Skip to main content
A newer release of this product is available.

Update the Vscan On-Access policy configuration for an SVM

Contributors

PATCH /protocols/vscan/{svm.uuid}/on-access-policies/{name}

Introduced In: 9.6

Updates the Vscan On-Access policy configuration and/or enables/disables the Vscan On-Access policy of an SVM. You cannot modify the configurations for an On-Access policy associated with a data SVM which was created by SVM owned by the cluster, although you can enable and disable the policy associated with cluster SVM.

  • vserver vscan on-access-policy modify

  • vserver vscan on-access-policy enable

  • vserver vscan on-access-policy disable

  • vserver vscan on-access-policy file-ext-to-include add

  • vserver vscan on-access-policy file-ext-to-exclude add

  • vserver vscan on-access-policy paths-to-exclude add

  • vserver vscan on-access-policy file-ext-to-include remove

  • vserver vscan on-access-policy file-ext-to-exclude remove

  • vserver vscan on-access-policy paths-to-exclude remove

Parameters

Name Type In Required Description

name

string

path

True

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

enabled

boolean

Status of the On-Access Vscan policy

mandatory

boolean

Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.

name

string

On-Access policy name

scope

scope

Example request
{
  "name": "on-access-test",
  "scope": {
    "exclude_extensions": [
      "mp*",
      "txt"
    ],
    "exclude_paths": [
      "\\dir1\\dir2\\name",
      "\\vol\\a b",
      "\\vol\\a,b\\"
    ],
    "include_extensions": [
      "mp*",
      "txt"
    ],
    "max_file_size": 2147483648
  }
}

Response

Status: 200, Ok

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

10027033

Configurations for an On-Access policy associated with a data SVM which was created by SVM owned by the cluster cannot be modified. However, the policy can be enabled or disabled.

10027046

The specified SVM is not the owner of the specified policy. Check for the correct SVM who owns the policy.

10027101

The file size must be in the range 1KB to 1TB

10027107

The include extensions list cannot be empty. Specify at least one extension for inclusion.

10027109

The specified CIFS path is invalid. It must be in the form "\dir1\dir2" or "\dir1\dir2\".

10027249

The On-Access policy updated successfully but failed to enable/disable the policy. The reason for an enable policy operation failure might be that another policy is enabled. Disable the already enabled policy and then enable the policy. The reason for a disable policy operation failure might be that Vscan is enabled on the SVM. Disable the Vscan first and then disable the policy.

10027250

The On-Access policy cannot be enabled/disabled. The reason for an enable policy operation failure might be that another policy is enabled. Disable the already enabled policy and then enable the policy. The reason for a disable policy operation failure might be that Vscan is enabled on the SVM. Disable the Vscan and then disable the policy.

10027253

The number of paths specified exceeds the configured maximum number of paths. You cannot specify more than the maximum number of configured paths.

10027254

The number of extensions specified exceeds the configured maximum number of extensions. You cannot specify more than the maximum number of configured extensions.

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

scope

Name Type Description

exclude_extensions

array[string]

List of file extensions for which scanning is not performed.

exclude_paths

array[string]

List of file paths for which scanning must not be performed.

include_extensions

array[string]

List of file extensions to be scanned.

max_file_size

integer

Maximum file size, in bytes, allowed for scanning.

only_execute_access

boolean

Scan only files opened with execute-access.

scan_readonly_volumes

boolean

Specifies whether or not read-only volume can be scanned.

scan_without_extension

boolean

Specifies whether or not files without any extension can be scanned.

vscan_on_access

An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.

Name Type Description

enabled

boolean

Status of the On-Access Vscan policy

mandatory

boolean

Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.

name

string

On-Access policy name

scope

scope

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.