Information is sought on configuration for using Symantec Antivirus (SAV) for Network Attached Storage (NAS) 5.x and Symantec Protection Engine for Network Attached Storage 7.x with Network Appliance (NetApp) Filer
For each Scan Engine you seek to register with a NetApp Filer:
Please test in a test lab and with limited deployments before proceeding to full production.
To set initial TCP stack settings within the Windows registry
To set the "Time to extract file meets or exceeds" value in the Scan Engine web interface
To set the HonorReadOnly flag to false within Symantec Scan Engine 5.x
To edit the service startup properties
To edit the list of NetApp Filers
To configure additional RPC-specific options
To automatically notify NetApp Filer when virus definitions are updated
To confirm that a particular SAV for NAS 5.2 or Protection Engine for NAS 7 registered with NetApp Filer
Note: should a number of "Access Denied" errors be observed from users trying to access files on the Filer, and a number of "Scan Errors" reported by Scan Engine, check the following article to ensure your Container Limits are set properly according to the environment:
The Implementation Guide contains additional information about notifying a requesting user that a virus was found, using Protection Engine for NAS with Symantec Central Quarantine, and specifying which embedded files to scan. The Protection Engine for NAS 7 Implementation Guide may be found here:
Additional information regarding NetApp Filer configuration is available within the SAVNAS5.1 Integration Guide and within the NetApp Filer documentation provided by Network Appliance.
About Container Handling limits
Most antivirus scanning products contain policies to limit the resources spent on scanning a single file. This prevents denial of service attacks with specially crafted malformed container files.
About 'Time to extract file meets or exceeds'
The timer for the 'Time to extract' setting begins when the actual scan of the file begins. This measure does not include time spent transmitting the scan request to Scan Engine, nor does it contain time spent in moving the file to the Scan Engine from the NetAppFiler or other device. Within the NetAppFiler settings, the scan timeout setting includes:
About 'Maximum extract depth'
This policy setting helps prevent 'zip of death' style denial of service attacks. A 'zip of death' denial of service attack is a .zip archive with directory pointers which form a circular structure, which may result in an attempt to extract the file forever. As this number is lowered, the maximum number of levels scanned within a container file will be lowered, resulting in a more rapid, but possibly less thorough scan. As this number is raised, conversely the maximum number of levels Scan Engine examines within a container will be raised, resulting in a slower, but more thorough scan. For initial testing, 5 to 10 levels will establish basic function. The maximum value for this setting is 1024. Tune this setting to meet the usage patterns of the environment.
By default, Scan Engine will not repair or delete infected files which have the Read Only file attribute set.
About Window 2003 Server default TCP stack settings
By default, Windows 2003 Server does not have a DWORD registry entry for TcpTimedWaitDelay, which defaults to a value of 420 seconds. When a TCP connection becomes unresponsive, Windows will therefore wait 420 seconds before releasing the connection to use. Also by default, Windows 2003 Server does not have a DWORD registry entry for MaxUserPorts, which defaults to 5000 available ports per user. In a high load environment, adjusting these values makes the server more responsive.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.