Create a Vscan configuration
POST /protocols/vscan
Introduced In: 9.6
Creates a Vscan configuration, which includes a list of scanner-pools, Vscan On-Access policies and Vscan On-Demand policies. Defines whether the Vscan configuration you create is enabled or disabled for a specified SVM.
Important notes:
-
You can enable only one Vscan configuration at a time for an SVM.
-
There needs to be at least one active scanner-pool and one enabled On-Access policy to enable Vscan successfully.
-
By default, a Vscan is enabled when it's created.
-
By default, the Vscan On-Access policies created from this endpoint are in the disabled state. You can use the On-Access policy PATCH endpoint to enable a particular On-Access policy. In ONTAP 9.6, only one Vscan On-Access policy can be enabled and only one Vscan On-Demand policy can be scheduled on an SVM.
Required properties
-
svm.uuid
orsvm.name
- Existing SVM in which to create the Vscan configuration.
Recommended optional properties
-
scanner_pools
- There must be at least one active scanner-pool for Vscan configuration. Created either through Vscan POST operation or scanner-pools POST operation.
Default property values
If not specified in POST, the following default property value is assigned:
-
enabled
- true
Related ONTAP commands
-
vserver vscan enable
-
vserver vscan scanner-pool create
-
vserver vscan scanner-pool apply-policy
-
vserver vscan scanner-pool servers add
-
vserver vscan scanner-pool privileged-users add
-
vserver vscan on-access-policy create
-
vserver vscan on-access-policy file-ext-to-exclude add
-
vserver vscan on-access-policy file-ext-to-include add
-
vserver vscan on-access-policy paths-to-exclude add
-
vserver vscan on-demand-task create
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
Name | Type | Description |
---|---|---|
_links |
||
cache_clear |
boolean |
Discards the cached information of the files that have been successfully scanned. Once the cache is cleared, files are scanned again when they are accessed. PATCH only |
enabled |
boolean |
Specifies whether or not Vscan is enabled on the SVM. |
on_access_policies |
array[vscan_on_access] |
|
on_demand_policies |
array[vscan_on_demand_policy] |
|
scanner_pools |
array[scanner_pool] |
|
svm |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"on_access_policies": [
{
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": 2147483648
}
}
],
"on_demand_policies": [
{
"log_path": "/vol0/report_dir",
"name": "task-1",
"scan_paths": [
"/vol1/",
"/vol2/cifs/"
],
"schedule": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "weekly",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"scope": {
"exclude_extensions": [
"mp3",
"mp4"
],
"exclude_paths": [
"/vol1/cold-files/",
"/vol1/cifs/names"
],
"include_extensions": [
"vmdk",
"mp*"
],
"max_file_size": 10737418240
}
}
],
"scanner_pools": [
{
"cluster": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "cluster1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"name": "scanner-1",
"privileged_users": [
"cifs\\u1",
"cifs\\u2"
],
"role": "string",
"servers": [
"1.1.1.1",
"10.72.204.27",
"vmwin204-27.fsct.nb"
]
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
Response
Status: 201, Created
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[vscan] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"on_access_policies": [
{
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": 2147483648
}
}
],
"on_demand_policies": [
{
"log_path": "/vol0/report_dir",
"name": "task-1",
"scan_paths": [
"/vol1/",
"/vol2/cifs/"
],
"schedule": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "weekly",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"scope": {
"exclude_extensions": [
"mp3",
"mp4"
],
"exclude_paths": [
"/vol1/cold-files/",
"/vol1/cifs/names"
],
"include_extensions": [
"vmdk",
"mp*"
],
"max_file_size": 10737418240
}
}
],
"scanner_pools": [
{
"cluster": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "cluster1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"name": "scanner-1",
"privileged_users": [
"cifs\\u1",
"cifs\\u2"
],
"role": "string",
"servers": [
"1.1.1.1",
"10.72.204.27",
"vmwin204-27.fsct.nb"
]
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
10027259 |
A scanner-pool, an On-Access policy, or an On-Demand policy might fail to get created due to either a systematic error or some hardware failure. The error code returned details the failure along with the reason for the failure. For example, if a scanner-pool fails due to an incorrect cluster name, then the error might read: "Failed to create scanner-pool "scanner-1". Reason: "Cluster uuid points to different cluster name instead of the cluster-name supplied.". Retry the operation." |
10027260 |
If a scanner-pool, an On-Access policy or an On-Demand policy specified in the input already exists, then a duplicate error is returned. For example, if a scanner-pool "scanner-1" already exists for an SVM and is again specified in the input, the error message will read: " Failed to create scanner-pool "scanner-1" as the specified entry already exists. Delete the entry and retry the POST operation." |
2621462 |
The specified SVM name is invalid |
2621706 |
The specified svm.uuid is either invalid or belongs to a different SVM |
10027015 |
Attempting to enable a Vscan but no active scanner-pool exists for the specified SVM |
10027011 |
Attempting to enable a Vscan for an SVM for which no CIFS server exists |
10027023 |
Attempting to enable a Vscan for an SVM for which no active Vscan On-Access policy exist |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
scope
Name | Type | Description |
---|---|---|
exclude_extensions |
array[string] |
List of file extensions for which scanning is not performed. |
exclude_paths |
array[string] |
List of file paths for which scanning must not be performed. |
include_extensions |
array[string] |
List of file extensions to be scanned. |
max_file_size |
integer |
Maximum file size, in bytes, allowed for scanning. |
only_execute_access |
boolean |
Scan only files opened with execute-access. |
scan_readonly_volumes |
boolean |
Specifies whether or not read-only volume can be scanned. |
scan_without_extension |
boolean |
Specifies whether or not files without any extension can be scanned. |
vscan_on_access
An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.
Name | Type | Description |
---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy ame |
scope |
schedule
Schedule of the task.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
Job schedule name |
uuid |
string |
Job schedule UUID |
scope
Name | Type | Description |
---|---|---|
exclude_extensions |
array[string] |
List of file extensions for which scanning is not performed. |
exclude_paths |
array[string] |
List of file paths for which scanning must not be performed. |
include_extensions |
array[string] |
List of file extensions to be scanned. |
max_file_size |
integer |
Maximum file size, in bytes, allowed for scanning. |
scan_without_extension |
boolean |
Specifies whether or not files without any extension can be scanned. |
vscan_on_demand_policy
Use On-Demand scanning to check files for viruses on a schedule. An On-Demand policy defines the scope of an On-Demand scan.
Name | Type | Description |
---|---|---|
log_path |
string |
The path from the Vserver root where the task report is created. |
name |
string |
On-Demand task name |
scan_paths |
array[string] |
List of paths that need to be scanned. |
schedule |
Schedule of the task. |
|
scope |
cluster_reference
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
|
uuid |
string |
scanner_pool
Scanner pool is a set of attributes which are used to validate and manage connections between clustered ONTAP and external virus-scanning server, or "Vscan server".
Name | Type | Description |
---|---|---|
cluster |
||
name |
string |
Specifies the name of the scanner pool. Scanner pool name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters a-z, A-Z, 0-9), "_", "-" and ".". |
privileged_users |
array[string] |
Specifies a list of privileged users. A valid form of privileged user-name is "domain-name\user-name". Privileged user-names are stored and treated as case-insensitive strings. Virus scanners must use one of the registered privileged users for connecting to clustered Data ONTAP for exchanging virus-scanning protocol messages and to access file for scanning, remedying and quarantining operations.
|
role |
string |
Specifies the role of the scanner pool. The possible values are:
|
servers |
array[string] |
Specifies a list of IP addresses or FQDN for each Vscan server host names which are allowed to connect to clustered ONTAP.
|
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
vscan
Vscan can be used to protect data from being compromised by viruses or other malicious code. This combines best-in-class third-party antivirus software with ONTAP features that give you the flexibility you need to control which files get scanned and when. Storage systems offload scanning operations to external servers hosting antivirus software from thirdparty vendors. An Antivirus Connector on the external server handles communications between the storage system and the antivirus software.
Name | Type | Description |
---|---|---|
_links |
||
cache_clear |
boolean |
Discards the cached information of the files that have been successfully scanned. Once the cache is cleared, files are scanned again when they are accessed. PATCH only |
enabled |
boolean |
Specifies whether or not Vscan is enabled on the SVM. |
on_access_policies |
array[vscan_on_access] |
|
on_demand_policies |
array[vscan_on_demand_policy] |
|
scanner_pools |
array[scanner_pool] |
|
svm |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |