Update the Vscan On-Access policies configuration for an SVM
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
PATCH /protocols/vscan/{svm.uuid}/on-access-policies/{name}
Introduced In: 9.6
Updates the Vscan On-Access policy configuration and/or enables/disables the Vscan On-Access policy of an SVM. You cannot modify the configurations for an On-Access policy associated with a data SVM which was created by SVM owned by the cluster, although you can enable and disable the policy associated with cluster SVM.
Related ONTAP commands
-
vserver vscan on-access-policy modify
-
vserver vscan on-access-policy enable
-
vserver vscan on-access-policy disable
-
vserver vscan on-access-policy file-ext-to-include add
-
vserver vscan on-access-policy file-ext-to-exclude add
-
vserver vscan on-access-policy paths-to-exclude add
-
vserver vscan on-access-policy file-ext-to-include remove
-
vserver vscan on-access-policy file-ext-to-exclude remove
-
vserver vscan on-access-policy paths-to-exclude remove
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
name |
string |
path |
True |
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
Name | Type | Description |
---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy name |
scope |
Example request
{
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": 2147483648
}
}
Response
Status: 200, Ok
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
10027033 |
Configurations for an On-Access policy associated with a data SVM which was created by SVM owned by the cluster cannot be modified. However, the policy can be enabled or disabled. |
10027046 |
The specified SVM is not the owner of the specified policy. Check for the correct SVM who owns the policy. |
10027101 |
The file size must be in the range 1KB to 1TB |
10027107 |
The include extensions list cannot be empty. Specify at least one extension for inclusion. |
10027109 |
The specified CIFS path is invalid. It must be in the form "\dir1\dir2" or "\dir1\dir2\". |
10027249 |
The On-Access policy updated successfully but failed to enable/disable the policy. The reason for an enable policy operation failure might be that another policy is enabled. Disable the already enabled policy and then enable the policy. The reason for a disable policy operation failure might be that Vscan is enabled on the SVM. Disable the Vscan first and then disable the policy. |
10027250 |
The On-Access policy cannot be enabled/disabled. The reason for an enable policy operation failure might be that another policy is enabled. Disable the already enabled policy and then enable the policy. The reason for a disable policy operation failure might be that Vscan is enabled on the SVM. Disable the Vscan and then disable the policy. |
10027253 |
The number of paths specified exceeds the configured maximum number of paths. You cannot specify more than the maximum number of configured paths. |
10027254 |
The number of extensions specified exceeds the configured maximum number of extensions. You cannot specify more than the maximum number of configured extensions. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
scope
Name | Type | Description |
---|---|---|
exclude_extensions |
array[string] |
List of file extensions for which scanning is not performed. |
exclude_paths |
array[string] |
List of file paths for which scanning must not be performed. |
include_extensions |
array[string] |
List of file extensions to be scanned. |
max_file_size |
integer |
Maximum file size, in bytes, allowed for scanning. |
only_execute_access |
boolean |
Scan only files opened with execute-access. |
scan_readonly_volumes |
boolean |
Specifies whether or not read-only volume can be scanned. |
scan_without_extension |
boolean |
Specifies whether or not files without any extension can be scanned. |
vscan_on_access
An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.
Name | Type | Description |
---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy name |
scope |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |