Skip to main content
A newer release of this product is available.

Retrieve the Vscan configuration

Contributors

GET /protocols/vscan

Introduced In: 9.6

Retrieves the Vscan configuration. This includes scanner-pools, On-Access policies, On-Demand policies, and information about whether a Vscan is enabled or disabled on an SVM.

Important notes:

  • You can enable only one Vscan configuration at a time for an SVM.

  • You can only query using svm.uuid or svm.name.

  • vserver vscan show

  • vserver vscan scanner-pool show

  • vserver vscan scanner-pool servers show

  • vserver vscan scanner-pool privileged-users show

  • vserver vscan on-access-policy show

  • vserver vscan on-access-policy file-ext-to-exclude show

  • vserver vscan on-access-policy file-ext-to-include show

  • vserver vscan on-access-policy paths-to-exclude show

  • vserver vscan on-demand-task show

Parameters

Name Type In Required Description

on_demand_policies.scope.exclude_extensions

string

query

False

Filter by on_demand_policies.scope.exclude_extensions

on_demand_policies.scope.exclude_paths

string

query

False

Filter by on_demand_policies.scope.exclude_paths

on_demand_policies.scope.max_file_size

integer

query

False

Filter by on_demand_policies.scope.max_file_size

  • Max value: 1099511627776

  • Min value: 1024

on_demand_policies.scope.include_extensions

string

query

False

Filter by on_demand_policies.scope.include_extensions

on_demand_policies.scope.scan_without_extension

boolean

query

False

Filter by on_demand_policies.scope.scan_without_extension

on_demand_policies.log_path

string

query

False

Filter by on_demand_policies.log_path

on_demand_policies.scan_paths

string

query

False

Filter by on_demand_policies.scan_paths

on_demand_policies.name

string

query

False

Filter by on_demand_policies.name

  • maxLength: 256

  • minLength: 1

on_demand_policies.schedule.uuid

string

query

False

Filter by on_demand_policies.schedule.uuid

on_demand_policies.schedule.name

string

query

False

Filter by on_demand_policies.schedule.name

scanner_pools.name

string

query

False

Filter by scanner_pools.name

  • maxLength: 256

  • minLength: 1

scanner_pools.privileged_users

string

query

False

Filter by scanner_pools.privileged_users

scanner_pools.role

string

query

False

Filter by scanner_pools.role

scanner_pools.servers

string

query

False

Filter by scanner_pools.servers

scanner_pools.cluster.name

string

query

False

Filter by scanner_pools.cluster.name

scanner_pools.cluster.uuid

string

query

False

Filter by scanner_pools.cluster.uuid

enabled

boolean

query

False

Filter by enabled

on_access_policies.scope.scan_readonly_volumes

boolean

query

False

Filter by on_access_policies.scope.scan_readonly_volumes

on_access_policies.scope.only_execute_access

boolean

query

False

Filter by on_access_policies.scope.only_execute_access

on_access_policies.scope.exclude_extensions

string

query

False

Filter by on_access_policies.scope.exclude_extensions

on_access_policies.scope.exclude_paths

string

query

False

Filter by on_access_policies.scope.exclude_paths

  • maxLength: 255

  • minLength: 1

on_access_policies.scope.scan_without_extension

boolean

query

False

Filter by on_access_policies.scope.scan_without_extension

on_access_policies.scope.max_file_size

integer

query

False

Filter by on_access_policies.scope.max_file_size

  • Max value: 1099511627776

  • Min value: 1024

on_access_policies.scope.include_extensions

string

query

False

Filter by on_access_policies.scope.include_extensions

on_access_policies.enabled

boolean

query

False

Filter by on_access_policies.enabled

on_access_policies.mandatory

boolean

query

False

Filter by on_access_policies.mandatory

on_access_policies.name

string

query

False

Filter by on_access_policies.name

  • maxLength: 256

  • minLength: 1

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Max value: 120

  • Min value: 0

  • Default value: 1

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[vscan]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "on_access_policies": [
        {
          "name": "on-access-test",
          "scope": {
            "exclude_extensions": [
              "mp*",
              "txt"
            ],
            "exclude_paths": [
              "\\dir1\\dir2\\name",
              "\\vol\\a b",
              "\\vol\\a,b\\"
            ],
            "include_extensions": [
              "mp*",
              "txt"
            ],
            "max_file_size": 2147483648
          }
        }
      ],
      "on_demand_policies": [
        {
          "log_path": "/vol0/report_dir",
          "name": "task-1",
          "scan_paths": [
            "/vol1/",
            "/vol2/cifs/"
          ],
          "schedule": {
            "_links": {
              "self": {
                "href": "/api/resourcelink"
              }
            },
            "name": "weekly",
            "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
          },
          "scope": {
            "exclude_extensions": [
              "mp3",
              "mp4"
            ],
            "exclude_paths": [
              "/vol1/cold-files/",
              "/vol1/cifs/names"
            ],
            "include_extensions": [
              "vmdk",
              "mp*"
            ],
            "max_file_size": 10737418240
          }
        }
      ],
      "scanner_pools": [
        {
          "cluster": {
            "_links": {
              "self": {
                "href": "/api/resourcelink"
              }
            },
            "name": "cluster1",
            "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
          },
          "name": "scanner-1",
          "privileged_users": [
            "cifs\\u1",
            "cifs\\u2"
          ],
          "role": "string",
          "servers": [
            "1.1.1.1",
            "10.72.204.27",
            "vmwin204-27.fsct.nb"
          ]
        }
      ],
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

scope

Name Type Description

exclude_extensions

array[string]

List of file extensions for which scanning is not performed.

exclude_paths

array[string]

List of file paths for which scanning must not be performed.

include_extensions

array[string]

List of file extensions to be scanned.

max_file_size

integer

Maximum file size, in bytes, allowed for scanning.

only_execute_access

boolean

Scan only files opened with execute-access.

scan_readonly_volumes

boolean

Specifies whether or not read-only volume can be scanned.

scan_without_extension

boolean

Specifies whether or not files without any extension can be scanned.

vscan_on_access

An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.

Name Type Description

enabled

boolean

Status of the On-Access Vscan policy

mandatory

boolean

Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.

name

string

On-Access policy ame

scope

scope

schedule

Schedule of the task.

Name Type Description

_links

_links

name

string

Job schedule name

uuid

string

Job schedule UUID

scope

Name Type Description

exclude_extensions

array[string]

List of file extensions for which scanning is not performed.

exclude_paths

array[string]

List of file paths for which scanning must not be performed.

include_extensions

array[string]

List of file extensions to be scanned.

max_file_size

integer

Maximum file size, in bytes, allowed for scanning.

scan_without_extension

boolean

Specifies whether or not files without any extension can be scanned.

vscan_on_demand_policy

Use On-Demand scanning to check files for viruses on a schedule. An On-Demand policy defines the scope of an On-Demand scan.

Name Type Description

log_path

string

The path from the Vserver root where the task report is created.

name

string

On-Demand task name

scan_paths

array[string]

List of paths that need to be scanned.

schedule

schedule

Schedule of the task.

scope

scope

cluster_reference

Name Type Description

_links

_links

name

string

uuid

string

scanner_pool

Scanner pool is a set of attributes which are used to validate and manage connections between clustered ONTAP and external virus-scanning server, or "Vscan server".

Name Type Description

cluster

cluster_reference

name

string

Specifies the name of the scanner pool. Scanner pool name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters a-z, A-Z, 0-9), "_", "-" and ".".

privileged_users

array[string]

Specifies a list of privileged users. A valid form of privileged user-name is "domain-name\user-name". Privileged user-names are stored and treated as case-insensitive strings. Virus scanners must use one of the registered privileged users for connecting to clustered Data ONTAP for exchanging virus-scanning protocol messages and to access file for scanning, remedying and quarantining operations.

  • example: ["cifs\u1", "cifs\u2"]

  • Introduced in: 9.10

role

string

Specifies the role of the scanner pool. The possible values are:

  • primary - Always active.

  • secondary - Active only when none of the primary external virus-scanning servers are connected.

  • idle - Always inactive.

servers

array[string]

Specifies a list of IP addresses or FQDN for each Vscan server host names which are allowed to connect to clustered ONTAP.

  • example: ["1.1.1.1", "10.72.204.27", "vmwin204-27.fsct.nb"]

  • Introduced in: 9.10

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

vscan

Vscan can be used to protect data from being compromised by viruses or other malicious code. This combines best-in-class third-party antivirus software with ONTAP features that give you the flexibility you need to control which files get scanned and when. Storage systems offload scanning operations to external servers hosting antivirus software from thirdparty vendors. An Antivirus Connector on the external server handles communications between the storage system and the antivirus software.

Name Type Description

_links

_links

cache_clear

boolean

Discards the cached information of the files that have been successfully scanned. Once the cache is cleared, files are scanned again when they are accessed. PATCH only

enabled

boolean

Specifies whether or not Vscan is enabled on the SVM.

on_access_policies

array[vscan_on_access]

on_demand_policies

array[vscan_on_demand_policy]

scanner_pools

array[scanner_pool]

svm

svm

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.