For more iformatio about accessig the admiistrative iterface, see the Symatec Sca Egie Implemetatio Guide.
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig Symatec Sca Egie 53 Table 3-1 describes the protocol-specific optios for ICAP. Table 3-1 Optio Bid address Protocol-specific optios for ICAP Descriptio Symatec Sca Egie detects all of the available IP addresses that are istalled o the host. By default, Symatec Sca Egie accepts scaig requests o (bids to) all of the scaig IP addresses that it detects. You ca cofigure up to 64 IP addresses as scaig IP addresses. You ca specify whether you wat Symatec Sca Egie to bid to all of the IP addresses that it detects, or you ca restrict access to oe or more iterfaces. If you do ot specify at least oe IP address, Symatec Sca Egie bids to all of the scaig IP addresses that it detects. If Symatec Sca Egie fails to bid to ay of the selected IP addresses, a evet is writte to the log as a critical error. Eve if Symatec Sca Egie is uable to bid to ay IP address, you ca access the cosole. However, scaig fuctioality is uavailable. Note: You ca use 127.0.0.1 (the loopback iterface) to let oly the cliets that are ruig o the same computer coect to Symatec Sca Egie. Port umber Sca policy The port umber must be exclusive to Symatec Sca Egie. For ICAP, the default port umber is 1344. If you chage the port umber, use a umber greater tha 1024 that is ot i use by ay other program or service. Whe a ifected file is foud, Symatec Sca Egie ca do ay of the followig: Sca oly: Sca files for viruses, but do othig to ifected files. Sca ad delete: Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair. Sca ad repair files: Try to repair ifected files, but do othig to urepairable files (that is, do ot delete the files from archive or cotaier files). Sca ad repair or delete: Try to repair ifected files, ad delete urepairable files from archive or cotaier files. Note: If you choose the data trickle feature, the virus sca policy is automatically set to Sca oly.
54 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig Symatec Sca Egie Table 3-1 Optio Eable trickle Protocol-specific optios for ICAP Descriptio This settig provides users with a quicker dowload respose ad avoids possible sessio time-out errors. Data tricklig is disabled by default. Time before trickle data starts You ca specify how log the sca process should ru before data tricklig begis. To cofigure ICAP-specific optios 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the right pae, uder Select Commuicatio Protocol, click ICAP. The cofiguratio settigs are displayed for the selected protocol. If you chage the protocol settig from RPC to ICAP through the Symatec Sca Egie admiistrative iterface, you must maually stop ad start the service. 4 Uder ICAP Cofiguratio, i the Bid address box, select the scaig IP addresses that you wat to bid to Symatec Sca Egie. Check Select All to select every IP Address i the Bid address table. By default, Symatec Sca Egie bids to all iterfaces. 5 I the Port umber box, type the TCP/IP port umber that the NAS Ati Virus Aget uses to pass files to Symatec Sca Egie for scaig. The default settig for ICAP is port 1344. 6 I the Sca policy list, select how you wat Symatec Sca Egie to hadle ifected files. The default settig is Sca ad repair or delete, which is the recommeded settig. 7 Check Eable trickle to eable the data trickle feature. The sca policy is automatically set to Sca oly. However, eablig data trickle ca compromise ativirus itegrity. The data that is trickled to the user might cotai a virus. You also caot use the Quaratie feature whe you eable data tricklig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. 8 Type the umber of secods that the sca process should ru before data tricklig begis. The settig defaults to 5 secods ad ca be up to a maximum of 86400 secods.
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig Symatec Sca Egie 55 9 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Specifyig which file types to sca o the sca egie The settigs o Symatec Sca Egie must be cofigured to specify the types of files to be scaed for viruses. This settig o the sca egie determies which files to sca o receivig a file from the NAS Ati Virus Aget. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by usig a extesio or type exclusio list, or you ca sca all files regardless of extesio ad type. A prepopulated extesio ad type exclusio list exists that you ca modify. The Symatec Sca Egie is cofigured by default to sca all files. Note: Symatec Sca Egie examies the first few bytes of every file to determie whether the file could cotai a virus. This actio occurs eve if the file extesio is ot oe that was idetified for scaig. Based o this examiatio, the sca egie may sca a file eve though it has ot bee idetified for scaig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. See About cofigurig virus scaig o the Su StorageTek 5000 NAS Appliace o page 61. Specify which file types to sca You ca cotrol which file types are scaed by specifyig those extesios that you wat to exclude from scaig, or you ca sca all files regardless of extesio. To sca all files except for those that are i the file extesio exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig.
56 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig Symatec Sca Egie 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file extesio exclude list ad the file type exclude list are activated automatically. 4 Type each file extesio that you wat to add to the list o a separate lie. Use a period with each extesio i the list. 5 To remove a file extesio from the list, select it ad delete it from the File extesio exclude list. 6 To restore the default file extesio exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all file types except those i the file type exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file type exclude list ad the file extesio exclude list are activated automatically. 4 Type each file type you wat to add to the list o a separate lie. To iclude all subtypes for a file type, use the wildcard character /*. For more iformatio o how to write the file types, see the Symatec Sca Egie Implemetatio Guide. 5 To remove a file type from the list, select it ad delete it from the File type exclude list. 6 To restore the default file type exclude list, i the left pae, uder Tasks, click Reset Default List.
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig Symatec Sca Egie 57 This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all files regardless of extesio or type 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Specifyig cotaier hadlig limits File attachmets that cosist of cotaier files ca overload the system ad cause deial-of-service attacks. They ca be overly large, cotai large umbers of embedded, compressed files, or be desiged to maliciously use resources ad degrade performace. Symatec Sca Egie ca be cofigured to impose limits o how cotaier files are hadled. This reduces the etwork s exposure to deial-of-service attacks. You ca specify the followig limits for hadlig cotaier files: The maximum amout of time, i secods, that is spet decomposig a cotaier file ad its cotets This settig does ot apply to.hqx or.amg files.
58 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig Symatec Sca Egie The maximum file size, i megabytes, for the idividual files that are i a cotaier file The maximum umber of ested levels to decompose for scaig The maximum umber of bytes that are read whe determiig whether a file is MIME-ecoded You ca specify whether to allow or dey access to the file if ay of these specified limits is met or exceeded. Symatec Sca Egie blocks cotaier files based o their type, because oly certai file types cotai virus or malicious code.you ca cofigure Symatec Sca Egie to block partial cotaier files, malformed cotaier files, ad ecrypted cotaier files as well. For more iformatio o cotaier hadlig limits, see the Symatec Sca Egie Implemetatio Guide. Schedulig LiveUpdate to update virus defiitios automatically Schedulig LiveUpdate to occur automatically at a specified time iterval esures that the Symatec Sca Egie always has the most curret virus defiitios. If you use multiple sca egies to support virus scaig, schedule LiveUpdate to occur at the same time for each sca egie. This schedulig esures that all sca egies have the same versio of virus defiitios. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o the Su StorageTek 5000 NAS Appliace. You must schedule LiveUpdate o each Symatec Sca Egie. Whe LiveUpdate is scheduled, LiveUpdate rus at the specified time iterval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the sca egie was istalled. You ca chage the LiveUpdate base time. If you chage the scheduled LiveUpdate iterval, the iterval adjusts based o the LiveUpdate base time. For more iformatio o chagig the base time, see the Symatec Sca Egie Implemetatio Guide. To schedule LiveUpdate to update virus defiitios automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click LiveUpdate Cotet. 3 I the right pae, uder LiveUpdate Cotet, check Eable scheduled LiveUpdate. This optio is eabled by default.
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig Symatec Sca Egie 59 4 I the LiveUpdate iterval drop-dow list, choose a iterval. You ca select from 2, 4, 8, 10, 12, or 24-hour itervals. The default LiveUpdate iterval is 2 hours. 5 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Cofigurig Rapid Release updates to occur automatically You ca cofigure Symatec Sca Egie to obtai ucertified defiitio updates with Rapid Release. You ca cofigure Symatec Sca Egie to retrieve Rapid Release defiitios every 5 miutes to every 120 miutes. Rapid Release defiitios are created whe a ew threat is discovered. Rapid Release defiitios udergo basic quality assurace tests by Symatec Security Respose. However, they do ot udergo the itese testig that is required for a LiveUpdate release. Symatec updates Rapid Release defiitios as eeded to respod to high-level outbreaks. Warig: Rapid Release defiitios do ot udergo the same rigorous quality assurace tests as LiveUpdate ad Itelliget Updater defiitios. Symatec ecourages users to rely o the full quality-assurace-tested defiitios wheever possible. Esure that you deploy Rapid Release defiitios to a test eviromet before you istall them o your etwork. If you use a proxy or firewall that blocks FTP commuicatios, the Rapid Release feature does ot fuctio. Your eviromet must allow FTP traffic for the FTP sessio to succeed. You ca schedule Rapid Release updates to occur automatically at a specified time iterval to esure that Symatec Sca Egie always has the most curret defiitios. Scheduled Rapid Release updates are disabled by default. Cofigurig Rapid Release updates to occur automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System.
60 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig the Su StorageTek 5000 NAS Appliace 2 Uder Views, click Rapid Release Cotet. 3 I the cotet area uder Rapid Release Cotet, check Eable scheduled Rapid Release to eable automatic dowloads of Rapid Release defiitios. This optio is disabled by default. 4 I the Rapid Release iterval box, to specify the iterval betwee which you wat Symatec Sca Egie to dowload Rapid Release defiitios, do ay of the followig steps: Type the iterval. Click the up arrow or dow arrow to select the iterval. You ca select ay umber betwee 5 miutes ad 120 miutes. The default value is 30 miutes. 5 O the toolbar, select oe of the followig: Save Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Apply Applies your chages. Your chages are ot implemeted util you About cofigurig the Su StorageTek 5000 NAS Appliace You must register at least oe Symatec Sca Egie for each Su StorageTek 5000 NAS Appliace for which you provide virus scaig. You also must cofigure the virus sca fuctioality i accordace with the Su StorageTek documetatio. The Su StorageTek 5000 NAS Appliace for which you provide virus scaig must be i the 5000 series of etwork-attached storage devices. For more iformatio, see the appropriate Su StorageTek documetatio. Registerig Symatec Sca Egie You must register at least oe Symatec Sca Egie to provide the virus scaig for each Su StorageTek 5000 NAS Appliace. I a typical eviromet, a miimum of two sca egies is required to hadle sca volume. Havig oe sca egie ca cause deial-of-file access, i case it does ot respod. A maximum of four sca egies ca be supported per Su StorageTek
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig the Su StorageTek 5000 NAS Appliace 61 5000 NAS Appliace. The NAS Ati Virus Aget hadles load balacig across multiple sca egies automatically. Note: You do ot eed to register the same sca egie with each Su StorageTek 5000 NAS Appliace. You ca register differet sca egies to differet Su StorageTek 5000 NAS Appliaces. However, all of the sca egies registered with a Su StorageTek 5000 NAS Appliace must have idetical cofiguratios. You register Symatec Sca Egie through the Cofigure AtiVirus setup scree for the NAS AtiVirus Aget. You must provide the IP address, the port umber, ad the maximum umber of simultaeous sca requests for each sca egie that is used for scaig. The port umber must match the port umber that was selected durig the istallatio of Symatec Sca Egie. About cofigurig virus scaig o the Su StorageTek 5000 NAS Appliace You must cofigure virus scaig (the NAS Ati Virus Aget) for each Su StorageTek 5000 NAS Appliace. You cofigure the virus sca fuctioality through the Cofigure AtiVirus setup scree for each NAS Appliace. Note: The virus sca fuctioality for each Su StorageTek 5000 NAS Appliace accessig a sca egie must be cofigured idetically to avoid icosistecy. The sca results ad repair results for ifected files will be icosistet if the settigs differ for each appliace. Table 3-2 describes the settigs that you should cofigure for virus sca fuctioality. Table 3-2 Settig Eable Ati Virus NAS Ati Virus Aget settigs Descriptio Activate the NAS AtiVirus Aget by eablig this optio. Sca Egie IP address ad port umber Type the IP address ad the port umber of each sca egie to be used for scaig. Esure that the etered port umber matches the oe used while istallig the sca egie. Each Su StorageTek 5000 NAS appliace ca support up to four sca egies.
62 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace About cofigurig the Su StorageTek 5000 NAS Appliace Table 3-2 Settig NAS Ati Virus Aget settigs Descriptio Maximum Coectios Maximum sca size Specify the umber of cocurret sca requests that ca be hadled by the sca egie. The default settig o the NAS Ati Virus Aget is 2. The similar cofigurable optio o the Symatec Sca Egie defaults to 128. Select whether to specify a upper limit for the size of files to be scaed. Although you ca choose a file size betwee 1 MB ad 9999 MB, the Symatec Sca Egie ca sca a maximum file size of 2047 MB (or 2GB). The default settig is 1GB. You ca choose to allow or dey access to files that are larger tha the limit that is specified i Maximum sca size. Note: Allowig access to files that have ot bee scaed ca make your etwork vulerable to virus attacks. Extesios for scaig (file types to be scaed) Select the file types to be passed to Symatec Sca Egie for scaig. You ca use either a exclusio or a iclusio list, or you ca sca all files regardless of extesio. This settig is similar to the Files to sca settig o Symatec Sca Egie. You must cofigure this settig o both the Su StorageTek 5000 NAS Appliace ad Symatec Sca Egie. The recommeded settig is to pass all file types to the sca egie except those that are cotaied i the exclusio list. If the Symatec Sca Egie s scaig results idicate that the file is urepairable ad must be deleted, the the NAS AtiVirus Aget quaraties the file. All access to the file is deied. If the file is ifected but repairable, the repaired file is passed to the requestig user. The stored versio of the ifected file is replaced with the repaired file. If oe sca egie does ot respod, the NAS AtiVirus Aget requests virus scaig for a give file from other registered sca egies. If oe respod, the file access is deied.
Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace Recommedatios while itegratig multiple sca egies 63 Recommedatios while itegratig multiple sca egies Do the followig whe multiple sca egies are used to support the Su StorageTek 5000 NAS Appliace: Cofigure the settigs o each Symatec Sca Egie to be idetical. Schedule LiveUpdate ad Rapid Release to occur at the same time o all of the sca egies. This esures that virus defiitios are cosistet. Cofigure the virus sca fuctioality to be idetical for each Su StorageTek 5000 NAS Appliace i a group to avoid icosistecy. The sca results ad repair results for ifected files will be icosistet if the settigs differ for each appliace i a group.
64 Cofigurig Symatec AtiVirus for Su StorageTek 5000 NAS Appliace Recommedatios while itegratig multiple sca egies
Chapter 4 Cofigurig Symatec AtiVirus for Su Storage 7000 Series This chapter icludes the followig topics: About software compoets How Symatec Sca Egie works with the Su Storage 7000 Series NAS device About preparig for istallatio About cofigurig Symatec Sca Egie About cofigurig the Su Storage 7000 Series NAS device Recommedatios while itegratig multiple sca egies
66 Cofigurig Symatec AtiVirus for Su Storage 7000 Series About software compoets About software compoets Symatec AtiVirus for Network Attached Storage provides virus scaig capabilities for the Su Storage 7000 Series of etwork-attached storage (NAS) devices. To add ativirus scaig to the Su Storage 7000 Series NAS device, cofigure the followig compoets: Symatec Sca Egie, which provides the virus scaig ad repair services For more iformatio, see the Symatec Sca Egie Implemetatio Guide. The VSCAN service, which provides the virus scaig fuctioality ad esures the seamless itegratio of Symatec Sca Egie with the Su Storage 7000 Series NAS device. The VSCAN service is a itegral part of the Su Storage 7000 Series NAS device. No separate licese is required. See About cofigurig virus scaig o the Su Storage 7000 Series NAS device o page 78. How Symatec Sca Egie works with the Su Storage 7000 Series NAS device How are files scaed Symatec AtiVirus for Network Attached Storage provides virus scaig ad capabilities for the Su Storage 7000 Series of etwork-attached storage (NAS) devices. Symatec AtiVirus for Network Attached Storage is certified with Su Storage 7000 Series NAS device that supports the Su Storage 7xxx versio 2008.10 firmware versio. The Iteret Cotet Adaptatio Protocol (ICAP) is used to commuicate with Symatec Sca Egie. I a typical Su Storage 7000 Series NAS device eviromet, a miimum of two sca egies is required to hadle sca volume. A maximum of four sca egies ca be supported per Su Storage 7000 Series NAS device. The VSCAN service hadles load balacig across multiple sca egies automatically. The VSCAN service is cofigured to sca a file i real-time (that is, whe a file is opeed ad whe it is closed, if it has bee modified). Whe a user tries to access a file from storage, the VSCAN service opes a coectio with Symatec Sca Egie. The VSCAN service the passes the file to the sca egie for scaig. Whe scaig is complete, the VSCAN service closes the coectio with the sca egie.
