Create a Vscan On-Access policy
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
POST /protocols/vscan/{svm.uuid}/on-access-policies
Introduced In: 9.6
Creates a Vscan On-Access policy. Created only on a data SVM. </b>Important notes:
-
You must enable the policy on an SVM before its files can be scanned.
-
You can enable only one On-Access policy at a time on an SVM. By default, the policy is enabled on creation. * If the Vscan On-Access policy has been created successfully on an SVM but cannot be enabled due to an error, the Vscan On-Access policy configurations are saved. The Vscan On-Access policy is then enabled using the PATCH operation.
Required properties
-
svm.uuid
- Existing SVM in which to create the Vscan On-Access policy. -
name
- Name of the Vscan On-Access policy. Maximum length is 256 characters.
Default property values
If not specified in POST, the following default property values are assigned:
-
enabled
- true -
mandatory
- true -
include_extensions
- * -
max_file_size
- 2147483648 -
only_execute_access
- false -
scan_readonly_volumes
- false -
scan_without_extension
- true
Related ONTAP commands
-
vserver vscan on-access-policy create
-
vserver vscan on-access-policy enable
-
vserver vscan on-access-policy disable
-
vserver vscan on-access-policy file-ext-to-include add
-
vserver vscan on-access-policy file-ext-to-exclude add
-
vserver vscan on-access-policy paths-to-exclude add
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
Name | Type | Description |
---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy ame |
scope |
Example request
{
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": 2147483648
}
}
Response
Status: 201, Created
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[vscan_on_access] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": 2147483648
}
}
]
}
Headers
Name | Description | Type |
---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
10027043 |
The new On-Access policy cannot be created as the SVM has reached the maximum number of On-Access policies allowed. Delete an existing policy in order to create a new policy |
10027101 |
The file size must be in the range 1KB to 1TB |
10027107 |
The include extensions list cannot be empty. Specify at least one extension for inclusion |
10027109 |
The specified CIFS path is invalid. It must be in the form "\dir1\dir2" or "\dir1\dir2\" |
10027249 |
The On-Access policy created successfully but failed to enable the policy. The reason for enable policy operation failure might be that another policy is enabled. Disable the enabled policy and then enable the newly created policy using the PATCH operation |
10027253 |
The number of paths specified exceeds the configured number of maximum paths. You cannot specify more than the maximum number of configured paths |
10027254 |
The number of extensions specified exceeds the configured maximum number of extensions. You cannot specify more than the maximum number of configured extensions |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
scope
Name | Type | Description |
---|---|---|
exclude_extensions |
array[string] |
List of file extensions for which scanning is not performed. |
exclude_paths |
array[string] |
List of file paths for which scanning must not be performed. |
include_extensions |
array[string] |
List of file extensions to be scanned. |
max_file_size |
integer |
Maximum file size, in bytes, allowed for scanning. |
only_execute_access |
boolean |
Scan only files opened with execute-access. |
scan_readonly_volumes |
boolean |
Specifies whether or not read-only volume can be scanned. |
scan_without_extension |
boolean |
Specifies whether or not files without any extension can be scanned. |
vscan_on_access
An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.
Name | Type | Description |
---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy ame |
scope |
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |