You have located an infected file on a shared storage location and would like to know why Scan Engine has not removed the threat.
This threat may of been detected whilst scanning the storage location with a file system Antivirus application (such as Symantec Endpoint Protection).
This can happen for various reasons including the following:
- The "Scan policy" setup in Scan Engine is set to "Scan and Repair", preventing Scan Engine offering a verdict to delete the file if the threat cannot be removed.
- Scan Engine's Virus definitions are out of date, possibly preventing Scan Engine from identifying a new type of threat.
- Virus Scanning is not enabled in Scan Engine.
- Scan Engine is configured to NOT scan the file type where a threat was found.
- Scan Engine is honoring the Read-Only attribute of the file, preventing the threat within the file being removed.
- Set the "Scan Policy" to "Scan and Delete". This will allow Scan Engine to delete the infected file if it is not repairable.
- Ensure that Scan Engine's Virus definitions are updated. Checking the "Enable scheduled LiveUpdate" option and setting the "LiveUpdate interval" to 2 hours will ensure Scan Engine is retrieving the latest Virus definitions.
- Ensure that the "Virus Scanning" option is enabled in Scan Engine. This option can be found under Policies -> Scanning in the web interface of Scan Engine.
- Check if Scan Engine is configured to scan the file type where the detection was found, this can be verified in the Policies -> Scanning page.
- Modify the HonorReadOnly command to overwrite the read-only setting so that Scan Engine can repair or delete infected read-only files.
This is mentioned in the following articles for both the EMC and Netapp filers.
How to configure SPE for NAS for use with NetApp Filer
https://knowledge.broadcom.com/external/article?articleId=152420
Applies To
- You are using Symantec Scan Engine in conjunction with a Netapp
- RPC or ICAP is the Communication Protocol selected in Scan Engine's configuration page