Configuring Symantec Protection Engine for Network Attached Storage. Dell FluidFS 5.0

Similar documents
Configuring Symantec Protection Engine for Network Attached Storage. Compuverde vnas Cluster

Configuring Symantec. device

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

Configuring Symantec AntiVirus for BlueArc Storage System

Antivirus Solution Guide. NetApp Clustered Data ONTAP 8.2.1

Configuring Symantec Protection Engine for Network Attached Storage 7.9 for Hitachi Unified and NAS Platforms

Configuring Symantec Protection Engine for Network Attached Storage 8.0 for NetApp Data ONTAP

Antivirus Solution Guide for Clustered Data ONTAP: Symantec

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Configuring Symantec Protection Engine for Network Attached Storage 7.9 for NetApp Data ONTAP

Symantec ediscovery Platform

Symantec Mail Security for Microsoft Exchange 7.9 Getting Started Guide

Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control 12.1.

Symantec Protection Center Getting Started Guide. Version 2.0

Office 365 Best Practices: Protocols

Partner Information. Integration Overview Authentication Methods Supported

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Veritas System Recovery 18 Management Solution Administrator's Guide

Altiris Software Management Solution 7.1 from Symantec User Guide

Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

Veritas NetBackup for Lotus Notes Administrator's Guide

IPv6 Classification. PacketShaper 11.8

Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection

Altiris Symantec Endpoint Protection Integration Component 7.1 SP1 Release Notes

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

Dell FluidFS Version 6.0. FS8600 Appliance. Firmware Update Guide

Symantec NetBackup for Lotus Notes Administrator's Guide. Release 7.6

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Veritas Data Insight Software Compatibility List 6.1.1

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Partner Information. Integration Overview. Remote Access Integration Architecture

Symantec Protection Engine for Cloud Services Getting Started Guide

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control. For Microsoft Windows

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Veritas System Recovery 16 Management Solution Administrator's Guide

FluidFS Antivirus Integration

Symantec pcanywhere 12.5 SP4 Release Notes

Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Blue Coat Security First Steps Solution for Controlling HTTPS

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Enterprise Vault.cloud Journaling Guide

Symantec System Recovery 2013 R2 Management Solution Administrator's Guide

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Blue Coat ProxySG First Steps Transparent Proxy Deployments SGOS 6.7

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Enterprise Security Manager Modules for Oracle Release Notes

Enterprise Vault.cloud Archive Migrator Guide. Archive Migrator versions 1.2 and 1.3

Symantec Workflow 7.1 MP1 Release Notes

Veritas Data Insight 6.1 Software Compatibility List 6.1

Altiris Client Management Suite 7.1 from Symantec User Guide

Dell PowerVault DL Backup to Disk Appliance and. Storage Provisioning Option

Symantec Enterprise Vault Technical Note

Veritas Desktop Agent for Mac Getting Started Guide

Veritas NetBackup for Microsoft Exchange Server Administrator s Guide

Patch Assessment Content Update Getting Started Guide for CCS 11.1.x and CCS 11.5.x

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Veritas Desktop and Laptop Option 9.2

Veritas NetBackup for SQLite Administrator's Guide

Veritas NetBackup Appliance Security Guide

Veritas NetBackup Copilot for Oracle Configuration Guide. Release 2.7.2

Reporting User's Guide

Veritas Desktop and Laptop Option Mac Getting Started Guide

Creating New MACHINEGUID and Disk UUID Using the PGPWdeUpdateMachineUUID.exe Utility

Symantec Desktop and Laptop Option 8.0 SP2. Symantec Desktop Agent for Mac. Getting Started Guide

Symantec Cloud Workload Protection on AWS Marketplace. Buyer's Guide for Getting Started

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Patch Assessment Content Update Getting Started Guide for CCS 12.0

Veritas Access Enterprise Vault Solutions Guide

Symantec Enterprise Vault

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Symantec Protection Engine for Cloud Services 7.9 Sizing Guide

Altiris IT Analytics Solution 7.1 from Symantec User Guide

Symantec Enterprise Vault

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

SIMATIC. Process Control System PCS 7 Symantec Endpoint Protection 11.0 Configuration. Using virus scanners 1. Configuration 2. Commissioning Manual

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Veritas NetBackup Copilot for Oracle Configuration Guide. Release 3.1 and 3.1.1

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Symantec ediscovery Platform

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Reference Book

Symantec Enterprise Vault

Symantec Enterprise Vault

Antivirus Solution Guide for Clustered Data ONTAP: Sophos

Veritas CommandCentral Enterprise Reporter Release Notes

Symantec Enterprise Vault Technical Note

GFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual

PGP NetShare FlexResponse Plug-In for Data Loss Prevention

Security Content Update Release Notes for CCS 12.x

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

Veritas NetBackup for Microsoft Exchange Server Administrator s Guide

Partner Management Console Administrator's Guide

Symantec Enterprise Vault Technical Note

PGP Viewer for ios. Administrator s Guide 1.0

Veritas NetBackup Copilot for Oracle Configuration Guide. Release 2.7.3

Transcription:

Configuring Symantec Protection Engine for Network Attached Storage Dell FluidFS 5.0

Contents Abstract... 2 About software component... 2 How does FluidFS antivirus protect data on FluidFS cluster... 2 Preparing for installation... 3 About XMLModifier tool... 3 XMLModifier options... 4 Parameters that require password encryption using the AES 256-bit method... 7 Configuring Symantec Protection Engine... 8 Configuring the ICAP-specific options... 8 About specifying which file types to scan on the protection engine... 9 Specifying which file types to scan... 10 About specifying container handling limits... 11 Scheduling LiveUpdate to update virus definitions automatically... 11 Configuring Rapid Release updates to occur automatically... 12 NAS antivirus server specifications... 13 Configuring antivirus scanning for FS8600 / File Component of SC70x0... 14 Configuring antivirus scanning... 14 Adding a NAS antivirus server... 14 Deleting an antivirus server... 14 Enabling antivirus scanning for a SMB share... 15 Allowing or denying access to files larger than the antivirus scanning file size threshold for a SMB share... 16 Changing the antivirus scanning file size threshold for a SMB share... 16 Including or excluding file extensions and directories in antivirus scanning for a SMB share... 16 Disabling antivirus scanning for a SMB share... 17 Viewing antivirus events... 18 Appendix... 18 Excluding files and directory paths from scans... 18 Supported antivirus applications... 18 Page 1 of 20

Abstract This document explains how to configure Dell FluidFS NAS for antivirus scanning capabilities using Symantec Protection Engine. This document is meant for users who are using Dell FluidFS version FS8600 / File Component of SC70x0 with Symantec Protection Engine version 7.8 About software component Symantec Protection Engine for Network Attached Storage provides virus scanning and repair capabilities for Dell FluidFS devices. Configure the following components to add antivirus scanning to Dell FluidFS devices: Symantec Protection Engine for Network Attached Storage version 7.8 Provides the virus scanning and repair services. Refer the Symantec Protection Engine for Network Attached Storage Implementation Guide for information on system requirements, installation, and configuration. Dell FluidFS version 5.0. The device is: o FS8600 / File Component of SC70x0 How does FluidFS antivirus protect data on FluidFS cluster The FluidFS cluster antivirus service provides real time antivirus scanning of files stored in SMB shares. The antivirus service applies only to SMB shares; NFS is not supported. The scan operation is transparent to the client, subject to the availability of an antivirus server. A file is scanned only when a client tries to open the file (not when an infected file is written, a file is opened to read/modify attributes, old files are opened for re write, and so on). The anti virus service consists of two components: One or more network accessible computers running Symantec Protection Engine, a thirdparty, ICAP enabled antivirus application that provides the antivirus scanning service to the FluidFS cluster. A FluidFS cluster anti virus scanning policy that specifies file extensions and directories to exclude from scans, an antivirus scanning file size threshold, and whether to allow or deny files larger than the file size threshold. When a SMB share client requests a file from the FluidFS cluster, the FluidFS cluster passes the file to Symantec Protection Engine for scanning and then takes one of the following actions: If the file is virus free, the FluidFS cluster permits client access. The FluidFS cluster does not scan that file again, providing it remains unmodified since the last check. If the file is infected, the FluidFS cluster denies client access. There is no indication to the client that the file is infected. The client experience is: o A file deletion returns a system specific ʺfile not foundʺ state for a missing file, depending on the client s computer. Page 2 of 20

o An access denial might be interpreted as a file permissions problem. Only storage administrators can recover an uninfected version of the file, or access and process the infected file. To gain access to an infected file, you must connect to the SMB share through another SMB share on which the antivirus service is disabled. Otherwise, the FluidFS cluster recognizes the file as infected, and denies access. You may also access the file through an NFS export, because NFS does not support antivirus. File transfers between the FluidFS cluster and the antivirus server are not encrypted. Therefore, Dell recommends protecting/restricting the communication. Preparing for installation The computer on which you plan to install Symantec Protection Engine must meet the system requirements that are listed in the Symantec Protection Engine for Network Attached Storage Implementation Guide. After you have installed Symantec Protection Engine, configure the virus scanning functionality on FluidFS. About XMLModifier tool Symantec Protection Engine 7.8 does not have the user interface. You must use the XML modifier command-line tool to configure and administrate all tasks in the Symantec Protection Engine. You can configure the Symantec Protection Engine options by modifying the data in the XML files. The XML files that you can modify are as follows: Option configuration.xml Description Contains the protocol settings, resource settings, logging setting, quarantine server setting, and proxy server settings., scanning functionality is unavailable. filtering.xml liveupdate.xml policy.xml Contains the settings for URL filtering, container limits and container handling, and file attribute and email attribute handling. Contains the LiveUpdate and Rapid Release options Contains an antivirus scan setting, Insight settings, APK reputation settings, and access-denied and notification messages. Page 3 of 20

Following are the two XML modifier command-line tools for Symantec Protection Engine: XMLModifier.exe A tool used on Windows platforms to modify the XML files. Xmlmodifier A tool used on Linux platforms to modify the XML files Always run the XMLModifier utility from the installation directory. After you change the settings by using the XMLModifier utility, you must stop and start the Symantec Protection Engine service for the changes to take effect. XMLModifier options Use the XML modifier command-line tool of Symantec Protection Engine to modify the XML files. Note: For boolean values, allowed and recommended values are true or false. Following table provides the option commands that you can use with the XML modifier commandline tool of Symantec Protection Engine. Option name Remove Description If the XPath specifies an attribute, then that attribute is set to an empty string. If the XPath specifies a group, then the items within that group are removed. If you want to populate a list within the XML document with new items, first remove the whole list. For Windows: XMLModifier.exe -r <Xpath> <XMLfile> For Linux: xmlmodifier r <Xpath> <XMLfile> where <XPath> is the required XPath and <XMLfile> is the XML file name. Bulk copy Use the bulk copy command to insert a list of items that are stored at the XPath. Each item is separated as a new line. The bulk copy command appends the bulk file to the XPath location. Only use this command to insert lists. Each entry must be on a separate line. For Windows: XMLModifier.exe -b <Xpath> bulkfile <XMLfile> For Linux: xmlmodifier -b <XPath> bulkfile <XMLfile> where <bulkfile> is a flat file where <XPath> is the required XPath and <XMLfile> is the XML file name. Page 4 of 20

Node value This command sets a node value. For Windows: XMLModifier.exe -s XPath <value> <XMLfile> For Linux: xmlmodifier -s <XPath> <value> <XMLfile> where <XPath> is the required XPath and <XMLfile> is the XML file name. where value is the permissible value for the particular node For example: xmlmodifier -s //policies/threatpolicies/antivirusscanning/@enabled true policy.xml Encrypt the password (using the AES 256-bit encryption method) and store in specified XPath location This command encrypts the specified password using the AES 256-bit encryption method and stores it in the specified XPath location. However, only certain parameters support this encryption method in Symantec Protection Engine. Table 1-2 lists the parameters that are encrypted using this method For Windows: XMLModifier.exe -k <XPath> <password> <SPE install directory> <XMLfile> For Linux: xmlmodifier -k <XPath> <password> <SPE install directory> <XMLfile> where <XPath> is the required XPath, <password> is your password, <SPE install directory> is the path to the installation directory, and <XMLfile> is the XML file name. Note: Make sure the path to the Symantec Protection Engine installation directory does not end with /. Query This command returns the value of the node in the XML document with no newline. For Windows: XMLModifier.exe -q <XPath> <XMLfile> For Linux: xmlmodifier -q <XPath> <XMLfile> where <XPath> is the required XPath and <XMLfile> is the XML file name. Query list This command returns the list of values of the node in the XML document with a newline. The l is lowercase, as in list. For Windows: XMLModifier.exe -l <Xpath> <XMLfile> For Linux: xmlmodifier -l <Xpath> <XMLfile> Page 5 of 20