Cofigurig Symatec AtiVirus for Su Storage 7000 Series How Symatec Sca Egie works with the Su Storage 7000 Series NAS device 67 How cachig works Based o the sca policy that you set o the Symatec Sca Egie, the Symatec Sca Egie idicates the scaig results to the VSCAN service after a file is scaed. After the VSCAN service receives the scaig results, the file is hadled i the followig way: Oly clea files are passed to the requestig user. If the file is ifected, the user is deied access to the file, ad the ifected file is quaratied. The VSCAN service caches scaig results for each clea file. The cached iformatio icludes the date ad revisio umber of the virus defiitios that were used to perform the sca. So, if a secod user requests access to a file that has already bee scaed ad if the virus defiitios have ot chaged, a redudat sca is avoided. The cache is purged whe the virus defiitios o Symatec Sca Egie are updated ad whe the Su Storage 7000 Series NAS device is restarted. Idividual cache etries are updated wheever a stored file is chaged. About specifyig which file types are scaed To specify the file types to be scaed for viruses, cofigure settigs o both the VSCAN service ad Symatec Sca Egie. About specifyig file types o the VSCAN service Based o file extesios, the VSCAN service determies, iitially, whether it should pass a file to Symatec Sca Egie for scaig. You cofigure which files are passed to Symatec Sca Egie for scaig whe you set up the VSCAN service. You ca cotrol which files are scaed by usig the File extesios scaed list. The exclusio list cotais the extesios that you specify agaist the actio Do t Sca. The exclusio list ca iclude extesios for those file types that are ot likely to cotai viruses ad ca be excluded from scaig. The iclusio list cotais the extesios that you specify agaist the actio Sca. See About cofigurig virus scaig o the Su Storage 7000 Series NAS device o page 78. About specifyig file types o Symatec Sca Egie You ca cofigure Symatec Sca Egie so that selected file types ad file extesios are excluded from scaig. The settig o Symatec Sca Egie is as importat as the VSCAN service settig. This settig o the sca egie
68 Cofigurig Symatec AtiVirus for Su Storage 7000 Series How Symatec Sca Egie works with the Su Storage 7000 Series NAS device determies which files to sca upo receivig a file from the VSCAN service. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by usig the file type ad extesio exclusio list, or you ca sca all files regardless of extesio. Note: Exclusio lists esure that all file types are ot scaed; therefore, ew types of viruses might ot be detected. Scaig all files regardless of extesio ad type is the most secure settig, but it imposes the heaviest demad o resources. Durig virus outbreaks, you might wat to sca all files eve if you ormally cotrol the file types that are scaed with the exclusio list. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. See Specifyig which file types to sca o the sca egie o page 72. About specifyig the sca policy You cofigure the sca policy through the Symatec Sca Egie admiistrative iterface. Whe a ifected file is foud, the sca egie ca do ay of the followig: Sca oly Sca ad delete Sca ad repair files Sca ad repair or delete Sca files for viruses, but do othig to ifected files Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair Try to repair ifected files, but do othig to urepairable files (that is, do ot delete the files from archive or cotaier files). Try to repair ifected files, ad delete urepairable files from archive or cotaier files The Su Storage 7000 Series NAS device does ot support the repair of ifected files. Hece, it is recommeded that you select the Sca oly sca policy o the Symatec Sca Egie admiistrative iterface. See Cofigurig ICAP-specific optios o page 69. About hadlig ifected files o the NAS device Whe a ifected file is foud, the VSCAN service does ot delete or repair the file, eve though the sca egie tells it to. Istead, the VSCAN service quaraties the file ad deies ay access to the file. The quaratied files ca
Cofigurig Symatec AtiVirus for Su Storage 7000 Series About preparig for istallatio 69 be deleted or removed from quaratie by usig the commad-lie iterface i the Su Storage 7000 Series NAS device or through Widows Explorer o the requestig CIFS cliet. For more iformatio, see the appropriate Su Storage documetatio. About preparig for istallatio The computer o which you pla to istall Symatec Sca Egie must meet the system requiremets that are listed i the Symatec Sca Egie Implemetatio Guide. After you have istalled the Symatec Sca Egie, cofigure the virus scaig fuctioality o the Su Storage 7000 Series NAS device. About cofigurig Symatec Sca Egie You must cofigure several settigs o each Symatec Sca Egie that is used to support scaig of the Su Storage 7000 Series NAS device. Note: The cofiguratio settigs o each sca egie must be idetical if you use multiple sca egies to support scaig. LiveUpdate should be scheduled to occur at the same time o all sca egies so that virus defiitios are cosistet at all times. The sca egie must be cofigured to use ICAP as the commuicatio protocol. ICAP is the default protocol at istallatio. After you have selected ICAP, you ca cofigure ICAP-specific optios. Cofigurig ICAP-specific optios After you istall Symatec Sca Egie, you ca cofigure several settigs that are specific to the ICAP protocol through the Symatec Sca Egie admiistrative iterface. If Symatec Sca Egie has already bee cofigured to use aother protocol, you also ca chage the protocol through the admiistrative iterface. For more iformatio about accessig the admiistrative iterface, see the Symatec Sca Egie Implemetatio Guide.
70 Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie Table 4-1 describes the protocol-specific optios for ICAP. Table 4-1 Optio Bid address Protocol-specific optios for ICAP Descriptio Symatec Sca Egie detects all of the available IP addresses that are istalled o the host. By default, Symatec Sca Egie accepts scaig requests o (bids to) all of the scaig IP addresses that it detects. You ca cofigure up to 64 IP addresses as scaig IP addresses. You ca specify whether you wat Symatec Sca Egie to bid to all of the IP addresses that it detects, or you ca restrict access to oe or more iterfaces. If you do ot specify at least oe IP address, Symatec Sca Egie bids to all of the scaig IP addresses that it detects. If Symatec Sca Egie fails to bid to ay of the selected IP addresses, a evet is writte to the log as a critical error. Eve if Symatec Sca Egie is uable to bid to ay IP address, you ca access the cosole. However, scaig fuctioality is uavailable. Note: You ca use 127.0.0.1 (the loopback iterface) to let oly the cliets that are ruig o the same computer coect to Symatec Sca Egie. Port umber Sca policy The port umber must be exclusive to Symatec Sca Egie. For ICAP, the default port umber is 1344. If you chage the port umber, use a umber greater tha 1024 that is ot i use by ay other program or service. Whe a ifected file is foud, Symatec Sca Egie ca do ay of the followig: Sca oly: Sca files for viruses, but do othig to ifected files. This settig is recommeded. Sca ad delete: Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair. Sca ad repair files: Try to repair ifected files, but do othig to irreparable files (that is, do ot delete the files from archive or cotaier files). Sca ad repair or delete: Try to repair ifected files, ad delete irreparable files from archive or cotaier files. Note: If you choose the data trickle feature, the virus sca policy is automatically set to Sca oly.
Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie 71 Table 4-1 Optio Eable trickle Protocol-specific optios for ICAP Descriptio This settig provides users with a quicker dowload respose ad avoids possible sessio time-out errors. Data tricklig is disabled by default. Note: The Su Storage 7000 Series does ot support the trickle feature. Time before trickle data starts You ca specify how log the sca process should ru before data tricklig begis. Note: The Su Storage 7000 Series does ot support the trickle feature. To cofigure ICAP-specific optios 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the right pae, uder Select Commuicatio Protocol, click ICAP. The cofiguratio settigs are displayed for the selected protocol. If you chage the protocol settig from RPC to ICAP through the Symatec Sca Egie admiistrative iterface, you must maually stop ad start the service. 4 Uder ICAP Cofiguratio, i the Bid address box, select the scaig IP addresses that you wat to bid to Symatec Sca Egie. Check Select All to select every IP Address i the Bid address table. By default, Symatec Sca Egie bids to all iterfaces. 5 I the Port umber box, type the TCP/IP port umber that the VSCAN service uses to pass files to Symatec Sca Egie for scaig. The default settig for ICAP is port 1344. 6 I the Sca policy list, select how you wat Symatec Sca Egie to hadle ifected files. The default settig is Sca ad repair or delete, but the recommeded settig is Sca oly. 7 Check Eable trickle to eable the data trickle feature.
72 Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie The sca policy is automatically set to Sca oly. However, eablig data trickle ca compromise ativirus itegrity. The data that is trickled to the user might cotai a virus. You also caot use the Quaratie feature whe you eable data tricklig. Note: The Su Storage 7000 Series does ot support the trickle feature. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. 8 Type the umber of secods that the sca process should ru before data tricklig begis. The settig defaults to 5 secods ad ca be up to a maximum of 86400 secods. 9 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Specifyig which file types to sca o the sca egie The settigs o Symatec Sca Egie must be cofigured to specify the types of files to be scaed for viruses. This settig o the sca egie determies which files to sca o receivig a file from the VSCAN service. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by usig a extesio or type exclusio list, or you ca sca all files regardless of extesio ad type. A prepopulated extesio ad type exclusio list exists that you ca modify. The Symatec Sca Egie is cofigured by default to sca all files. Note: Symatec Sca Egie examies the first few bytes of every file to determie whether the file could cotai a virus. This actio occurs eve if the file extesio is ot oe that was idetified for scaig. Based o this examiatio, the sca egie may sca a file eve though it has ot bee idetified for scaig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide.
Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie 73 See About cofigurig virus scaig o the Su Storage 7000 Series NAS device o page 78. Specify which file types to sca You ca cotrol which file types are scaed by specifyig those extesios that you wat to exclude from scaig, or you ca sca all files regardless of extesio. To sca all files except for those that are i the file extesio exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file extesio exclude list ad the file type exclude list are activated automatically. 4 Type each file extesio that you wat to add to the list o a separate lie. Use a period with each extesio i the list. 5 To remove a file extesio from the list, select it ad delete it from the File extesio exclude list. 6 To restore the default file extesio exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all file types except those i the file type exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig.
74 Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file type exclude list ad the file extesio exclude list are activated automatically. 4 Type each file type you wat to add to the list o a separate lie. To iclude all subtypes for a file type, use the wildcard character /*. For more iformatio o how to write the file types, see the Symatec Sca Egie Implemetatio Guide. 5 To remove a file type from the list, select it ad delete it from the File type exclude list. 6 To restore the default file type exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all files regardless of extesio or type 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you
Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie 75 Specifyig cotaier hadlig limits File attachmets that cosist of cotaier files ca overload the system ad cause deial-of-service attacks. They ca be overly large, cotai large umbers of embedded, compressed files, or be desiged to maliciously use resources ad degrade performace. Symatec Sca Egie ca be cofigured to impose limits o how cotaier files are hadled. This reduces the etwork s exposure to deial-of-service attacks. You ca specify the followig limits for hadlig cotaier files: The maximum amout of time, i secods, that is spet decomposig a cotaier file ad its cotets This settig does ot apply to.hqx or.amg files. The maximum file size, i megabytes, for the idividual files that are i a cotaier file The maximum umber of ested levels to decompose for scaig The maximum umber of bytes that are read whe determiig whether a file is MIME-ecoded You ca specify whether to allow or dey access to the file if ay of these specified limits is met or exceeded. Symatec Sca Egie blocks cotaier files based o their type, because oly certai file types cotai virus or malicious code.you ca cofigure Symatec Sca Egie to block partial cotaier files, malformed cotaier files, ad ecrypted cotaier files as well. For more iformatio o cotaier hadlig limits, see the Symatec Sca Egie Implemetatio Guide. Schedulig LiveUpdate to update virus defiitios automatically Schedulig LiveUpdate to occur automatically at a specified time iterval esures that the Symatec Sca Egie always has the most curret virus defiitios. If you use multiple sca egies to support virus scaig, schedule LiveUpdate to occur at the same time for each sca egie. This schedulig esures that all sca egies have the same versio of virus defiitios. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o the Su Storage 7000 Series NAS device. You must schedule LiveUpdate o each Symatec Sca Egie. Whe LiveUpdate is scheduled, LiveUpdate rus at the specified time iterval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the sca egie was istalled.
76 Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie You ca chage the LiveUpdate base time. If you chage the scheduled LiveUpdate iterval, the iterval adjusts based o the LiveUpdate base time. For more iformatio o chagig the base time, see the Symatec Sca Egie Implemetatio Guide. To schedule LiveUpdate to update virus defiitios automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click LiveUpdate Cotet. 3 I the right pae, uder LiveUpdate Cotet, check Eable scheduled LiveUpdate. This optio is eabled by default. 4 I the LiveUpdate iterval drop-dow list, choose a iterval. You ca select from 2, 4, 8, 10, 12, or 24-hour itervals. The default LiveUpdate iterval is 2 hours. 5 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Cofigurig Rapid Release updates to occur automatically You ca cofigure Symatec Sca Egie to obtai ucertified defiitio updates with Rapid Release. You ca cofigure Symatec Sca Egie to retrieve Rapid Release defiitios every 5 miutes to every 120 miutes. If you use multiple sca egies to support virus scaig, schedule Rapid Release to occur at the same time for each sca egie. This schedulig esures that all sca egies have the same versio of defiitio updates. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o the Su Storage 7000 Series NAS device. Rapid Release defiitios are created whe a ew threat is discovered. Rapid Release defiitios udergo basic quality assurace tests by Symatec Security Respose. However, they do ot udergo the itese testig that is required for a LiveUpdate release. Symatec updates Rapid Release defiitios as eeded to respod to high-level outbreaks.
Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig Symatec Sca Egie 77 Warig: Rapid Release defiitios do ot udergo the same rigorous quality assurace tests as LiveUpdate ad Itelliget Updater defiitios. Symatec ecourages users to rely o the full quality-assurace-tested defiitios wheever possible. Esure that you deploy Rapid Release defiitios to a test eviromet before you istall them o your etwork. If you use a proxy or firewall that blocks FTP commuicatios, the Rapid Release feature does ot fuctio. Your eviromet must allow FTP traffic for the FTP sessio to succeed. You ca schedule Rapid Release updates to occur automatically at a specified time iterval to esure that Symatec Sca Egie always has the most curret defiitios. Scheduled Rapid Release updates are disabled by default. Cofigurig Rapid Release updates to occur automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click Rapid Release Cotet. 3 I the cotet area uder Rapid Release Cotet, check Eable scheduled Rapid Release to eable automatic dowloads of Rapid Release defiitios. This optio is disabled by default. 4 I the Rapid Release iterval box, to specify the iterval betwee which you wat Symatec Sca Egie to dowload Rapid Release defiitios, do ay of the followig steps: Type the iterval. Click the up arrow or dow arrow to select the iterval. You ca select ay umber betwee 5 miutes ad 120 miutes. The default value is 30 miutes. 5 O the toolbar, select oe of the followig: Save Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Apply Applies your chages. Your chages are ot implemeted util you
78 Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig the Su Storage 7000 Series NAS device About cofigurig the Su Storage 7000 Series NAS device You must register at least oe Symatec Sca Egie for each Su Storage 7000 Series NAS device for which you provide virus scaig. You also must cofigure the virus sca fuctioality i accordace with the Su Storage documetatio. The Su Storage 7000 Series NAS device for which you provide virus scaig must be i the Su Storage 7000 Series series of etworkattached storage devices. For more iformatio, see the appropriate Su Storage documetatio. Registerig Symatec Sca Egie You must register at least oe Symatec Sca Egie to provide the virus scaig for each Su Storage 7000 Series NAS device. I a typical eviromet, a miimum of two sca egies is required to hadle sca volume. Havig oe sca egie ca cause deial-of-file access, i case it does ot respod. A maximum of four sca egies ca be supported per Su Storage 7000 Series NAS device. The VSCAN service hadles load balacig across multiple sca egies automatically. Note: You do ot eed to register the same sca egie with each Su Storage 7000 Series NAS device. You ca register differet sca egies to differet Su Storage 7000 Series NAS devices. However, all of the sca egies registered with a Su Storage 7000 Series NAS device must have idetical cofiguratios. You register Symatec Sca Egie through the Virus Sca setup scree for the VSCAN service. You must provide the IP address, the port umber, ad the maximum umber of simultaeous sca requests for each sca egie that is used for scaig. The port umber must match the port umber that was selected durig the istallatio of Symatec Sca Egie. About cofigurig virus scaig o the Su Storage 7000 Series NAS device You must cofigure virus scaig (the VSCAN service) for each Su Storage 7000 Series NAS device. You cofigure the virus sca fuctioality through the Virus Sca setup scree for each Su Storage 7000 Series NAS device.
Cofigurig Symatec AtiVirus for Su Storage 7000 Series About cofigurig the Su Storage 7000 Series NAS device 79 Note: The virus sca fuctioality for each Su Storage 7000 Series NAS device accessig a sca egie must be cofigured idetically to avoid icosistecy. The sca results for ifected files will be icosistet if the settigs differ for each appliace. Table 4-2 describes the settigs that you should cofigure for virus sca fuctioality. Table 4-2 Settig VSCAN service settigs Descriptio Maximum file size to sca Allow access to files that exceed maximum file size Virus Scaig Egies Select a upper limit for the size of files to be scaed. The default settig is 1 GB. Symatec Sca Egie ca sca a maximum file size of 2048 MB (or 2GB). You ca choose to allow or dey access to files that are larger tha the limit that is specified i Maximum file size to sca. Allowig access to files that have ot bee scaed ca make your etwork vulerable to virus attacks. I the fields Host ad Port, type the IP address ad the port umber of each sca egie to be used for scaig. Esure that the etered port umber matches the oe used while istallig the sca egie. I the field Maximum Coectios, specify the umber of cocurret sca requests that the sca egie ca hadle. The default settig o the VSCAN service is 32. The similar cofigurable optio o the Symatec Sca Egie defaults to 128. Put a check mark agaist a Symatec Sca Egie uder the Eable field to activate it for scaig. Each Su Storage 7000 Series NAS device ca support up to four sca egies.
80 Cofigurig Symatec AtiVirus for Su Storage 7000 Series Recommedatios while itegratig multiple sca egies Table 4-2 Settig VSCAN service settigs Descriptio File extesios scaed Select the file types to be passed to Symatec Sca Egie for scaig. You ca use either a exclusio or a iclusio list, or you ca sca all files regardless of extesio. This settig is similar to the Files to sca settig o Symatec Sca Egie. You must cofigure this settig o both the Su Storage 7000 Series NAS device ad Symatec Sca Egie. To add a extesio to the exclusio list, select Do t Sca from the Actio drop-dow meu ad specify the extesio i the Patter field. To add a extesio to the iclusio list, select Sca from the Actio drop-dow meu ad specify the extesio i the Patter field. The default settig * seds all file types regardless of extesio to the Symatec Sca Egie for scaig. If the Symatec Sca Egie s scaig results idicate that the file is ifected, the the VSCAN service quaraties the file. All access to the file is deied. You ca oly view ad delete the quaratied file i a file browser. If oe sca egie does ot respod, the VSCAN service requests virus scaig for a give file from other registered sca egies. If oe respod, the file access is deied. Recommedatios while itegratig multiple sca egies Do the followig whe multiple sca egies are used to support the Su Storage 7000 Series NAS device: Cofigure the settigs o each Symatec Sca Egie to be idetical. Schedule LiveUpdate ad Rapid Release to occur at the same time o all of the sca egies. This esures that virus defiitios are cosistet. Cofigure the virus sca fuctioality to be idetical for each Su Storage 7000 Series NAS device i a group to avoid icosistecy. The sca results for ifected files will be icosistet if the settigs differ for each appliace i a group.
Chapter 5 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi Highperformace NAS Platform, powered by BlueArc This chapter icludes the followig topics: About software compoets How Symatec Sca Egie works with BlueArc Storage System ad Hitachi High-performace NAS Platform About preparig for istallatio About cofigurig Symatec Sca Egie About cofigurig BlueArc Storage System or Hitachi High-performace NAS Platform
82 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc About software compoets Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc. Cofigure the followig compoets to add ativirus scaig to BlueArc Storage System or Hitachi High-performace NAS Platform: Symatec Sca Egie, which provides the virus scaig ad repair services For more iformatio, see the Symatec Sca Egie Implemetatio Guide. BlueArc Storage System or Hitachi High-performace NAS Platform Some optios are cofigured directly o the NAS Server. No additioal code is ecessary to coect Symatec Sca Egie to the NAS Server. See About cofigurig BlueArc Storage System or Hitachi Highperformace NAS Platform o page 97. How Symatec Sca Egie works with BlueArc Storage System ad Hitachi High-performace NAS Platform Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for BlueArc Storage System ad Hitachi High-performace NAS Platform storage appliaces that have firmware versio 4.0 or later. Symatec Sca Egie must be istalled o a computer that is ruig Widows 2000 Server/Widows 2003 Server/Widows 2008 Server. It must be located i the same domai as the NAS Server for which it provides scaig ad repair services. Symatec Sca Egie uses the RPC protocol to iterface with BlueArc Storage System ad Hitachi High-performace NAS Platform storage appliaces. O the NAS Server, you ca eable virus scaig idividually for each Eterprise Virtual Server (EVS). A EVS is a virtual NAS system that cosists of CIFS shares with idividual IP addresses. A sigle Symatec Sca Egie ca support multiple EVSs. Hece, represet each EVS as a RPC cliet through the Symatec Sca Egie admiistrative iterface, You ca use multiple sca egies to support oe or more EVSs for sites with larger sca volumes. Load balacig is hadled through the NAS Server s admiistrative iterface to achieve high availability ad performace scalig.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 83 Virus scaig o BlueArc Storage System ad Hitachi High-performace NAS Platform is available oly for those files that are requested through the Commo Iteret File System (CIFS). What happes whe a file is scaed The NAS Server submits files to Symatec Sca Egie for scaig o both read ad write. That is, files are scaed whe they are accessed from storage (read) ad if they are chaged o the NAS Server (write). Whe a user tries to access a file, the NAS Server passes the file path to Symatec Sca Egie for scaig. After the file is opeed ad scaed, Symatec Sca Egie idicates the scaig results to the NAS Server. The sca egie returs the repaired file based o a cofigurable virus sca policy if a file is ifected ad ca be repaired. The NAS Server passes the clea files to the requestig user after it received the scaig results. The repaired file is passed to the requestig user if the file is ifected ad ca be repaired. The stored versio of the ifected file is the replaced with the repaired file. The user is deied access to the file if the file is ifected ad caot be repaired, ad the ifected file is deleted from storage. You ca cofigure Symatec Sca Egie to quaratie these urepairable files. After a file has bee scaed ad declared clea, the scaed state iformatio is stored i its metadata o disk. It avoids redudat scas of those files that have already bee scaed. These files will ot be scaed agai uless they are modified or the admiistrator requests a full sca of the files from the NAS Server s admiistrative iterface. See About executig a full file system sca o page 99. About coectig to Symatec Sca Egie Symatec Sca Egie moitors the coectio with each EVS by checkig the coectio at a cofigured time iterval. The sca egie tries to recoect if it determies that the coectio is ot active. (You ca cofigure the umber of times that the sca egie tries to re-establish the coectio.) About limitig scaig by file type Viruses are foud oly i the file types that cotai executable code. Oly those file types that ca cotai viruses eed be scaed. Limitig scaig by file type saves badwidth ad time.
84 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc You have the followig levels of cotrol over which files are scaed: You ca cotrol the files that are iitially submitted to the sca egie by BlueArc Storage System or Hitachi High-performace NAS Platform for scaig. You ca cotrol the files that are embedded i archival file formats (for example,.zip or.lzh files) that are to be scaed by Symatec Sca Egie. The NAS Server lets you specify by file extesio the files that are to be passed to Symatec Sca Egie for scaig. You cofigure the file types that you wat to submit for scaig through the NAS Server iterface i accordace with the product documetatio. See About specifyig the file extesios to be scaed o the NAS Server o page 98. The file extesio exclusio list ad the file type exclusio lists let you specify the file types ad the file extesios that you do ot wat to sca. The file extesios exclusio list ad the file type exclusio list achieve this purpose. You ca also sca all file types regardless of extesio. You cofigure which embedded files are scaed through the Symatec Sca Egie admiistrative iterface. See Specifyig which embedded files to sca o page 92. About hadlig ifected files You ca cofigure Symatec Sca Egie to do ay of the followig whe a ifected file is foud: Sca Oly Sca ad repair files Sca ad repair or delete Dey access to the ifected file, but do othig to the ifected file. Try to repair the ifected file, ad dey access to ay urepairable file. Try to repair the ifected file, ad delete ay urepairable file. You ca also cofigure the sca egie to quaratie urepairable files. See About quaratiig urepairable ifected files o page 91. About user idetificatio ad otificatio whe a virus is foud Whe a virus is foud i a file that is requested from the NAS Server, Symatec Sca Egie automatically obtais (for loggig purposes) idetificatio iformatio about the user who requested the ifected file. This iformatio
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 85 icludes the security idetifier of the user ad the IP address ad host ame of the requestig computer. The idetificatio iformatio supplemets the iformatio that is cotaied i Ifectio Foud log messages that are logged to the local logs, the Widows Evet Log, ad SMTP. This iformatio does ot appear i the Ifectio Foud messages that are logged to SNMP or SSIM. Note: Symatec Sca Egie ca obtai oly the iformatio that is made available by the NAS Server. I some cases, all or some of this iformatio is ot available. The iformatio that is obtaied is reported i the related log etries. Ay idetificatio iformatio that is ot obtaied from the NAS Server is omitted from the log messages ad from the user otificatio widow. You also ca cofigure Symatec Sca Egie to otify the requestig user that the retrieval of a file failed because a virus was foud. The otificatio message oly appears if the user uses a Widows computer. The otificatio message icludes the followig: Date ad time of the evet File ame of the ifected file Virus ame ad ID Virus defiitio date ad revisio umber Maer i which the ifected file was hadled (for example, the file was repaired or deleted) Sca policy Dispositio of the file (for example, ifected) Duratio of sca time ad coectio time The Widows Messeger service must be ruig o the computer that is ruig the Symatec Sca Egie ad o the user s computer to use the user otificatio feature. See Notifyig a requestig user that a virus was foud o page 90. About preparig for istallatio BlueArc Storage System ad Hitachi High-performace NAS Platform storage appliace must support a firmware versio of 4.0 or later to iterface with Symatec Sca Egie. As a prerequisite, esure that each NAS Server for
86 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc which the sca egie is to provide scaig ad repair services meets this requiremet. To use RPC, Symatec Sca Egie must be istalled o a computer that is ruig Widows 2000 Server/Widows 2003 Server/Widows 2008 Server. The computer o which you pla to istall Symatec Sca Egie must meet the system requiremets that are listed i the Symatec Sca Egie Implemetatio Guide. After you istall Symatec Sca Egie, cofigure the NAS Server to work with the sca egie. See About cofigurig BlueArc Storage System or Hitachi High-performace NAS Platform o page 97. About cofigurig Symatec Sca Egie Cofigure Symatec Sca Egie to use RPC as the commuicatio protocol. The Iteret Cotet Adaptatio Protocol (ICAP) is the default protocol at istallatio, but you ca chage the protocol to RPC through the admiistrative iterface. The you ca cofigure the RPC-specific optios. See Cofigurig RPC protocol optios o page 87 You must also chage the Widows service startup properties to idetify a accout that has the appropriate permissios. See Editig the service startup properties o page 86. Editig the service startup properties If you chage the protocol settig to RPC through the Symatec Sca Egie admiistrative iterface, you eed to chage the service startup properties to idetify a accout that has the followig appropriate permissios: The accout must have local admiistrator permissios o the computer that has the sca egie. The user accout must have Backup Operator privileges or above o the NAS Server. For more iformatio o how to set up a shared accout with local group backup operator privileges o the NAS Server, see the appropriate product documetatio. You must chage the service startup properties if the list of NAS Servers is edited as well.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 87 To edit the service startup properties 1 I the Widows 2000/2003/2008 Cotrol Pael, click Admiistrative Tools. 2 Click Services. 3 I the list of services, right-click Symatec Sca Egie, ad the click Properties. 4 I the Properties dialog box, o the Log O tab, click This Accout. 5 Type the accout ame ad password for the user accout that has local admiistrator rights o the computer that has the sca egie. This accout should also have Backup Operator privileges or above o the NAS Server. Use the followig format for the accout ame: domai\userame 6 Click OK. 7 Stop ad start the Symatec Sca Egie service. For more iformatio o stoppig ad startig the Symatec Sca Egie service, see the Symatec Sca Egie Implemetatio Guide. Cofigurig RPC protocol optios After you istall Symatec Sca Egie, you ca cofigure settigs that are specific to the RPC protocol. You must maually stop ad start the sca egie service whe you chage to the RPC protocol through the Symatec Sca Egie admiistrative iterface. A proper coectio to the NAS Server is esured. Table 5-1 describes the protocol-specific optios for RPC. Table 5-1 Optio RPC cliet list Protocol-specific optios for RPC Descriptio A sigle Symatec Sca Egie ca support oe or more EVSs. Each EVS must be located i the same domai as Symatec Sca Egie. You must provide the IP address of each EVS. Note: Multiple sca egies ca support a sigle EVS. Cofigure the multiple sca egies through the BlueArc Storage System or Hitachi High-performace NAS Platform iterface. Check RPC coectio every secods Symatec Sca Egie maitais a coectio with the EVS o the NAS Server. Symatec Sca Egie ca be cofigured to check the coectio with the EVS at a prescribed iterval to esure that the coectio is active. The default value is 20 secods.
88 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc Table 5-1 Optio Maximum umber of recoect attempts Protocol-specific optios for RPC Descriptio You ca cofigure Symatec Sca Egie to make a specified umber of tries to re-establish a lost coectio with the EVS. By default, Symatec Sca Egie is cofigured to try to recoect with the EVS idefiitely. Note: Do ot set a maximum umber of recoect attempts if the sca egie provides scaig for multiple Eterprise Virtual Servers. Use the default settig. Ativirus sca policy You ca cofigure Symatec Sca Egie to do oe of the followig whe a ifected file is foud: Sca oly: Dey access to the ifected file, but do othig to the ifected file. Sca ad repair files: Try to repair the ifected file, ad dey access to ay urepairable file. Sca ad repair or delete: Try to repair the ifected file, ad delete ay urepairable file. Note: You must select Sca ad repair or delete if you pla to quaratie the ifected files that caot be repaired. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. Automatically sed ativirus update otificatios You ca cofigure Symatec Sca Egie to automatically otify BlueArc Storage System ad Hitachi High-performace NAS Platform whe ew virus defiitios are used. Cofigure RPC protocol optios To cofigure RPC, do the followig: Provide a IP address for each EVS for which Symatec Sca Egie should provide scaig services. You ca add or delete Eterprise Virtual Servers from this list at ay time. Cofigure the additioal RPC-specific optios. To edit the list of NAS Servers 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the right pae, uder Select Commuicatio Protocol, click RPC. The cofiguratio settigs are displayed for the selected protocol. 4 I the Maual Restart Required dialog box, click OK.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 89 5 To add a EVS to the list of RPC cliets, type the IP address of the EVS for which Symatec Sca Egie should provide scaig services. Type oe etry per lie. 6 To delete a EVS from the list of RPC cliets, select ad delete the IP address of the EVS. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place ad for a proper coectio to the EVS. To cofigure additioal RPC-specific optios 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 Uder RPC Cofiguratio, i the Check RPC coectio every box, type how frequetly Symatec Sca Egie checks the RPC coectio with the EVS to esure that the coectio is active. The default iterval is 20 secods. 4 I the Maximum umber of recoect attempts box, type the maximum umber of tries that the Symatec Sca Egie should udertake to reestablish a lost coectio with the EVS. The default settig is 0. Symatec Sca Egie tries idefiitely to reestablish a coectio. Use the default settig if the sca egie provides scaig for multiple eterprise virtual servers. 5 I the Ativirus sca policy list, select how you wat Symatec Sca Egie to hadle ifected files. The default settig is Sca ad repair or delete.
90 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 6 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place ad for a proper coectio to the EVS. Notifyig a requestig user that a virus was foud You ca cofigure Symatec Sca Egie to otify the requestig user that the retrieval of a file failed because a virus was foud. The otificatio message is displayed oly if the user uses a Widows computer. I additio, the requestig user s computer must be i the same domai as the sca egie. Both the user s computer ad the sca egie must have the Widows Messeger service ruig to use this feature. The otificatio message icludes the followig iformatio: The date ad time of the evet The evet security level (for example, Warig) The sca policy (for example, sca ad repair or delete) The file ame of the ifected file The virus ame ad ID The maer i which the ifected file was hadled (for example, the file was repaired or deleted) The dispositio of the file (for example, ifected) The IP address ad ame of the requestig user s computer The date ad revisio umber of the virus defiitios used The duratio (i secods) of sca ad coectio time To otify a requestig user that a virus was foud 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Moitors. 2 Uder Views, click Alertig.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 91 3 I the right pae, uder Log Widows Messeger, check Eable Widows Messeger Loggig. User otificatio is disabled by default. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place. About quaratiig urepairable ifected files You ca quaratie urepairable ifected files whe you use the RPC protocol. To use the quaratie feature, Symatec Cetral Quaratie must be istalled separately o a computer that rus Widows 2000 Server/Widows 2003 Server/Widows 2008 Server. Symatec Cetral Quaratie is icluded o the Symatec Sca Egie distributio CD alog with supportig documetatio. Symatec Sca Egie forwards the ifected files that caot be repaired to Symatec Cetral Quaratie. Typically, the heuristically-detected viruses that caot be elimiated by the curret set of virus defiitios are forwarded to the quaratie. They are isolated so that the viruses caot spread. The ifected items ca be submitted to Symatec Security Respose for aalysis from the quaratie. New virus defiitios are posted if a ew virus is idetified. Note: You must select Sca ad repair or delete as the RPC sca policy to forward files to the quaratie. The origial ifected file is deleted whe a copy of a ifected file is forwarded to the quaratie. If submissio to the quaratie is ot successful, the origial file is ot deleted, ad a error message is retured to the NAS Server. Access to the ifected file is deied. See Cofigurig RPC protocol optios o page 87 For more iformatio about istallig ad cofigurig Symatec Cetral Quaratie, see the Symatec Cetral Quaratie Admiistrator s Guide.
92 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc To quaratie urepairable ifected files 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Quaratie, check Quaratie files. 4 I the Cetral server quaratie host or IP box, type the host ame or the IP address for the computer o which Symatec Cetral Quaratie is istalled. 5 I the Port box, type the TCP/IP port umber to be used by the Symatec Sca Egie to pass files to the Symatec Cetral Quaratie. This settig must match the port umber that is selected at istallatio for Symatec Cetral Quaratie. 6 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you apply them. Specifyig which embedded files to sca The NAS Server submits files to Symatec Sca Egie for scaig based o the file extesio of the top-level file. You ca cofigure the file types that are submitted for scaig through the NAS Server admiistrative iterface. The top-level files that are set to Symatec Sca Egie are scaed regardless of file extesio. Whe the sca egie receives a archive file (for example, a.zip or.lzh file) that cotais embedded files, it must break dow the archive file ad sca each embedded file. You ca cotrol, through the sca egie admiistrative iterface, which embedded files are scaed by usig a file extesio ad file type exclusio list. You ca also sca all files regardless of extesio.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 93 Symatec Sca Egie is cofigured by default to sca all files. The file type ad file extesio exclusio lists are prepopulated with the file types that are ulikely to cotai viruses, but you ca edit this list. Note: Durig virus outbreaks, you might wat to sca all files eve if you ormally cotrol the file types that are scaed with the file type or file extesio exclusio list. Specify which embedded files to sca You ca sca all files regardless of extesio, or you ca cotrol which files are scaed by specifyig the extesios or the file types that you wat to exclude. Symatec Sca Egie is cofigured by default to sca all files. To sca all files regardless of extesio or type 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all files except for those that are i the file extesio exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. O activatig this optio, both the file extesio exclude list ad the file type exclude list gets activated automatically. 4 Type each file extesio that you wat to add to the list o a separate lie. Use a period with each extesio i the list.
94 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 5 To remove a file extesio from the list, select it ad delete it from the File extesio exclude list. 6 To restore the default file extesio exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all file types except those i the file type exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you activate this optio, both the file type exclude list ad the file extesio exclude list are activated automatically. 4 Type each file type that you wat to add to the list o a separate lie. To iclude all subtypes for a file type, use the wildcard character /*. For more iformatio o how to write the file types, see the Symatec Sca Egie Implemetatio Guide. 5 To remove a file type from the list, select it ad delete it from the File type exclude list. 6 To restore the default file type exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file type exclude list ad the file extesio exclude list.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 95 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Schedulig LiveUpdate to update virus defiitios automatically Schedulig LiveUpdate to occur automatically at a specified time iterval esures that the Symatec Sca Egie always has the most curret virus defiitios. If you use multiple sca egies to support virus scaig, schedule LiveUpdate to occur at the same time for each sca egie. This schedulig esures that all sca egies have the same versio of virus defiitios. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o the NAS Server. You must schedule LiveUpdate o each Symatec Sca Egie. Whe LiveUpdate is scheduled, LiveUpdate rus at the specified time iterval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the sca egie was istalled. You ca chage the LiveUpdate base time. If you chage the scheduled LiveUpdate iterval, the iterval adjusts based o the LiveUpdate base time. For more iformatio o chagig the base time, see the Symatec Sca Egie Implemetatio Guide. To schedule LiveUpdate to update virus defiitios automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click LiveUpdate Cotet. 3 I the right pae, uder LiveUpdate Cotet, check Eable scheduled LiveUpdate. This optio is eabled by default. 4 I the LiveUpdate iterval drop-dow list, choose a iterval. You ca select from 2, 4, 8, 10, 12, or 24-hour itervals. The default LiveUpdate iterval is 2 hours.
96 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 5 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Cofigurig Rapid Release updates to occur automatically You ca cofigure Symatec Sca Egie to obtai ucertified defiitio updates with Rapid Release. You ca cofigure Symatec Sca Egie to retrieve Rapid Release defiitios every 5 miutes to every 120 miutes. Rapid Release defiitios are created whe a ew threat is discovered. Rapid Release defiitios udergo basic quality assurace tests by Symatec Security Respose. However, they do ot udergo the itese testig that is required for a LiveUpdate release. Symatec updates Rapid Release defiitios as eeded to respod to high-level outbreaks. Warig: Rapid Release defiitios do ot udergo the same rigorous quality assurace tests as LiveUpdate ad Itelliget Updater defiitios. Symatec ecourages users to rely o the full quality-assurace-tested defiitios wheever possible. Esure that you deploy Rapid Release defiitios to a test eviromet before you istall them o your etwork. If you use a proxy or firewall that blocks FTP commuicatios, the Rapid Release feature does ot fuctio. Your eviromet must allow FTP traffic for the FTP sessio to succeed. You ca schedule Rapid Release updates to occur automatically at a specified time iterval to esure that Symatec Sca Egie always has the most curret defiitios. Scheduled Rapid Release updates are disabled by default. Cofigurig Rapid Release updates to occur automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click Rapid Release Cotet. 3 I the cotet area uder Rapid Release Cotet, check Eable scheduled Rapid Release to eable automatic dowloads of Rapid Release defiitios.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 97 This optio is disabled by default. 4 I the Rapid Release iterval box, to specify the iterval betwee which you wat Symatec Sca Egie to dowload Rapid Release defiitios, do ay of the followig steps: Type the iterval. Click the up arrow or dow arrow to select the iterval. You ca select ay umber betwee 5 miutes ad 120 miutes. The default value is 30 miutes. 5 O the toolbar, select oe of the followig: Save Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Apply Applies your chages. Your chages are ot implemeted util you About cofigurig BlueArc Storage System or Hitachi High-performace NAS Platform After you cofigure Symatec Sca Egie to use RPC as the commuicatio protocol, cofigure the cliet Eterprise Virtual Servers (EVSs) to work with Symatec Sca Egie. BlueArc Storage System or Hitachi High-performace EVS cliets must be ruig a firmware versio 4.0 or later to iterface with the Symatec Sca Egie. Each EVS should be istalled ad cofigured i accordace with the accompayig product documetatio. Each EVS should be fuctioal before you iitiate virus scaig usig Symatec Sca Egie. You must set up a shared accout with backup operator privileges o the NAS Server before you cofigure virus scaig o the NAS Server. Esure that Symatec Sca Egie service rus with this shared accout as well. See Editig the service startup properties o page 86. For more iformatio o how to set up a shared accout with local group backup operator privileges o the NAS Server, see the appropriate NAS Server documetatio.
98 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc The mai virus scaig parameters that you should cofigure ca be foud i the Virus Scaig widow uder the Data Protectio sectio i the Home page. About verifyig that the sca egie is registered with the NAS Server You ca verify that the sca egie is registered with the NAS Server after you istall Symatec Sca Egie. Registratio is automatic if you have provided the correct iformatio to Symatec Sca Egie for cotactig the EVS. Registratio occurs whe Symatec Sca Egie coects to the EVS. The Registered Virus Scaers field i the NAS Server s admiistrative iterface cotais the ames of the registered sca egies. Esure that at least oe registered sca egie is preset to be assured of virus protectio for each EVS. Note: The service startup properties for Symatec Sca Egie must be chaged to idetify a accout that has the appropriate permissios o the EVS. If the chage has ot bee doe, the sca egie caot register with the EVS because it does ot have sufficiet permissio. See Editig the service startup properties o page 86. About activatig virus scaig You ca activate ad deactivate virus scaig for each EVS. Select the EVS for which you wat to activate scaig from the EVS drop-dow box. Check Eable Virus Scaig i the NAS Server s admiistrative iterface to activate virus scaig. Ucheck Eable Virus Scaig to deactivate virus scaig. For more iformatio, see the appropriate NAS Server documetatio. About specifyig the file extesios to be scaed o the NAS Server Cofigure the list of extesios o BlueArc Storage System or Hitachi Highperformace NAS Server to cotai oly the file extesios that you wat to sca. This list lets you cotrol the file types that are passed to the Symatec Sca Egie for scaig. You ca cofigure file extesios usig the extesios iclusio list see i the File types to sca field. A default list of extesios to be submitted for virus scaig is icluded with the NAS Server. You ca modify the iclusio list by addig or removig extesios.
Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc 99 To rollback to the default iclusio list, click Reset Defaults. To sca all file types irrespective of extesios, check Sca All File Types. The highest level of protectio is achieved by scaig all file types; however, viruses are foud oly i those file types that cotai executable code. So, every file type eed ot be scaed. You ca save badwidth ad time by limitig the files to be scaed to oly those file types that ca cotai viruses. For more iformatio, see the appropriate NAS Server documetatio. About executig a full file system sca You ca flag all files for a re-sca if there are ew updated virus defiitio files o Symatec Sca Egie. Click Request Full Sca i the NAS Server s admiistrative iterface to esure that all file types listed i the iclusio list are marked for sca. The sca o a file occurs the ext time ay user accesses the file. About workig with uavailable sca egies BlueArc Storage System or Hitachi High-performace NAS Server is cofigured to dey access to files if virus scaig is eabled ad the sca egies are ot available. Esure that more tha oe sca egie is cofigured for the CIFS shares o the NAS Server so that maximum accessibility of data is guarateed. You ca deactivate virus scaig util the sca egies are available agai so that file access is still available. BlueArc Storage System ad Hitachi Highperformace NAS Platform keeps a track of all files that are ot scaed i this duratio. As soo as virus scaig is activated, the files that were created/ modified i the duratio are scaed without fail. For more iformatio, see the appropriate NAS Server documetatio. About workig with uresposive sca egies Whe large or complex files are scaed (for example, cotaier files with multiple embedded files or files that cotai polymorphic or macro viruses), the sca egie ca become uresposive. Cliets caot, temporarily, access the files. The user ca evetually access the file whe the scaig is complete ad if the file is deemed clea by the sca egie. For more iformatio, see the appropriate NAS Server documetatio.
100 Cofigurig Symatec AtiVirus for BlueArc Storage System ad Hitachi High-performace NAS Platform, powered by BlueArc
Chapter 6 Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform This chapter icludes the followig topics: About software compoets How Symatec Sca Egie works with the Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie About software compoets Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for Hitachi Essetial NAS Platform. Cofigure the followig compoets to add ativirus scaig to the Hitachi Essetial NAS Platform: Symatec Sca Egie is istalled whe Symatec AtiVirus for Network Attached Storage is istalled. Provides the virus scaig ad repair services. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. Hitachi Essetial NAS Platform Ati Virus Aget Some optios are cofigured directly o thenas Platform Ati Virus Aget. No additioal code is ecessary to coect Symatec Sca Egie to the NAS server.
102 Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform How Symatec Sca Egie works with the Hitachi Essetial NAS Platform How Symatec Sca Egie works with the Hitachi Essetial NAS Platform Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for the Hitachi Essetial NAS Platform. A sigle Symatec Sca Egie ca support multiple NAS servers. You ca use multiple sca egies to support oe or more servers for sites with larger sca volumes. Load balacig is hadled through the NAS server iterface. Virus scaig o the Hitachi Essetial NAS Platform is available oly for those files that are requested through the Commo Iteret File System (CIFS). What happes whe a file is scaed The NAS server submits files to Symatec Sca Egie for scaig o both read ad write. That is, files are scaed whe they are accessed from storage (read) ad if they are chaged o the NAS server (write). Whe a user tries to access a file, the NAS server passes the file to Symatec Sca Egie for scaig. After a file is scaed, Symatec Sca Egie idicates the scaig results to the NAS server. If a file is ifected ad ca be repaired, the sca egie returs the repaired file based o a cofigurable virus sca policy. Clea files are passed to the requestig user after the NAS server receives the scaig results. The repaired file is passed to the requestig user if the file is ifected ad ca be repaired. The stored versio of the ifected file is the replaced with the repaired file. The user is deied access to the file if the file is ifected ad caot be repaired, ad the ifected file is deleted from storage. Symatec Sca Egie ca be cofigured to quaratie these irreparable files.
Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie 103 About hadlig ifected files You ca cofigure Symatec Sca Egie to do ay of the followig whe a ifected file is foud: Sca Oly Sca ad delete Sca ad repair files Sca ad repair or delete Dey access to the ifected file, but do othig to the ifected file. Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair Try to repair the ifected file, ad dey access to ay irreparable file. Try to repair the ifected file, ad delete ay irreparable file. You ca also cofigure the sca egie to quaratie irreparable files. About cofigurig Symatec Sca Egie You must cofigure several settigs o each Symatec Sca Egie that is used to support scaig for Hitachi Essetial NAS Platform. Note: If you use multiple sca egies to support scaig, the cofiguratio settigs o each sca egie must be idetical. LiveUpdate ad Rapid Release should be scheduled to occur at the same time o all sca egies so that virus defiitios are cosistet at all times. The sca egie must be cofigured to use ICAP as the commuicatio protocol. ICAP is the default protocol at istallatio. After you have selected ICAP, you ca cofigure ICAP-specific optios. Cofigurig ICAP-specific optios You ca cofigure several settigs that are specific to the ICAP protocol through the Symatec Sca Egie admiistrative iterface. You ca also chage the protocol through the admiistrative iterface if Symatec Sca Egie has already bee cofigured to use aother protocol. However, you must maually restart the Symatec Sca Egie. For more iformatio about accessig the admiistrative iterface, see the Symatec Sca Egie Implemetatio Guide.
104 Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie Table 6-1 describes the protocol-specific optios for ICAP. Table 6-1 Optio Bid address Protocol-specific optios for ICAP Descriptio Symatec Sca Egie detects all of the available IP addresses that are istalled o the host. By default, Symatec Sca Egie accepts scaig requests o (bids to) all of the scaig IP addresses that it detects. You ca cofigure up to 64 IP addresses as scaig IP addresses. You ca specify whether you wat Symatec Sca Egie to bid to all of the IP addresses that it detects, or you ca restrict access to oe or more iterfaces. If you do ot specify at least oe IP address, Symatec Sca Egie bids to all of the scaig IP addresses that it detects. If Symatec Sca Egie fails to bid to ay of the selected IP addresses, a evet is writte to the log as a critical error. Eve if Symatec Sca Egie is uable to bid to ay IP address, you ca access the cosole. However, scaig fuctioality is uavailable. You ca use 127.0.0.1 (the loopback iterface) to let oly the cliets that are ruig o the same computer coect to Symatec Sca Egie. Port umber Sca policy The port umber must be exclusive to Symatec Sca Egie. The default port umber for ICAP is 1344. If you chage the port umber, use a umber greater tha 1024 that is ot i use by ay other program or service. Whe a ifected file is foud, Symatec Sca Egie ca do ay of the followig: Sca oly: Sca files for viruses, but do othig to ifected files. Sca ad delete: Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig repair. Sca ad repair files: Try to repair ifected files, but do othig to irreparable files (that is, do ot delete the files from archive or cotaier files). Sca ad repair or delete: Try to repair ifected files, ad delete irreparable files from archive or cotaier files. Note: If you choose the data trickle feature, the virus sca policy is automatically set to Sca oly.
Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie 105 Table 6-1 Optio Eable trickle Time before trickle data starts Protocol-specific optios for ICAP Descriptio This settig provides users with a quicker dowload respose ad avoids possible sessio timeout errors. Data tricklig is disabled by default. You ca specify how log the sca process should ru before data tricklig begis. To cofigure ICAP-specific optios 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the right pae, uder Select Commuicatio Protocol, click ICAP. The cofiguratio settigs are displayed for the selected protocol. You must maually stop ad start the service if you chage the protocol settig through the Symatec Sca Egie admiistrative iterface. 4 Uder ICAP Cofiguratio, i the Bid address box, select the scaig IP addresses that you wat to bid to Symatec Sca Egie. Check Select All to select every IP Address i the Bid address table. By default, Symatec Sca Egie bids to all iterfaces. 5 I the Port umber box, type the TCP/IP port umber. The default settig for ICAP is port 1344. 6 I the Sca policy list, select how you wat Symatec Sca Egie to hadle ifected files. The default settig is Sca ad repair or delete, which is the recommeded settig. 7 Check Eable trickle to eable the data trickle feature. The sca policy is automatically set to Sca oly. However, eablig data trickle ca compromise ativirus itegrity. The data that is trickled to the user might cotai a virus. You also caot use the Quaratie feature whe you eable data tricklig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. 8 Type the umber of secods that the sca process should ru before data tricklig begis. The settig defaults to 5 secods ad ca be up to a maximum of 86400 secods (24 hours).
106 Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie 9 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Specifyig which file types to sca o the sca egie The settigs o Symatec Sca Egie must be cofigured to specify the types of files to be scaed for viruses. The sca policy o the sca egie determies which files it should sca from the Hitachi Essetial NAS Platform Ati Virus Aget. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by usig a extesio or type exclusio list, or you ca sca all files regardless of extesio ad type. A prepopulated extesio ad type exclusio list exists that you ca modify. Symatec Sca Egie is cofigured by default to sca all files. Note: Symatec Sca Egie examies the first few bytes of every file to determie whether the file could cotai a virus. This actio occurs eve if the file extesio is ot oe that was idetified for scaig. Based o this examiatio, the sca egie may sca a file eve though it has ot bee idetified for scaig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. Specify which file types to sca o the sca egie You ca cotrol which file types are scaed by specifyig those extesios that you wat to exclude from scaig, or you ca sca all files regardless of extesio. To sca all files except for those that are i the file extesio exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig.
Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie 107 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file extesio exclude list ad the file type exclude list are activated automatically. 4 Type each file extesio that you wat to add to the list o a separate lie. Use a period with each extesio i the list. 5 To remove a file extesio from the list, select it ad delete it from the File extesio exclude list. 6 To restore the default file extesio exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all file types except those i the file type exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file type exclude list ad the file extesio exclude list are activated automatically. 4 Type each file type you wat to add to the list o a separate lie. To iclude all subtypes for a file type, use the wildcard character /*. For more iformatio o how to write the file types, see the Symatec Sca Egie Implemetatio Guide. 5 To remove a file type from the list, select it ad delete it from the File type exclude list. 6 To restore the default file type exclude list, i the left pae, uder Tasks, click Reset Default List.
108 Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all files regardless of extesio or type 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you About specifyig cotaier hadlig limits File attachmets that cosist of cotaier files ca overload the system ad cause deial-of-service attacks. They ca be overly large, cotai large umbers of embedded, compressed files, or be desiged to maliciously use resources ad degrade performace. Symatec Sca Egie ca be cofigured to impose limits o how cotaier files are hadled. This reduces the etwork s exposure to deial-of-service attacks. You ca specify the followig limits for hadlig cotaier files: The maximum amout of time, i secods, that is spet decomposig a cotaier file ad its cotets This settig does ot apply to.hqx or.amg files.
Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie 109 The maximum file size, i megabytes, for the idividual files that are i a cotaier file The maximum umber of ested levels to decompose for scaig The maximum umber of bytes that are read whe determiig whether a file is MIME-ecoded You ca specify whether to allow or dey access to the file if ay of these specified limits is met or exceeded. Symatec Sca Egie blocks cotaier files based o their type, because oly certai file types cotai virus or malicious code. You ca cofigure Symatec Sca Egie to block partial cotaier files, malformed cotaier files, ad ecrypted cotaier files as well. For more iformatio o cotaier hadlig limits, see the Symatec ScaEgie Implemetatio Guide. Schedulig LiveUpdate to update virus defiitios automatically Schedulig LiveUpdate to occur automatically at a specified time iterval esures that Symatec Sca Egie always has the most curret virus defiitios. Schedule LiveUpdate to occur at the same time for each sca egie if you use multiple sca egies to support virus scaig. This schedulig esures that all sca egies have the same versio of virus defiitios. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o Hitachi Essetial NAS Platform Ati Virus Aget. You must schedule LiveUpdate o each Symatec Sca Egie. Whe LiveUpdate is scheduled, LiveUpdate rus at the specified time iterval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the sca egie was istalled. You ca chage the LiveUpdate base time. If you chage the scheduled LiveUpdate iterval, the iterval adjusts based o the LiveUpdate base time. To schedule LiveUpdate to update virus defiitios automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click LiveUpdate Cotet. 3 I the right pae, uder LiveUpdate Cotet, check Eable scheduled LiveUpdate. This optio is eabled by default. 4 I the LiveUpdate iterval drop-dow list, choose a iterval.
110 Cofigurig Symatec AtiVirus for Hitachi Essetial NAS Platform About cofigurig Symatec Sca Egie You ca select from 2, 4, 8, 10, 12, or 24-hour itervals. The default LiveUpdate iterval is 2 hours. 5 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place.
Chapter 7 Cofigurig Symatec AtiVirus for ONStor EverON About software compoets How Symatec Sca Egie works with the ONStor EverON About cofigurig Symatec Sca Egie About cofigurig the ONStor VirusSca Applet About software compoets Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for ONStor EverON. Cofigure the followig compoets to add ativirus scaig to the ONStor EverON: Symatec Sca Egie is istalled whe Symatec AtiVirus for Network Attached Storage is istalled. Provides the virus scaig ad repair services. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. ONStor EverON VirusSca Applet The VirusSca applet hadles the commuicatio betwee the NAS Server ad the Symatec Sca Egie. A IstallShield guides you through the istallatio process.
112 Cofigurig Symatec AtiVirus for ONStor EverON How Symatec Sca Egie works with the ONStor EverON How Symatec Sca Egie works with the ONStor EverON Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for the ONStor EverON. A sigle Symatec Sca Egie ca support multiple NAS servers. You ca use multiple sca egies to support oe or more servers for sites with larger sca volumes. Load balacig is hadled through the NAS server iterface. Virus scaig o the ONStor EverON is available for icomig files for CIFS ad NFS, ad outgoig files for CIFS. What happes whe a file is scaed The NAS server submits files to Symatec Sca Egie for scaig o both read ad write. That is, files are scaed whe they are accessed from storage (read) ad if they are chaged o the NAS server (write). Whe a user tries to access a file, the NAS server passes the file to Symatec Sca Egie for scaig. After a file is scaed, Symatec Sca Egie idicates the scaig results to the NAS server. If a file is ifected ad ca be repaired, the sca egie returs the repaired file based o a cofigurable virus sca policy. Clea files are passed to the requestig user after the NAS server receives the scaig results. The repaired file is passed to the requestig user if the file is ifected ad ca be repaired. The stored versio of the ifected file is the replaced with the repaired file. The user is deied access to the file if the file is ifected ad caot be repaired, ad the ifected file is deleted from storage. Symatec Sca Egie ca be cofigured to quaratie these irreparable files. After a file has bee scaed ad declared clea, the scaed state iformatio is stored i its metadata o disk. It avoids redudat scas of those files that have already bee scaed. These files will ot be scaed agai uless they are modified or the admiistrator requests a full sca of the files from the NAS server s admiistrative iterface.
Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig Symatec Sca Egie 113 About hadlig ifected files You ca cofigure Symatec Sca Egie to do ay of the followig whe a ifected file is foud: Sca Oly Sca ad delete Sca ad repair files Sca ad repair or delete Dey access to the ifected file, but do othig to the ifected file. Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair Try to repair the ifected file, ad dey access to ay irreparable file. Try to repair the ifected file, ad delete ay irreparable file. You ca also cofigure the sca egie to quaratie irreparable files. About cofigurig Symatec Sca Egie You must cofigure several settigs o each Symatec Sca Egie that is used to support scaig for ONStor EverON with NAS Optio. Note: If you use multiple sca egies to support scaig, the cofiguratio settigs o each sca egie must be idetical. LiveUpdate ad Rapid Release should be scheduled to occur at the same time o all sca egies so that virus defiitios are cosistet at all times. The sca egie must be cofigured to use ICAP as the commuicatio protocol. ICAP is the default protocol at istallatio. After you have selected ICAP, you ca cofigure ICAP-specific optios. Cofigurig ICAP-specific optios You ca cofigure several settigs that are specific to the ICAP protocol through the Symatec Sca Egie admiistrative iterface. You ca also chage the protocol through the admiistrative iterface if Symatec Sca Egie has already bee cofigured to use aother protocol. However, you must maually restart the Symatec Sca Egie. For more iformatio about accessig the admiistrative iterface, see the Symatec Sca Egie Implemetatio Guide.
114 Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig Symatec Sca Egie Table 7-1 describes the protocol-specific optios for ICAP. Table 7-1 Optio Bid address Protocol-specific optios for ICAP Descriptio Symatec Sca Egie detects all of the available IP addresses that are istalled o the host. By default, Symatec Sca Egie accepts scaig requests o (bids to) all of the scaig IP addresses that it detects. You ca cofigure up to 64 IP addresses as scaig IP addresses. You ca specify whether you wat Symatec Sca Egie to bid to all of the IP addresses that it detects, or you ca restrict access to oe or more iterfaces. If you do ot specify at least oe IP address, Symatec Sca Egie bids to all of the scaig IP addresses that it detects. If Symatec Sca Egie fails to bid to ay of the selected IP addresses, a evet is writte to the log as a critical error. Eve if Symatec Sca Egie is uable to bid to ay IP address, you ca access the cosole. However, scaig fuctioality is uavailable. You ca use 127.0.0.1 (the loopback iterface) to let oly the cliets that are ruig o the same computer coect to Symatec Sca Egie.. Port umber Sca policy The port umber must be exclusive to Symatec Sca Egie. The default port umber for ICAP is 1344. If you chage the port umber, use a umber greater tha 1024 that is ot i use by ay other program or service. Whe a ifected file is foud, Symatec Sca Egie ca do ay of the followig: Sca oly: Sca files for viruses, but do othig to ifected files. Sca ad delete: Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig repair. Sca ad repair files: Try to repair ifected files, but do othig to irreparable files (that is, do ot delete the files from archive or cotaier files). Sca ad repair or delete: Try to repair ifected files, ad delete irreparable files from archive or cotaier files. Note: If you choose the data trickle feature, the virus sca policy is automatically set to Sca oly.
Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig Symatec Sca Egie 115 Table 7-1 Optio Eable trickle Time before trickle data starts Protocol-specific optios for ICAP Descriptio This settig provides users with a quicker dowload respose ad avoids possible sessio timeout errors. Data tricklig is disabled by default. You ca specify how log the sca process should ru before data tricklig begis. To cofigure ICAP-specific optios 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the right pae, uder Select Commuicatio Protocol, click ICAP. The cofiguratio settigs are displayed for the selected protocol. You must maually stop ad start the service if you chage the protocol settig through the Symatec Sca Egie admiistrative iterface. 4 Uder ICAP Cofiguratio, i the Bid address box, select the scaig IP addresses that you wat to bid to Symatec Sca Egie. Check Select All to select every IP Address i the Bid address table. By default, Symatec Sca Egie bids to all iterfaces. 5 I the Port umber box, type the TCP/IP port umber. The default settig for ICAP is port 1344. 6 I the Sca policy list, select how you wat Symatec Sca Egie to hadle ifected files. The default settig is Sca ad repair or delete, which is the recommeded settig. 7 Check Eable trickle to eable the data trickle feature. The sca policy is automatically set to Sca oly. However, eablig data trickle ca compromise ativirus itegrity. The data that is trickled to the user might cotai a virus. You also caot use the Quaratie feature whe you eable data tricklig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. 8 Type the umber of secods that the sca process should ru before data tricklig begis. The settig defaults to 5 secods ad ca be up to a maximum of 86400 secods (24 hours).
116 Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig Symatec Sca Egie 9 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Specifyig which file types to sca o the sca egie The settigs o Symatec Sca Egie must be cofigured to specify the types of files to be scaed for viruses. The sca policy o the sca egie determies which files it should sca. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by usig a extesio or type exclusio list, or you ca sca all files regardless of extesio ad type. A prepopulated extesio ad type exclusio list exists that you ca modify. Symatec Sca Egie is cofigured by default to sca all files. Note: Symatec Sca Egie examies the first few bytes of every file to determie whether the file could cotai a virus. This actio occurs eve if the file extesio is ot oe that was idetified for scaig. Based o this examiatio, the sca egie may sca a file eve though it has ot bee idetified for scaig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. Specify which file types to sca o the sca egie You ca cotrol which file types are scaed by specifyig those extesios that you wat to exclude from scaig, or you ca sca all files regardless of extesio. To sca all files except for those that are i the file extesio exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists.
Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig Symatec Sca Egie 117 Whe you eable this optio, both the file extesio exclude list ad the file type exclude list are activated automatically. 4 Type each file extesio that you wat to add to the list o a separate lie. Use a period with each extesio i the list. 5 To remove a file extesio from the list, select it ad delete it from the File extesio exclude list. 6 To restore the default file extesio exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all file types except those i the file type exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file type exclude list ad the file extesio exclude list are activated automatically. 4 Type each file type you wat to add to the list o a separate lie. To iclude all subtypes for a file type, use the wildcard character /*. For more iformatio o how to write the file types, see the Symatec Sca Egie Implemetatio Guide. 5 To remove a file type from the list, select it ad delete it from the File type exclude list. 6 To restore the default file type exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list.
118 Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig Symatec Sca Egie 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all files regardless of extesio or type 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you About specifyig cotaier hadlig limits File attachmets that cosist of cotaier files ca overload the system ad cause deial-of-service attacks. They ca be overly large, cotai large umbers of embedded, compressed files, or be desiged to maliciously use resources ad degrade performace. Symatec Sca Egie ca be cofigured to impose limits o how cotaier files are hadled. This reduces the etwork s exposure to deial-of-service attacks. You ca specify the followig limits for hadlig cotaier files: The maximum amout of time, i secods, that is spet decomposig a cotaier file ad its cotets This settig does ot apply to.hqx or.amg files. The maximum file size, i megabytes, for the idividual files that are i a cotaier file
Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig Symatec Sca Egie 119 The maximum umber of ested levels to decompose for scaig The maximum umber of bytes that are read whe determiig whether a file is MIME-ecoded You ca specify whether to allow or dey access to the file if ay of these specified limits is met or exceeded. Symatec Sca Egie blocks cotaier files based o their type, because oly certai file types cotai virus or malicious code. You ca cofigure Symatec Sca Egie to block partial cotaier files, malformed cotaier files, ad ecrypted cotaier files as well. For more iformatio o cotaier hadlig limits, see the Symatec ScaEgie Implemetatio Guide. Schedulig LiveUpdate to update virus defiitios automatically Schedulig LiveUpdate to occur automatically at a specified time iterval esures that Symatec Sca Egie always has the most curret virus defiitios. Schedule LiveUpdate to occur at the same time for each sca egie if you use multiple sca egies to support virus scaig. This schedulig esures that all sca egies have the same versio of virus defiitios. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o ONStore EverON. You must schedule LiveUpdate o each Symatec Sca Egie. Whe LiveUpdate is scheduled, LiveUpdate rus at the specified time iterval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the sca egie was istalled. You ca chage the LiveUpdate base time. If you chage the scheduled LiveUpdate iterval, the iterval adjusts based o the LiveUpdate base time. To schedule LiveUpdate to update virus defiitios automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click LiveUpdate Cotet. 3 I the right pae, uder LiveUpdate Cotet, check Eable scheduled LiveUpdate. This optio is eabled by default. 4 I the LiveUpdate iterval drop-dow list, choose a iterval. You ca select from 2, 4, 8, 10, 12, or 24-hour itervals. The default LiveUpdate iterval is 2 hours.
120 Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig the ONStor VirusSca Applet 5 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you You must perform a maual restart for the chages to take place. About cofigurig the ONStor VirusSca Applet Before istallig the VirusSca applet, verify the followig: Verify that your NAS server is istalled, powered up, ad cofigured. Esure that the Symatec Sca Egie is istalled ad cofigured to use Iteret Cotet Adaptatio Protocol (ICAP). Refer to the Symatec Sca Egie documetatio o how to do this. Verify that both the VirusSca applet ad the Symatec Sca Egie are istalled o servers cofigured with a static IP address. You are logged i as a admiistrator or with a accout that has admiistrator privileges for istallig the VirusSca applet. CIFS domai users must have admiistrator privileges o the machie where the applet is istalled. Cofigurig the VirusSca Applet for the Symatec Sca Egie The ONStor VirusSca applet eeds to access files i read/write mode i the virtual server. Therefore, the user accout that lauches the applet must be cofigured with BACKUP ad RESTORE privilege. The scope of the privilege ca be either VIRTUAL SERVER or CLUSTER. To eable virus scaig, cofigure the privilege before startig the ONStor VirusSca applet, or restart the applet after you cofigure the privilege. Use the priv add commad to cofigure privileges for the user accout.
Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig the ONStor VirusSca Applet 121 Table 7-2 describes the directory cotaiig the VirusSca applet executable ad its associated files. Table 7-2 File Cotets of the VirusSca Applet Directory Descriptio ONStorVirusScaApplet.exe VScaEgie.dll ocrpc.dll PortMap.exe msvcr70d.dll symcsapi.dll ONStorVirusScaApplet.cofig Applicatio ONStor dll ONC/SUN RPC dll for Widows RPC port mappig utility Widow Service applicatio Used by portmap.exe. Some machies might eed this library Symatec Sca Egie dll Cofiguratio file for eterig the Symatec Sca Egie IP ad ICAP port for the VirusSca applet The VirusSca applet file is a XML file that eables you to specify the Symatec Sca Egie IP address ad ICAP port umber for the applet to use. If o alterate cofiguratio file is available, the applet uses the Symatec Sca Egie o the desigated default machie, 127.0.0.1, ad it uses the default ICAP port, 1344. The followig example shows the applet with the default IP ad ICAP port specified: Note: If you do ot use the default port for ICAP, you eed to specify the port umber i the applet cofiguratio file. <ONStorVirusScaApplet> <LogFile mode="disable" ame="vscaapplet.log" /> <Resource MaxNumberofParallelFileScaig="100" /> <ScaEgie> <Symatec> <Egie IP="127.0.0.1" Port="1344" /> </Symatec> </ScaEgie> </ONStorVirusScaApplet>
122 Cofigurig Symatec AtiVirus for ONStor EverON About cofigurig the ONStor VirusSca Applet You ca cofigure the applet so that Symatec Sca Egie writes a sca log to a log file i the same directory i which the applet is istalled. The applet show previously icludes a log-file etry that is disabled. If you specify the log file mode by replacig disable i the show code with eable, the applet creates a log file or writes to the existig log file either i the curret directory or i a path you provide withi the applet. If the log file mode is set to disable, the applet seds output to the cosole oly. If the curret log file reaches the maximum size of 5MB, the file is automatically reamed (for example, from applet.log to a older versio log file, such as applet.log.old). If a older versio already exists, the ewer versio overwrites the older versio, ad ew icomig messages are writte to the active log file. You ca cofigure the applet to sca a umber of files cocurretly. The MaxNumberOfParallelScaig parameter i the cofiguratio file specifies the maximum umber of files the applet ca sca cocurretly. The default is 100. Note: Parallel scaig affects memory usage. Depedig o the memory available, if you set the value for parallel scaig too high, your etwork operatios might take a log time or the etire etwork might fail. If you wat the applet to use more tha oe Symatec Sca Egie, add the IP addresses for each ito the cofiguratio file so the cliet library ca automatically load balace over the virus sca egies. The followig example shows a applet usig two Symatec Sca Egies, 10.2.14.150 ad 10.2.14.151. Both use the default port, 1344. <ONStorVirusScaApplet> <LogFile mode="eable" ame="vscaapplet.log" /> <Resource MaxNumberofParallelFileScaig="100" /> <ScaEgie> <Symatec> <Egie IP="10.2.14.150" Port="1344" /> <Egie IP="10.2.14.151" Port="1344" /> </Symatec> </ScaEgie> </ONStorVirusScaApplet>
Chapter 8 Cofigurig Symatec AtiVirus for EMC Celerra Network Server This chapter icludes the followig topics: About software compoets How Symatec Sca Egie works with EMC Celerra Network Server About preparig for istallatio About cofigurig Symatec Sca Egie About cofigurig EMC Celerra Network Server Kow issue with EMC Celerra Network Server Recommedatios while itegratig multiple sca egies
124 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About software compoets About software compoets Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for the EMC Celerra series of etwork-attached storage (NAS) devices. To add ativirus scaig to EMC Celerra Network Server, istall ad cofigure the followig compoets: Symatec Sca Egie CAVA or Celerra Ati Virus Aget Virus-checkig cliet (VC cliet) Provides the virus scaig ad repair services. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. Provides the virus scaig fuctioality ad esures the seamless itegratio of Symatec Sca Egie with EMC Celerra Network Server. See About istallig the Celerra Ati Virus Aget o page 136 Use the CAVA calculator to estimate the umber of Celerra Ati Virus Agets for your etwork. For more iformatio o the CAVA calculator, see the appropriate EMC Celerra documetatio. Queues file ames to the Celerra Ati Virus Aget. It is the aget compoet o EMC Celerra Network Server. See About cofigurig virus scaig o EMC Celerra Network Server o page 137. How Symatec Sca Egie works with EMC Celerra Network Server Symatec AtiVirus for Network Attached Storage provides virus scaig ad repair capabilities for the EMC Celerra series of etwork-attached storage devices. The Celerra Ati Virus Aget uses the Iteret Cotet Adaptatio Protocol (ICAP) to commuicate with Symatec Sca Egie 5.1.X ad higher. However, CAVA uses the Native protocol to commuicate with Symatec Sca Egie 4.3.X. I a typical EMC Celerra Network Server eviromet, a miimum of two sca egies is required to hadle sca volume. Based o the umber of Celerra Ati Virus Agets (CAVAs) ad the size of the etwork, the CAVA sizig tool gives the ideal umber of sca egies that must be istalled i the etwork.
Cofigurig Symatec AtiVirus for EMC Celerra Network Server How Symatec Sca Egie works with EMC Celerra Network Server 125 How are files scaed About scaig o read For more iformatio o the CAVA sizig tool, see the appropriate EMC Celerra documetatio. EMC Celerra Network Server hadles load balacig across multiple sca egies ad Celerra Ati Virus Agets automatically. The Celerra Ati Virus Aget is cofigured to sca a file whe it is closed, if it has bee modified. You ca also eable a sca-o-read optio o the Celerra Network Server. A file is scaed o first-read ad reame also. See About scaig o read o page 125. Whe a user modifies or accesses a file, the Virus-checkig cliet o EMC Celerra Network Server triggers a sca ad queues the file path ame to the Celerra Ati Virus Aget. The Celerra Ati Virus Aget opes a coectio with Symatec Sca Egie. The Celerra Ati Virus Aget the passes the file path ame to the sca egie. Symatec Sca Egie opes ad scas the file, after which, the Celerra Ati Virus Aget closes the coectio with the sca egie. Symatec Sca Egie idicates the scaig results to the Celerra Ati Virus Aget after a file is scaed. The sca egie also repairs the file o EMC Celerra Network Server if a file is ifected ad ca be repaired. After the Celerra Ati Virus Aget receives the scaig results ad reports that the file is clea, EMC Celerra Network Server allows access to the requestig user. You ca cofigure the actio to be take with ifected files by specifyig the sca policy o Symatec Sca Egie. The sca egie repairs ifected but repairable files i its place o EMC Celerra Network Server. This repaired file is passed to the requestig user. The user is deied access to the file, ad the ifected file is quaratied if the file is ifected ad caot be repaired. However, the user will eed to cofigure Symatec Sca Egie to quaratie a urepairable file. See About quaratiig urepairable files o Symatec Sca Egie o page 127. The sca-o-read feature is disabled by default. This fuctioality ca be eabled by usig the server_viruschk commad whe cofigurig the Viruscheckig cliet o the Celerra Network Server. The Celerra Ati Virus Aget uses the file s access time to determie whether a file should be scaed o read oce the sca-o-read optio has bee eabled.
126 Cofigurig Symatec AtiVirus for EMC Celerra Network Server How Symatec Sca Egie works with EMC Celerra Network Server Whe the user tries to ope a file, the Celerra Ati Virus Aget compares the file s access time with a referece time. This referece time is stored i the virus checker cofiguratio file foud o EMC Celerra Network Server. If the file access time is before the referece time, the the file is scaed o read. The referece time ca be set or disabled by the server_viruschk commad. The Celerra Ati Virus Aget iforms the Celerra Network Server to set the access time each time the virus defiitio files are updated o Symatec Sca Egie. For more iformatio, see the appropriate EMC Celerra documetatio. About specifyig which file types are scaed To specify the file types to be scaed for viruses, cofigure settigs ad parameters o both the Virus-checkig cliet (VC cliet) ad Symatec Sca Egie. About specifyig file types o the Virus-checkig cliet Based o file extesios, the Virus-checkig cliet determies, iitially, whether it should pass a file to the Celerra Ati Virus Aget ad the to Symatec Sca Egie for scaig. You cofigure which files are passed to Symatec Sca Egie for scaig by modifyig the masks= ad excl= parameters i the viruschecker.cof file o EMC Celerra Network Server. You ca cotrol which files are scaed by usig the exclusio or a iclusio list, or you ca sca all files regardless of extesio. The exclusio list is defied i the viruschecker.cof file by the excl= parameter ad the iclusio list is defied by the masks= parameter. Cofigure the Celerra Ati Virus Aget to pass all file types to the sca egie except those that are cotaied i the exclusio list. The exclusio list cotais extesios for those file types that are ot likely to cotai viruses ad ca be excluded from scaig. See About cofigurig virus scaig o EMC Celerra Network Server o page 137. About specifyig file types o Symatec Sca Egie You ca cofigure Symatec Sca Egie so that selected file types ad file extesios are excluded from scaig. The sca policy o Symatec Sca Egie is as importat as the Virus-checkig cliet settig. The sca policy o the sca egie determies which files to sca upo receivig a file from the Celerra Ati Virus Aget. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by
Cofigurig Symatec AtiVirus for EMC Celerra Network Server How Symatec Sca Egie works with EMC Celerra Network Server 127 usig the file type ad extesio exclusio list, or you ca sca all files regardless of extesio. Note: Exclusio lists esure that all file types are ot scaed; therefore, ew types of viruses might ot be detected. Scaig all files regardless of extesio ad type is the most secure settig, but it imposes the heaviest demad o resources. Durig virus outbreaks, you might wat to sca all files eve if you ormally cotrol the file types that are scaed with the exclusio list. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. See Specifyig which file types to sca o the sca egie o page 131. About specifyig the sca policy You cofigure the sca policy through the Symatec Sca Egie admiistrative iterface. Whe a ifected file is foud, the sca egie ca do ay of the followig: Sca oly Sca ad delete Sca ad repair files Sca ad repair or delete Sca files for viruses, but do othig to ifected files Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair Try to repair ifected files, but do othig to urepairable files (that is, do ot delete the files from archive or cotaier files). Try to repair ifected files, ad delete urepairable files from archive or cotaier files About quaratiig urepairable files o Symatec Sca Egie You ca cofigure Symatec Sca Egie to quaratie files that are ifected with viruses ad are urepairable. You must provide the host ame or IP address of a Widows 2000 Server/Widows 2003 Server/Widows 2008 Server computer that has the Symatec Quaratie Server istalled. For more iformatio, see the Symatec Sca Egie Implemetatio Guide.
128 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About preparig for istallatio About preparig for istallatio The computer o which you pla to istall Symatec Sca Egie must meet the system requiremets that are listed i the Symatec Sca Egie Implemetatio Guide. After you have istalled Symatec Sca Egie, cofigure the virus scaig fuctioality o EMC Celerra Network Server by istallig the Celerra Ati Virus Aget (CAVA) o each server that fuctios as the sca egie. Also, cofigure the Virus-Checkig cliet o EMC Celerra Network Server. About cofigurig Symatec Sca Egie You must cofigure several settigs o each Symatec Sca Egie that is used to support scaig for EMC Celerra Network Server. Note: The cofiguratio settigs o each sca egie must be idetical if you use multiple sca egies to support scaig. LiveUpdate ad Rapid Release should be scheduled to occur at the same time o all sca egies so that virus defiitios are cosistet at all times. The sca egie must be cofigured to use ICAP as the commuicatio protocol. ICAP is the default protocol at istallatio. After you have selected ICAP, you ca cofigure ICAP-specific optios. Cofigurig ICAP-specific optios After you istall Symatec Sca Egie, you ca cofigure several settigs that are specific to the ICAP protocol through the Symatec Sca Egie admiistrative iterface. If Symatec Sca Egie has already bee cofigured to use aother protocol, you ca also chage the protocol through the admiistrative iterface. However, you must maually restart the Symatec Sca Egie. For more iformatio about accessig the admiistrative iterface, see the Symatec Sca Egie Implemetatio Guide.
Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig Symatec Sca Egie 129 Table 8-1 describes the protocol-specific optios for ICAP. Table 8-1 Optio Bid address Protocol-specific optios for ICAP Descriptio Symatec Sca Egie detects all of the available IP addresses that are istalled o the host. By default, Symatec Sca Egie accepts scaig requests o (bids to) all of the scaig IP addresses that it detects. You ca cofigure up to 64 IP addresses as scaig IP addresses. You ca specify whether you wat Symatec Sca Egie to bid to all of the IP addresses that it detects, or you ca restrict access to oe or more iterfaces. If you do ot specify at least oe IP address, Symatec Sca Egie bids to all of the scaig IP addresses that it detects. If Symatec Sca Egie fails to bid to ay of the selected IP addresses, a evet is writte to the log as a critical error. Eve if Symatec Sca Egie is uable to bid to ay IP address, you ca access the cosole. However, scaig fuctioality is uavailable. Note: You ca use 127.0.0.1 (the loopback iterface) to let oly the cliets that are ruig o the same computer coect to Symatec Sca Egie. Port umber Sca policy The port umber must be exclusive to Symatec Sca Egie. For ICAP, the default port umber is 1344. If you chage the port umber, use a umber greater tha 1024 that is ot i use by ay other program or service. Whe a ifected file is foud, Symatec Sca Egie ca do ay of the followig: Sca oly: Sca files for viruses, but do othig to ifected files. Sca ad delete: Sca files for viruses, ad delete ay ifected files that are embedded i archive or cotaier files without tryig to repair. Sca ad repair files: Try to repair ifected files, but do othig to urepairable files (that is, do ot delete the files from archive or cotaier files). Sca ad repair or delete: Try to repair ifected files, ad delete urepairable files from archive or cotaier files. Note: If you choose the data trickle feature, the virus sca policy is automatically set to Sca oly.
130 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig Symatec Sca Egie Table 8-1 Optio Eable trickle Protocol-specific optios for ICAP Descriptio This settig provides users with a quicker dowload respose ad avoids possible sessio time-out errors. Data tricklig is disabled by default. Time before trickle data starts You ca specify how log the sca process should ru before data tricklig begis. To cofigure ICAP-specific optios 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Cofiguratio. 2 Uder Views, click Protocol. 3 I the right pae, uder Select Commuicatio Protocol, click ICAP. The cofiguratio settigs are displayed for the selected protocol. If you chage the protocol settig from RPC to ICAP through the Symatec Sca Egie admiistrative iterface, you must maually stop ad start the service. 4 Uder ICAP Cofiguratio, i the Bid address box, select the scaig IP addresses that you wat to bid to Symatec Sca Egie. Check Select All to select every IP Address i the Bid address table. By default, Symatec Sca Egie bids to all iterfaces. 5 I the Port umber box, type the TCP/IP port umber that the Celerra Ati Virus Aget uses to pass files to Symatec Sca Egie for scaig. The default settig for ICAP is port 1344. 6 I the Sca policy list, select how you wat Symatec Sca Egie to hadle ifected files. The default settig is Sca ad repair or delete, which is the recommeded settig. 7 Check Eable trickle to activate the data tricklig feature. The sca policy is automatically set to Sca oly. However, eablig data trickle ca compromise ativirus itegrity. The data that is trickled to the user might cotai a virus. You also caot use the Quaratie feature whe you eable data tricklig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. 8 Type the umber of secods that the sca process should ru before data tricklig begis. The settig defaults to 5 secods ad ca be up to a maximum of 86400 secods.
Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig Symatec Sca Egie 131 9 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Specifyig which file types to sca o the sca egie The settigs o Symatec Sca Egie must be cofigured to specify the types of files to be scaed for viruses. The sca policy o the sca egie determies which files it should sca from the Celerra Ati Virus Aget. The scaed files are those cotaied i archive or cotaier file formats. You ca cotrol which embedded files are scaed by usig a extesio or type exclusio list, or you ca sca all files regardless of extesio ad type. A prepopulated extesio ad type exclusio list exists that you ca modify. Symatec Sca Egie is cofigured by default to sca all files. Note: Symatec Sca Egie examies the first few bytes of every file to determie whether the file could cotai a virus. This actio occurs eve if the file extesio is ot oe that was idetified for scaig. Based o this examiatio, the sca egie may sca a file eve though it has ot bee idetified for scaig. For more iformatio, see the Symatec Sca Egie Implemetatio Guide. See About cofigurig virus scaig o EMC Celerra Network Server o page 137. Specify which file types to sca o the sca egie You ca cotrol which file types are scaed by specifyig those extesios that you wat to exclude from scaig, or you ca sca all files regardless of extesio. To sca all files except for those that are i the file extesio exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig.
132 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig Symatec Sca Egie 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file extesio exclude list ad the file type exclude list are activated automatically. 4 Type each file extesio that you wat to add to the list o a separate lie. Use a period with each extesio i the list. 5 To remove a file extesio from the list, select it ad delete it from the File extesio exclude list. 6 To restore the default file extesio exclude list, i the left pae, uder Tasks, click Reset Default List. This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you apply them. To sca all file types except those i the file type exclusio list 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files except those i the extesio or type exclude lists. Whe you eable this optio, both the file type exclude list ad the file extesio exclude list are activated automatically. 4 Type each file type you wat to add to the list o a separate lie. To iclude all subtypes for a file type, use the wildcard character /*. For more iformatio o how to write the file types, see the Symatec Sca Egie Implemetatio Guide. 5 To remove a file type from the list, select it ad delete it from the File type exclude list. 6 To restore the default file type exclude list, i the left pae, uder Tasks, click Reset Default List.
Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig Symatec Sca Egie 133 This optio restores the default file-type exclude list ad the file-extesio exclude list. 7 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you To sca all files regardless of extesio or type 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click Policies. 2 Uder Views, click Scaig. 3 I the right pae, uder Files to Sca, click Sca all files. 4 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you About specifyig cotaier hadlig limits File attachmets that cosist of cotaier files ca overload the system ad cause deial-of-service attacks. They ca be overly large, cotai large umbers of embedded, compressed files, or be desiged to maliciously use resources ad degrade performace. Symatec Sca Egie ca be cofigured to impose limits o how cotaier files are hadled. This reduces the etwork s exposure to deial-of-service attacks. You ca specify the followig limits for hadlig cotaier files: The maximum amout of time, i secods, that is spet decomposig a cotaier file ad its cotets This settig does ot apply to.hqx or.amg files.
134 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig Symatec Sca Egie The maximum file size, i megabytes, for the idividual files that are i a cotaier file The maximum umber of ested levels to decompose for scaig The maximum umber of bytes that are read whe determiig whether a file is MIME-ecoded You ca specify whether to allow or dey access to the file if ay of these specified limits is met or exceeded. Symatec Sca Egie blocks cotaier files based o their type, because oly certai file types cotai virus or malicious code. You ca cofigure Symatec Sca Egie to block partial cotaier files, malformed cotaier files, ad ecrypted cotaier files as well. For more iformatio o cotaier hadlig limits, see the Symatec Sca Egie Implemetatio Guide. Schedulig LiveUpdate to update virus defiitios automatically Schedulig LiveUpdate to occur automatically at a specified time iterval esures that Symatec Sca Egie always has the most curret virus defiitios. Schedule LiveUpdate to occur at the same time for each sca egie if you use multiple sca egies to support virus scaig. This schedulig esures that all sca egies have the same versio of virus defiitios. Havig the same versio of virus defiitios is ecessary for proper fuctioig of virus scaig o EMC Celerra Network Server. You must schedule LiveUpdate o each Symatec Sca Egie. Whe LiveUpdate is scheduled, LiveUpdate rus at the specified time iterval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the sca egie was istalled. You ca chage the LiveUpdate base time. If you chage the scheduled LiveUpdate iterval, the iterval adjusts based o the LiveUpdate base time. For more iformatio o chagig the base time, see the Symatec Sca Egie Implemetatio Guide. To schedule LiveUpdate to update virus defiitios automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System. 2 Uder Views, click LiveUpdate Cotet. 3 I the right pae, uder LiveUpdate Cotet, check Eable scheduled LiveUpdate. This optio is eabled by default.
Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig Symatec Sca Egie 135 4 I the LiveUpdate iterval drop-dow list, choose a iterval. You ca select from 2, 4, 8, 10, 12, or 24-hour itervals. The default LiveUpdate iterval is 2 hours. 5 O the toolbar, select oe of the followig: Save Apply Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Applies your chages. Your chages are ot implemeted util you Cofigurig Rapid Release updates to occur automatically You ca cofigure Symatec Sca Egie to obtai ucertified defiitio updates with Rapid Release. You ca cofigure Symatec Sca Egie to retrieve Rapid Release defiitios every 5 miutes to every 120 miutes. Rapid Release defiitios are created whe a ew threat is discovered. Rapid Release defiitios udergo basic quality assurace tests by Symatec Security Respose. However, they do ot udergo the itese testig that is required for a LiveUpdate release. Symatec updates Rapid Release defiitios as eeded to respod to high-level outbreaks. Warig: Rapid Release defiitios do ot udergo the same rigorous quality assurace tests as LiveUpdate ad Itelliget Updater defiitios. Symatec ecourages users to rely o the full quality-assurace-tested defiitios wheever possible. Esure that you deploy Rapid Release defiitios to a test eviromet before you istall them o your etwork. If you use a proxy or firewall that blocks FTP commuicatios, the Rapid Release feature does ot fuctio. Your eviromet must allow FTP traffic for the FTP sessio to succeed. You ca schedule Rapid Release updates to occur automatically at a specified time iterval to esure that Symatec Sca Egie always has the most curret defiitios. Scheduled Rapid Release updates are disabled by default. Cofigurig Rapid Release updates to occur automatically 1 O the Symatec Sca Egie admiistrative iterface, i the left pae, click System.
136 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig EMC Celerra Network Server 2 Uder Views, click Rapid Release Cotet. 3 I the cotet area uder Rapid Release Cotet, check Eable scheduled Rapid Release to eable automatic dowloads of Rapid Release defiitios. This optio is disabled by default. 4 I the Rapid Release iterval box, to specify the iterval betwee which you wat Symatec Sca Egie to dowload Rapid Release defiitios, do ay of the followig steps: Type the iterval. Click the up arrow or dow arrow to select the iterval. You ca select ay umber betwee 5 miutes ad 120 miutes. The default value is 30 miutes. 5 O the toolbar, select oe of the followig: Save Saves your chages. You ca cotiue to make chages i the admiistrative iterface util you are ready to Apply Applies your chages. Your chages are ot implemeted util you About cofigurig EMC Celerra Network Server You must register at least oe Symatec Sca Egie for each EMC Celerra Network Server for which you provide virus scaig. You must also cofigure the virus sca fuctioality o EMC Celerra Network Server i accordace with the EMC Celerra documetatio. Istall the Celerra Ati Virus Aget (CAVA) o each server that fuctios as the sca egie. About istallig the Celerra Ati Virus Aget Durig the Celerra Ati Virus Aget istallatio procedure, esure that you do all of the followig: Create a user accout (for the CAVA server) i the domai to which each EMC Celerra Network Server belogs. Create a local group o each EMC Celerra Network Server ad the add the CAVA user to this group. Assig virus-checkig rights to this group i accordace with the EMC Celerra documetatio. Also, assig local admiistrative rights to the CAVA user. For more iformatio, see the appropriate EMC Celerra documetatio.
Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig EMC Celerra Network Server 137 Cofigure virus scaig o EMC Celerra Network Server by settig certai virus checkig parameters i the viruschecker.cof file. See About cofigurig virus scaig o EMC Celerra Network Server o page 137. Istall the Celerra Ati Virus Aget o each server o which you istalled Symatec Sca Egie. For more iformatio, see the appropriate EMC Celerra documetatio. Start the Virus-checkig cliet (VC cliet) o each EMC Celerra Network Server. See About startig the Virus-checkig cliet o page 139. About registerig Symatec Sca Egie You must register at least oe Symatec Sca Egie to provide the virus scaig for each EMC Celerra Network Server i the group. I a typical eviromet, a miimum of two sca egies is required to hadle sca volume. Havig oe sca egie ca cause deial-of-file access i case the sca egie does ot respod or is ot available. EMC Celerra Network Server hadles load balacig across multiple sca egies ad Celerra Ati Virus Agets automatically. Note: You do ot eed to register the same sca egie to each EMC Celerra Network Server i the group. You ca register differet sca egies to differet EMC Celerra Network Servers i the group. All of the sca egies i the same group must have idetical cofiguratios. Register Symatec Sca Egie by editig the addr parameter i the viruschecker.cof file o EMC Celerra Network Server. The viruschecker.cof file cotais the virus checkig parameters for each EMC Celerra Network Server i the group. You must provide the IP address or Fully Qualified Domai Name (FQDN) of the sca egie i the format addr=10.217.1.195 i the viruschecker.cof file o the Celerra Data Mover. Use colos to separate IP addresses of multiple sca egies, if ay. About cofigurig virus scaig o EMC Celerra Network Server You must cofigure virus scaig (or the Virus-checkig cliet) for each EMC Celerra Network Server. The Virus-checkig cliet is the aget compoet o EMC Celerra Network Server. The VC cliet queues file ames to the Celerra Ati Virus Aget for scaig. You cofigure the virus sca fuctioality (the Virus-checkig cliet) by settig certai virus checkig parameters i the viruschecker.cof file.
138 Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig EMC Celerra Network Server Table 8-2 describes some parameters that you should cofigure i the viruschecker.cof file for virus sca fuctioality. Table 8-2 Parameter masks= excl= addr= maxsize=<> Viruschecker.cof file parameters Descriptio Specify the file types to be passed to Symatec Sca Egie for scaig. This parameter defies the iclusio list. masks=*.* scas all files. Scaig all files regardless of type is the most secure settig, but it imposes the heaviest demad o resources. The recommeded settig is to pass all file types to the sca egie except those that are cotaied i the exclusio list. Specify the file types that should ot be passed to Symatec Sca Egie for scaig. This parameter defies the exclusio list. This settig is similar to the Files to sca settig o Symatec Sca Egie. You must cofigure this settig o both EMC Celerra Network Server ad Symatec Sca Egie. Specify the IP address or FQDN of each sca egie to be used for scaig. Eter the IP addresses separated by colos, if there are multiple sca egies. Specify a upper limit for the size of files to be scaed. The file size is etered as a hexadecimal umber with a prefix of 0x. Although you ca choose a file size up to 0xFFFFFFFF (4 GB), Symatec Sca Egie ca sca a maximum file size of 2047 MB (or 2 GB). If the maxsize parameter is ot set or is equal to 0, the there is o limit to the maximum file size. highwatermark=<> lowwatermark=<> Specify the upper limit for the umber of sca requests occurrig cocurretly. Oce this limit is reached, a log evet is set to EMC Celerra Network Server. The default value is 200. Specify the lower limit for the umber of sca requests occurrig cocurretly. If the umber of sca requests goes below the lowwatermark value, a log evet is set to EMC Celerra Network Server. The default value is 50.
Cofigurig Symatec AtiVirus for EMC Celerra Network Server About cofigurig EMC Celerra Network Server 139 Table 8-2 Parameter surveytime=<> Viruschecker.cof file parameters Descriptio Specify (i secods) the iterval at which registered sca egies are cotacted to cofirm their status. This parameter works i cojuctio with the shutdow parameter ad will trigger a shutdow if o sca egie is available. The default value is 60. shutdow= Specify the shutdow actio to take if o sca egie is available. shutdow=o: Cotact the list of registered sca egies cotiuously eve if sca egies are ot available. This is the default optio. shutdow=viruscheckig: Stop the virus checkig fuctioality if there are o available sca egies. shutdow=cifs: Stops CIFS so that cliets are deied access to EMC Celerra Network Server. After cofigurig the virus checkig parameters i the viruschecker.cof file, copy the file to the correct directory i EMC Celerra Network Server ad to each EMC Celerra Network Server i the group. For more iformatio, see the appropriate EMC Celerra documetatio. Note: The virus sca fuctioality for each EMC Celerra Network Server i a group must be cofigured idetically to avoid icosistecy. The sca results ad repair results for ifected files will be icosistet if the settigs differ for each EMC Celerra Network server i the group. Thus, it is ecessary that the same viruschecker.cof file be copied to the correct directory ad to each EMC Celerra Network Server i the group. Istall the Celerra Ati Virus Aget o each server that fuctios as the sca egie i the domai. For more iformatio o istallig the Celerra Ati Virus Aget, see the appropriate EMC Celerra documetatio. About startig the Virus-checkig cliet After the Celerra Ati Virus Aget is istalled ad cofigured, use the server_setup commad at the Cotrol Statio o each EMC Celerra Network Server to start the VC cliet. The VC cliet queues file ames to the Celerra Ati
140 Cofigurig Symatec AtiVirus for EMC Celerra Network Server Kow issue with EMC Celerra Network Server Virus Aget for scaig. The VC cliet also iforms Symatec Sca Egie what should be doe with a ifected file, based o user- cofigured optios. About executig a full file system sca You ca execute a full file system sca by ruig the server_viruschk -fssca commad o the Cotrol Statio o EMC Celerra Network Server. However, the Celerra Ati Virus Aget must be eabled ad ruig for this fuctio to occur. You ca equire about the status of the sca while the sca is i progress. You ca stop the full file system sca as well. For more iformatio, see the appropriate EMC Celerra documetatio. Kow issue with EMC Celerra Network Server Whe oe of the registered Symatec Sca Egies are available, sca requests are queued util a sca egie is available.the sca egies are cotacted, by default, every 60 secods to determie their status. You ca cofigure the shutdow= parameter i the viruschecker.cof file to defie the shutdow actio to take whe o registered Symatec Sca Egie is available. The shutdow=o cofiguratio achieves cotiuous file access eve if oe of the registered Symatec Sca Egies are available. Select the optio of shutdow=cifs to dey users ay access to CIFS shares if o sca egie is available. See Viruschecker.cof file parameters o page 138. Recommedatios while itegratig multiple sca egies The recommedatios while itegratig multiple sca egies with EMC Celerra Network Server are as follows: Cofigure the settigs o each Symatec Sca Egie to be idetical. Schedule LiveUpdate ad Rapid Release to occur at the same time o all of the sca egies. This esures that virus defiitios are cosistet. Cofigure the virus sca fuctioality to be idetical for each EMC Celerra Network Server i a group to avoid icosistecy. The sca results ad repair results for ifected files will be icosistet if the settigs differ for each appliace i a group. Delete the IP address of the sca egie (that is beig removed) from the viruschecker.cof file before shuttig dow the Celerra Ati Virus Aget.
Idex A ativirus sca policy cofigure 33, 89 RPC optio 32 sca ad repair files 32 sca ad repair or delete 32 sca oly 32 ativirus scaig 17 ativirus update otificatio automatic 32 B Bloodhoud 18 BlueArc Storage System 13 BlueArc Storage System 13 BlueArc Storage System ad Hitachi Highperformace NAS Platform activate virus scaig 98 add ativirus scaig 82 ativirus sca policy 88 automatically sed ativirus update otificatios 88 check RPC coectio 87 cofigurig for virus scaig 97 cofigurig sca egie 86 coectig to Symatec Sca Egie 83 edit NAS Server list 88 editig service startup properties 86 eable virus scaig 98 file scaig 83 file type scaig 83 firmware versio 85, 97 full file system sca 99 hadlig ifected files 84 maximum umber of recoect attempts 88 overview of virus scaig 82 protocol 82 quaratiig ifected files 91 registered virus scaers 98 reset defaults 99 RPC 86 RPC cliet list 87 sca all file types 99 software compoets 82 specify file extesios 98 specifyig files to sca 92 system requiremets 85 uavailable sca egies 99 uresposive sca egies 99 user otificatio of ifectio foud 84, 90 verify sca egie registratio 98 C CAVA 124 CAVA sizig tool 124 Celerra Ati Virus Aget istallig 136 sedig files for scaig 131 virus-checkig rights 136 Celerra Network Server 13, 14 CIFS 26, 102 Commo Iteret File System 26, 102 cofigure AtiVirus setup scree 61 coector about 12, 13 cotaier files 17 cotaier hadlig limits 57, 75, 133 D Data ONTAP 26, 29, 42 decomposer 17 deial-of-file access 137 deial-of-service attack 17, 57, 75 documetatio Symatec AtiVirus for Network Attached Storage Itegratio Guide 14 Symatec Sca Egie Implemetatio Guide 14
142 Idex E embedded files specify for scaig 37 EMC Celerra Network Server 13, 14 EMC Celerra Network Server add ativirus scaig 124 addr parameter 137 CAVA 124 CAVA calculator 124 CAVA sizig tool 124 Celerra Ati Virus Aget 124 cofigure virus scaig 136, 137 excl parameter 126 exclusio list 126 file access time 125 file scaig 125 ICAP 124 iclusio list 126 masks parameter 126 ative protocol 124 overview of virus scaig 124 parameters 138 protocol 124 protocol ad supported versio 14 registerig Symatec Sca Egie 137 SAV for NAS supported 13 scaig overview 124 sca-o-read 125 server_viruschk 125 specify file types 126 specifyig files to sca 131 VC cliet 124 virus checker cofiguratio file 126 virus scaig commads 125 viruschecker.cof 126, 137 Virus-checkig cliet 124 eable Widows messeger loggig 36, 91 evet security level 35 excl= 126 exclusio list 126 F file access time 125 file attachmets 57, 75 file extesio exclude list 56, 73 file extesio exclusio list 38, 93, 131 file type exclude list 56, 73 file type exclusio list 39, 94, 132 file types sca procedure 55, 73, 131 file types to be scaed BlueArc Storage System ad Hitachi Highperformace NAS Platform 92 EMC Celerra Network Server 131 NetApp Filer 37 Su Storage 7000 Series 72 Su StorageTek 5000 NAS Appliace 55 H Hitachi High-performace NAS Platform 13, 14 Hitachi Essetial NAS Platform 13 Hitachi High-performace NAS Platform 13, 14 I ICAP cofigure 52, 69 cofigure optios 105, 115 default protocol 30 optios 53, 70 ICAP optios bid address 53, 70, 129 complete list 53, 70 eable trickle 54, 71, 105, 115, 130 port umber 53, 70, 129 sca policy 53, 70, 129 time before trickle data starts 54, 71, 105, 115, 130 iclusio list 126 ifected file 32 ifected files 28, 103, 113 istallatio requiremets about 18 Liux 21, 102, 112 Solaris 20, 102, 112 Widows 19 Iteret Cotet Adaptatio Protocol 30 irreparable files 103, 113 L Liux system requiremets 21 LiveUpdate cofigurig Symatec Sca Egie 128
Idex 143 schedulig 40, 58, 75, 95 M malicious code 17 masks= 126 N NAS 49 NAVEX 18 NetApp Filer activate virus scaig 43 addig Symatec AtiVirus 25 backups 44 cache 34, 44 Commo Iteret File System 26, 102 cofigure 42, 120 cofigurig for virus scaig 42 cofigurig sca egie 30, 103, 113 Data ONTAP 26, 42 edit list 32 editig service startup properties 30 Network File System 26 overview of virus scaig 26, 102, 112 protocol 26, 102 protocol ad supported versio 14 quaratie 27, 102, 112 quaratiig ifected files 36 rollback 43 software compoets 25, 101, 111 specify file extesios 43 specifyig files to sca 37 Symatec AtiVirus supported 13 system requiremets 29 uresposive sca egies 44 user otificatio of ifectio foud 28, 35, 103 verify sca egie registratio 42 vsca 42 vsca extesios exclude add 43 vsca extesios exclude remove 43 vsca extesios iclude add 43 vsca extesios iclude remove 43 vsca extesios iclude reset 43 vsca off 43 vsca o 43 vsca optios madatory_sca 44 vsca optios timeout 44 wildcard extesio 43 Network Appliace Filer 13, 25 Network File System 26 NFS 26 otificatio message evet security level 35, 90 iformatio cotaied 35, 90 sca policy 90 sca rule 35 virus ame 35, 90 otificatio of ifectio foud BlueArc Storage System ad Hitachi Highperformace NAS Platform 84, 90 NetApp Filer 28, 35, 103 O ONStor EverON 13 P policy virus sca 11 polymorphic viruses 18 Q quaratie ativirus sca policy 32 how 127 irreparable file 27, 36, 102, 103, 112, 113 procedure 37, 92 RPC sca policy 37, 91 Symatec Cetral Quaratie 36 urepairable file 28, 91 quaratiig ifected files BlueArc Storage System ad Hitachi Highperformace NAS Platform 91 NetApp Filer 36 R Rapid Release automatic update 41, 59, 76, 96, 135 rollback vsca extesios iclude reset 43 RPC Ativirus sca policy 32 cliet list 31 cofigure 31, 87 hadlig ifected files 28, 84, 103, 113 recoect attempts 31 RPC cliet list 31, 104, 114
144 Idex RPC optios ativirus sca policy 88 automatically sed ativirus update otificatios 88 check RPC coectio 87 maximum umber of recoect attempts 88 RPC cliet list 87 RPC protocol NetApp Filer 26, 102 optios 31, 87 S sca ad repair files 32 sca ad repair or delete 32 sca oly 32 sca policy otificatio message 35 sca ad delete 51, 68, 127 sca ad repair files 51, 68, 127 sca ad repair or delete 51, 68, 127 sca oly 51, 68, 127 specify 51, 68 sca-o-read 125 server_viruschk 125 service startup properties BlueArc Storage System ad Hitachi Highperformace NAS Platform 86 edit for RPC 30, 86 NetApp Filer 30 software compoets about 12 BlueArc Storage System ad Hitachi Highperformace NAS Platform 82 NetApp Filer 25, 101, 111 Solaris system requiremets 20 Striker 18 Su Storage 7000 Series 13 StorageTek 5000 NAS Appliace 13 Su Storage 7000 Series cachig 67 cofigure virus scaig 78 cofigurig sca egie 69 file scaig 66 firmware versio 66 hadlig ifected files 68 ICAP 66 kow issues 80 protocol 66 registerig Symatec Sca Egie 78 scaig overview 66 software compoets 66 specify file types 67 specifyig files to sca 72 Symatec AtiVirus support 13 system requiremets 66 virus sca fuctioality 79 VSCAN 66 Su StorageTek 5000 NAS Appliace cachig 49 Commo Iteret File System (CIFS) 48 cofigure AtiVirus setup scree 61 cofigure virus scaig 60, 61 cofigurig sca egie 52, 128 file scaig 48 hadlig ifected files 51 ICAP 48 kow issues 63, 140 NAS Ati Virus Aget 48 protocol 48 registerig Symatec Sca Egie 60 scaig overview 48 software compoets 48 specify file types 49 specifyig files to sca 55 Symatec AtiVirus supported 13 system requiremets 48, 124 virus sca fuctioality 61 Symatec AtiVirus for Network Attached Storage documetatio 14 itegratio guide 15 software compoets 12 supported devices 13 Symatec ativirus techology Bloodhoud 18 examples 18 NAVEX 18 Striker 18 Symatec Cetral Quaratie 36, 91 Symatec Quaratie Server 127 Symatec Sca Egie about 12 admiistrative iterface 30 chage protocol 30, 86 cofigure 30 cofigure ICAP 52, 69
Idex 145 cofigurig for BlueArc Storage System ad Hitachi High-performace NAS Platform 86 cofigurig for EMC Celerra Network Server 128 cofigurig for NetApp Filer 30, 103, 113 cofigurig for Su Storage 7000 Series 69 cofigurig for Su StorageTek 5000 NAS Appliace 52 cotaier hadlig limits 57, 75, 133 default list 56, 74, 132 documetatio 15 eable Widows messeger loggig 36, 91 file extesio exclusio list 38 file type exclusio list 39 ICAP 30 ICAP optios 52, 69 ifected files 28, 103, 113 istallatio 18 Liux system requiremets 21, 102, 112 LiveUpdate 40, 58, 75, 95, 134 post-istallatio tasks 22 protocols 13 quaratie 27, 51, 102, 112, 127 Rapid Release 41, 59, 76, 96, 135 sca all files 38, 93 sca policy 51, 68, 126, 127 Solaris system requiremets 20, 102, 112 specify file types 50, 67 virus protectio 17 Widows system requiremets 19 Symatec Sca Egie Implemetatio Guide about 15 Symatec Security Respose about 18 ifected files 36, 91 website 18 T troja horses 17 U urepairable files 28 urepairable ifected file 36, 91 uresposive sca egies 44 virus defiitio date 85 heuristically detected 36, 91 otificatio 28, 84, 103 user idetificatio 28, 84, 103 virus checker cofiguratio file 126 virus defiitio automatic otificatio 34 automatic update 40, 58, 75, 95, 134 maual otificatio 35, 108, 118 ew 36, 91 otify NetApp Filer 34 o updatig 34 Rapid Release defiitios 41, 59, 76, 96, 135 virus defiitio date 29 virus protectio descriptio 17 for etwork attached storage 16 why 16 virus sca fuctioality 61, 79 virus sca policy 11 virus scaig add 12 vsca off 43 vsca o 43 viruschecker.cof 126, 137 viruschecker.cof file parameters 138 virus-checkig cliet about 124 specify file types 126 virus-checkig rights 136 VSCAN 66 vsca 42 vsca off 43 vsca o 43 vsca optios madatory_sca 44 vsca optios timeout 44 vsca reset 27 W wildcard extesio??? 43 Widows messeger service 35 Widows service startup properties 30, 86 V VC cliet 137
146 Idex