where <XPath> is the required XPath and <XMLfile> is the XML file name. Create a new entry in the RPC client list This command adds a single network attached storage device in the RPC client list. For Windows: XMLModifier.exe c //configuration/protocolsettings/rpc/clientlist/items <IP Address of RPC Client / NAS Device> configuration.xml For Linux: xmlmodifier c //configuration/protocolsettings/rpc/clientlist/items <IP Address of RPC Client / NAS Device> configuration.xml Note: To list or remove the complete RPC client list, use the -l and -r option respectively. XMLModifier.exe l //configuration/protocolsettings/rpc/clientlist/items configuration.xml XMLModifier.exe r //configuration/protocolsettings/rpc/clientlist/items configuration.xml Add local URL categories This command adds local URL categories. For Windows: XMLModifier.exe -a <urlcategory1 urlcategory2..> For Linux: xmlmodifier -a <urlcategory1 urlcategory2..> where <urlcategory> is the local URL category. Delete local URL categories This command deletes local URL categories. For Windows: XMLModifier.exe -d <urlcategory1 urlcategory2..> For Linux: xmlmodifier -d <urlcategory1 urlcategory2..> where <urlcategory> is the local URL category Add URL(s) to local URL category This command adds URL(s) to local URL category. For Windows: XMLModifier.exe -u <urlcategory url1 url2..> For Linux: xmlmodifier -u <urlcategory url1 url2..> where <url> is the url to be added and <urlcategory> is the local URL category. Delete URL(s) from local URL This command deletes URL(s) from the local URL category. Page 6 of 20

category For Windows: XMLModifier.exe -v <urlcategory url1 url2..> For Linux: xmlmodifier -v <urlcategory url1 url2..> where <url> is the url to be deleted and <urlcategory> is the local URL category. Add URL(s) to URL Override List This command adds URL(s) to URL Override List For Windows: XMLModifier.exe -o <url1 url2..> For Linux: xmlmodifier -o <url1 url2..> where <url> is the url to be added. Delete URL(s) from URL Override List This command deletes the URL(s) from the URL Override List. For Windows: XMLModifier.exe -i <url1 url2..> For Linux: xmlmodifier -i <url1 url2..> where <url> is the url to be deleted. Parameters that require password encryption using the AES 256-bit method Parameter name XPath Configuration file name Proxy Server Password LiveUpdate Server Rapid release FTP Password /configuration/proxyserversettings/password/@value /liveupdate/updateserver/password/@value /liveupdate/rapidrelease/ftpsettings/password/@value configuration.xml liveupdate.xml liveupdate.xml Note: The XMLModifier utility has a dependency on the libxml2 library. If this library is not found, the utility may throw an error. The libxml2 library is already present in the installation directory. However, if the XMLModifier utility is still unable to find the library on UNIX machines, you can add the path, /opt/symcscan/bin, to the LD_LIBRARY_PATH environment variable. Page 7 of 20

Configuring Symantec Protection Engine You must configure several settings on each Symantec Protection Engine that is used to support scanning for FluidFS. Note: If you use multiple protection engines to support scanning, the configuration settings on each protection engine must be identical. LiveUpdate must scheduled to occur at the same time on all protection engines so that virus definitions are consistent at all times. The protection engine must be configured to use ICAP as the communication protocol. ICAP is the default protocol at installation. After you have selected ICAP, you must configure the ICAP-specific options. Configuring the ICAP-specific options If you select ICAP, you must configure certain options specific to ICAP. You must also configure the ICAP client to work with Symantec Protection Engine. For more information, see the Symantec Protection Engine for Network Attached Storage Implementation Guide. Table 1 describes the protocol-specific options for ICAP. Table 1: Protocol-specific options for ICAP Option Bind address Description Symantec Protection Engine detects all the available IP addresses that are installed on the host. By default, Symantec Protection Engine accepts scanning requests on (binds to) all of the scanning IP addresses that it detects. You can configure up to 64 IP addresses as scanning IP addresses. You can specify whether you want Symantec Protection Engine to bind to all of the IP addresses that it detects, or you can restrict access to one or more interfaces. If you do not specify at least one IP address, Symantec Protection Engine binds to all of the scanning IP addresses that it detects. If Symantec Protection Engine fails to bind to any of the selected IP addresses, an event is written to the log as a critical error. Even if Symantec Protection Engine is unable to bind to any IP address, you can access the console. However, scanning functionality is unavailable. Note: You can use 127.0.0.1 (the loopback interface) to let only the clients that are running on the same computer connect to Symantec Protection Engine. Port number The port number must be exclusive to Symantec Protection Engine. For ICAP, the default port number is 1344. If you change the port number, use a number greater than 1024 that is not in use by any other program or service. To configure the ICAP-specific options: 1. Go to the Symantec Protection Engine installation directory. 2. Set the ICAP protocol. Page 8 of 20

Command: xmlmodifier -s //configuration/protocolsettings/protocol/@value ICAP configuration.xml Allowed values: ICAP Enables the ICAP protocol. RPC Enables the RPC protocol. Default value: ICAP 3. Specify the Bind address. Command: xmlmodifier s //configuration/protocolsettings/icap/bindaddress/@value <value> configuration.xml Allowed values: Scanning IP addresses that you want to bind to Symantec Protection Engine. Default value: Symantec Protection Engine binds to all interfaces. 4. Specify the port number that the client application uses to pass files to Symantec Protection Engine for scanning. Command: xmlmodifier -s //configuration/protocolsettings/icap/port/@value <value> configuration.xml Allowed values: 0 to 65535 Default value: 1344 5. Restart the Symantec Protection Engine service. About specifying which file types to scan on the protection engine The settings on Symantec Protection Engine must be configured to specify the types of files to be scanned for viruses. The scan policy on the protection engine determines which files it should scan from FluidFS. The scanned files are those contained in archive or container file formats. You can control which embedded files are scanned by using an extension or type exclusion list, or you can scan all files regardless of extension and type. A prepopulated extension and type exclusion list exists that you can modify. Symantec Protection Engine is configured by default to scan all files. For more information, see the Symantec Protection Engine for Network Attached Storage Implementation Guide. Page 9 of 20

Specifying which file types to scan You can control which file types are scanned by specifying those extensions that you want to exclude from scanning, or you can scan all files regardless of extension. To scan all files except for those that are in the file extension exclusion list: 1. Go to the Symantec Protection Engine installation directory. 2. Enable extension policy to scan all files except those in the extension or type exclude lists. Command: xmlmodifier -s //policies/threatpolicies/extensionpolicy/@value 2 policy.xml Allowed values: 0 2 Disable Exclude the files with below extension from AV scanning. Default value: 0 3. You can add or remove any file extension that you want to exclude form AV scanning at the below XPath in the policy.xml file. XPath: //policies/threatpolicies/excludelist Allowed values: You can add any file extension to the file extension exclude list (file extensions must begin with a period). 4. Restart the Symantec Protection Engine service. To scan all file types except those in the file type exclusion list: 1. Go to the Symantec Protection Engine installation directory. 2. Enable extension policy to scan all files except those in the extension or type exclude lists. Command: xmlmodifier -s //policies/threatpolicies/extensionpolicy/@value 2 policy.xml Allowed values: 0 2 Disable Exclude the files with below extension from AV scanning. Page 10 of 20

Default value: 0 3. You can add or remove entries in the file type exclude list in the policy.xml at the below XPath: XPath: xmlmodifier -c //policies/threatpolicies/ MIMEExcludeList/items <value> policy.xml Allowed values: Valid MIME file type 4. Restart the Symantec Protection Engine service. About specifying container handling limits File attachments that consist of container files can overload the system and cause denial-of-service attacks. They can be overly large, contain large numbers of embedded, compressed files, or be designed to maliciously use resources and degrade performance. Symantec Protection Engine can be configured to impose limits on how container files are handled. This reduces the exposure of the network to denial-of-service attacks. You can specify the following limits for handling container files: The maximum amount of time, in seconds, that is spent decomposing a container file and its contents This setting does not apply to.hqx or.amg files. The maximum file size, in megabytes, for the individual files that are in a container file. The maximum number of nested levels to decompose for scanning. The maximum number of bytes that are read when determining whether a file is MIMEencoded. You can specify whether to allow or deny access to the file if any of these specified limits is met or exceeded. Symantec Protection Engine blocks container files based on their type, because only certain file types contain virus or malicious code. You can configure Symantec Protection Engine to block partial container files, malformed container files, and encrypted container files as well. For more information on container handling limits, see the Symantec Protection Engine for Network Attached Storage Implementation Guide. Scheduling LiveUpdate to update virus definitions automatically Scheduling LiveUpdate to occur automatically at a specified time interval ensures that Symantec Protection Engine always has the most current virus definitions. Schedule LiveUpdate to occur at the same time for each protection engine if you use multiple scanprotectionengines to support virus scanning. This scheduling ensures that all protection engines have the same version of virus definitions. Having the same version of virus definitions is necessary for proper functioning of virus scanning on the FluidFS device. You must schedule LiveUpdate on each Symantec Protection Engine. When LiveUpdate is scheduled, LiveUpdate runs at the specified time interval relative to the LiveUpdate base time. The default LiveUpdate base time is the time that the protection engine was installed. You can change the LiveUpdate base time. If you change the scheduled LiveUpdate interval, the interval adjusts based on the LiveUpdate base time. Page 11 of 20

To schedule LiveUpdate to update virus definitions automatically: 1. Go to the Symantec Protection Engine installation directory. 2. Enable LiveUpdate schedule. Command: xmlmodifier -s //liveupdate/schedule/@enabled true liveupdate.xml Allowed values: true Enables LiveUpdate. false Disables LiveUpdate. Default value: true 3. In the LiveUpdate interval list, select the interval. Command: xmlmodifier -s //liveupdate/schedule/interval/@value <value> liveupdate.xml Allowed values: Time in seconds Default value: 7200 4. Restart the Symantec Protection Engine service. Configuring Rapid Release updates to occur automatically You can configure Symantec Protection Engine to obtain uncertified definition updates with Rapid Release. You can configure Symantec Protection Engine to retrieve Rapid Release definitions every 5 minutes to every 120 minutes. Rapid Release definitions are created when a new threat is discovered. Rapid Release definitions undergo basic quality assurance tests by Symantec Security Response. However, they do not undergo the intense testing that is required for a LiveUpdate release. Symantec updates Rapid Release definitions as needed to respond to high-level outbreaks. Warning: Rapid Release definitions do not undergo the same rigorous quality assurance tests as LiveUpdate and Intelligent Updater definitions. Symantec encourages users to rely on the full quality-assurance-tested definitions whenever possible. Ensure that you deploy Rapid Release definitions to a test environment before you install them on your network. If you use a proxy or firewall that blocks FTP communications, the Rapid Release feature does not function. Your environment must allow FTP traffic for the FTP session to succeed. You can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that Symantec Protection Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default. Page 12 of 20

Configuring Rapid Release updates to occur automatically 1. Go to the Symantec Protection Engine installation directory. 2. Configure Rapid Release updates to occur automatically. Command: xmlmodifier -s //liveupdate/rapidrelease/schedule/@enabled true liveupdate.xml Allowed values: true Enables Rapid Release updates. false Disables Rapid Release updates. Default value: false 3. In the Rapid Release interval specify the interval between which you want Symantec Protection Engine to download Rapid Release definitions. Command: xmlmodifier -s //liveupdate/rapidrelease/schedule/interval/@value <value> liveupdate.xml Allowed values: You can select any number between 5 minutes and 120 minutes. Default value: 30 4. Restart the Symantec Protection Engine service. About configuring the virus scan functionality on FluidFS 5.0 After you have installed and configured Symantec Protection Engine, configure the virus scanning functionality on FluidFS. NAS antivirus server specifications The following requirements apply for antivirus servers: You must have a system (Cluster) with FluidFS V5 or later installed. Note: Make sure that you are not using any earlier version of FluidFS. The server hosting Symantec Protection Engine must be accessible by the network. Dell recommends that the server be located on the same subnet as the NAS cluster. The server must run certified ICAP-enabled antivirus software such as Symantec Protection Engine. For more information on system requirements for Symantec Protection Engine, see the Symantec Protection Engine for Network Attached Storage Implementation Guide. Page 13 of 20

Configuring antivirus scanning for FS8600 / File Component of SC70x0 Before you configure antivirus scanning, you may want to understand How does FluidFS antivirus protect data. See Excluding files and directory paths from scans and Supported antivirus applications for more information. Configuring antivirus scanning To perform antivirus scanning, you must add an anti virus server and then enable antivirus scanning on a per SMB share basis. Adding a NAS antivirus server Add one or more antivirus servers. Dell recommends adding multiple antivirus servers to achieve high availability of virus scanning, and reduce the latencies for file access. NAS antivirus allocates scanning operations to the antivirus servers to maximize the available scanning bandwidth. The fewer the available antivirus servers, the more time required to scan files. Prerequisites The anti virus server must be network accessible. Dell recommends that the server is located on the same subnet as the FluidFS cluster. The antivirus server must run a supported ICAP enabled antivirus application such as Symantec Protection Engine. The antivirus server must be present and working. If no server is available, file access is denied to clients. Steps 1. Start the Dell Storage Manager and click the Storage view. 2. In the Storage pane, select a FluidFS cluster. 3. Click the File System tab. 4. In the File System tab navigation pane, go to Environment Data Protection. 5. In the right pane, click the AntiVirus tab. 6. Click Add AntiVirus Scanner. The Add AntiVirus Scanner dialog appears. 7. In the Name field, type the host name or IP address of the antivirus server. 8. In the Port field, type the port that the FluidFS cluster uses to connect to the antivirus server. 9. Click OK. Deleting an antivirus server Delete an antivirus server when it is no longer available. Prerequisites If you have only one antivirus server, you cannot delete that server until you first disable antivirus scanning on all SMB shares. Page 14 of 20

Steps 1. Start the Dell Storage Manager and click the Storage view. 2. In the Storage pane, select a FluidFS cluster. 3. Click the File System tab. 4. In the File System tab navigation pane, go to Environment Data Protection. 5. In the right pane, click the AntiVirus tab. 6. Select an antivirus server and click Delete. The Delete dialog appears. 7. Click OK. Enabling antivirus scanning for a SMB share Antivirus scanning is enabled on a per SMB share basis. Prerequisites You must configure antivirus servers before enabling antivirus scanning for a SMB share. Steps 1. Start the Dell Storage Manager and click the Storage view. 2. In the Storage pane, select a FluidFS cluster. 3. Click the File System tab. 4. In the File System tab navigation pane, select SMB shares. 5. In the right pane, select a SMB share and click Edit Settings. The Edit Settings dialog box appears. 6. On the left pane choose Antivirus Scanners and then select Virus Scan check box. 7. Select the Virus Scan check box. 8. (Optional) Configure the remaining antivirus scanning attributes as needed. These options are described in the online help. To deny access to files larger than the specified antivirus scanning file size threshold, select the Deny access to large un-scanned file check box. To change the maximum size of files that are included in antivirus scanning, type a size in the Do not scan files larger than field in kilobytes (KB), megabytes (MB), gigabytes (GB), or terabytes (TB). To exempt file extensions from antivirus scanning, select the File Extension Filtering check box and specify the extensions in the File Extensions list. To exempt directories from antivirus scanning, select the Folders Filtering check box and specify the directories in the Folders list. 9. Click OK. Page 15 of 20

Allowing or denying access to files larger than the antivirus scanning file size threshold for a SMB share Specify whether to allow or deny access to files that are larger than the specified antivirus scanning file size threshold for a SMB share. 1. Start the Dell Storage Manager and click the Storage view. 2. In the Storage pane, select a FluidFS cluster. 3. Click the File System tab. 4. In the File System tab navigation pane, select SMB shares. 5. In the right pane, select a SMB share and click Edit Settings. The Edit Settings dialog box appears, go to Antivirus Scanners on the right pane 6. Allow or deny access to files larger than the antivirus scanning file size threshold. To allow access to files larger than the antivirus scanning file size threshold, clear the Deny Access to large un-scanned file check box. To deny access to files larger than the antivirus scanning file size threshold, select the Deny Access to large un-scanned file check box. 7. Click OK. Changing the antivirus scanning file size threshold for a SMB share Change the maximum size of files that are included in antivirus scanning for a SMB share. 1. Start the Dell Storage Manager and click the Storage view. 2. In the Storage pane, select a FluidFS cluster. 3. Click the File System tab. 4. In the File System tab navigation pane, select SMB shares. 5. In the right pane, select a SMB share and click Edit Settings. The Edit Settings dialog box appears, go to Antivirus Scanners on the right pane 6. In the Do not scan files larger then field, type a file size in kilobytes (KB), megabytes (MB), gigabytes (GB), or terabytes (TB). 7. Click OK. Including or excluding file extensions and directories in antivirus scanning for a SMB share Specify whether to perform antivirus scanning for all file extensions and directories for a SMB share, or exempt some file extensions and directories from antivirus scanning. 1. Start the Dell Storage Manager and click the Storage view. 2. In the Storage pane, select a FluidFS cluster. 3. Click the File System tab. Page 16 of 20

4. In the File System tab navigation pane, select SMB shares. 5. In the right pane, select a SMB share and click Edit Settings. The Edit Settings dialog box appears, go to Antivirus Scanners on the right pane 6. Specify whether to perform antivirus scanning for all file extensions or exempt the specified file extensions from antivirus scanning. To perform antivirus scanning for all file extensions, clear the File Extension Filtering check box. To exempt the specified file extensions from antivirus scanning, select the File Extension Filtering check box. 7. To specify file extensions to exempt from antivirus scanning, add or remove file extensions in the antivirus scanning exemption list. To add a file extension to the antivirus scanning exemption list, type a file extension (for example, docx) in the File Extensions text field and click Add. To remove a file extension from the antivirus scanning exemption list, select a file extension and click Remove. 8. Specify whether to perform antivirus scanning for all directories or exempt the specified directories from antivirus scanning. To perform antivirus scanning for all directories, clear the Folders Filtering check box. To exempt the specified directories from antivirus scanning, select the Folders Filtering check box. 9. To specify directories to exempt from antivirus scanning, add or remove directories in the antivirus scanning exemption list. To add a directory to the antivirus scanning exemption list, type a directory (for example, /folder/subfolder) in the Folders text field and click Add. To remove a directory from the antivirus scanning exemption list, select a directory and click Remove. 10. Click OK. Disabling antivirus scanning for a SMB share Antivirus scanning is disabled on a per SMB share basis. 1. Start the Dell Storage Manager and click the Storage view. 2. In the Storage pane, select a FluidFS cluster. 3. Click the File System tab. 4. In the File System tab navigation pane, select SMB shares. 5. In the right pane, select a SMB share and click Edit Settings. The Edit Settings dialog box appears, go to Antivirus Scanners on the right pane. Page 17 of 20

6. Clear the Virus Scan check box. 7. Click OK. Viewing antivirus events 1. Events related to antivirus scanning can be viewed using Dell Storage Manager. 2. Start the Dell Storage Manager and click the Storage view. 3. In the Storage pane, select a FluidFS cluster. 4. In the right pane, click the Events tab. The antivirus scanning events are displayed. Appendix Excluding files and directory paths from scans You can control what files and directory paths are scanned as follows: Extensions excluded from scan: Specifies file extensions (file types) to exclude from scanning, such as docx. Directories excluded from scan: Specifies directory paths to exclude from scanning, such as /tmp/logs (alternatively, folders and sub folders). The wildcards * (asterisk) and? (question mark) are permitted when specifying directory paths, such as /user/*/tmp or /user/t?p. Supported antivirus applications For the latest list of supported antivirus applications, see the Dell Fluid File System Version 5.0 Support Matrix. Page 18 of 20

Copyright 2016 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Norton AntiVirus are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. Symantec Corporation 350, Ellis Street Mountain View, CA 94043 http://www.symantec.com Page 19 of 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback