Skip to main content
A newer release of this product is available.

Update the Vscan configuration for an SVM

Contributors

PATCH /protocols/vscan/{svm.uuid}

Introduced In: 9.6

Updates the Vscan configuration of an SVM. Allows you to either enable or disable a Vscan, and allows you to clear the Vscan cache that stores the past scanning data for an SVM.

Important note:

  • The Vscan PATCH endpoint does not allow you to modify scanner-pools, On-Demand policies or On-Access policies. Those modifications can only be done through their respective endpoints.

  • vserver vscan enable

  • vserver vscan disable

  • vserver vscan reset

Parameters

Name Type In Required Description

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

_links

_links

cache_clear

boolean

Discards the cached information of the files that have been successfully scanned. Once the cache is cleared, files are scanned again when they are accessed. PATCH only

enabled

boolean

Specifies whether or not Vscan is enabled on the SVM.

on_access_policies

array[vscan_on_access]

on_demand_policies

array[vscan_on_demand_policy]

scanner_pools

array[scanner_pool]

svm

svm

SVM, applies only to SVM-scoped objects.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "on_access_policies": [
    {
      "name": "on-access-test",
      "scope": {
        "exclude_extensions": [
          "mp*",
          "txt"
        ],
        "exclude_paths": [
          "\\dir1\\dir2\\name",
          "\\vol\\a b",
          "\\vol\\a,b\\"
        ],
        "include_extensions": [
          "mp*",
          "txt"
        ],
        "max_file_size": 2147483648
      }
    }
  ],
  "on_demand_policies": [
    {
      "log_path": "/vol0/report_dir",
      "name": "task-1",
      "scan_paths": [
        "/vol1/",
        "/vol2/cifs/"
      ],
      "schedule": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "weekly",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "scope": {
        "exclude_extensions": [
          "mp3",
          "mp4"
        ],
        "exclude_paths": [
          "/vol1/cold-files/",
          "/vol1/cifs/names"
        ],
        "include_extensions": [
          "vmdk",
          "mp*"
        ],
        "max_file_size": 10737418240
      }
    }
  ],
  "scanner_pools": [
    {
      "cluster": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "cluster1",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "name": "scanner-1",
      "privileged_users": [
        "cifs\\u1",
        "cifs\\u2"
      ],
      "role": "string",
      "servers": [
        "1.1.1.1",
        "10.72.204.27",
        "vmwin204-27.fsct.nb"
      ]
    }
  ],
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 200, Ok

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

10027015

Attempting to enable a Vscan but no active scanner-pool exists for the specified SVM

10027009

Attempting to enable a Vscan for an SVM for which it's already enabled

10027010

Attempting to disable a Vscan for an SVM for which it's already disabled

10027011

Attempting to enable a Vscan for an SVM for which no CIFS server exists

10027023

Attempting to enable a Vscan for an SVM for which no active Vscan On-Access policy exists

10027012

Cannot enable Vscan on an administrative SVM.

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

scope

Name Type Description

exclude_extensions

array[string]

List of file extensions for which scanning is not performed.

exclude_paths

array[string]

List of file paths for which scanning must not be performed.

include_extensions

array[string]

List of file extensions to be scanned.

max_file_size

integer

Maximum file size, in bytes, allowed for scanning.

only_execute_access

boolean

Scan only files opened with execute-access.

scan_readonly_volumes

boolean

Specifies whether or not read-only volume can be scanned.

scan_without_extension

boolean

Specifies whether or not files without any extension can be scanned.

vscan_on_access

An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.

Name Type Description

enabled

boolean

Status of the On-Access Vscan policy

mandatory

boolean

Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.

name

string

On-Access policy name

scope

scope

schedule

Schedule of the task.

Name Type Description

_links

_links

name

string

Job schedule name

uuid

string

Job schedule UUID

scope

Name Type Description

exclude_extensions

array[string]

List of file extensions for which scanning is not performed.

exclude_paths

array[string]

List of file paths for which scanning must not be performed.

include_extensions

array[string]

List of file extensions to be scanned.

max_file_size

integer

Maximum file size, in bytes, allowed for scanning.

scan_without_extension

boolean

Specifies whether or not files without any extension can be scanned.

vscan_on_demand_policy

Use On-Demand scanning to check files for viruses on a schedule. An On-Demand policy defines the scope of an On-Demand scan.

Name Type Description

log_path

string

The path from the Vserver root where the task report is created.

name

string

On-Demand task name

scan_paths

array[string]

List of paths that need to be scanned.

schedule

schedule

Schedule of the task.

scope

scope

cluster_reference

Name Type Description

_links

_links

name

string

uuid

string

scanner_pool

Scanner pool is a set of attributes which are used to validate and manage connections between clustered ONTAP and external virus-scanning server, or "Vscan server".

Name Type Description

cluster

cluster_reference

name

string

Specifies the name of the scanner pool. Scanner pool name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters a-z, A-Z, 0-9), "_", "-" and ".".

privileged_users

array[string]

Specifies a list of privileged users. A valid form of privileged user-name is "domain-name\user-name". Privileged user-names are stored and treated as case-insensitive strings. Virus scanners must use one of the registered privileged users for connecting to clustered Data ONTAP for exchanging virus-scanning protocol messages and to access file for scanning, remedying and quarantining operations.

  • example: ["cifs\u1", "cifs\u2"]

  • Introduced in: 9.10

role

string

Specifies the role of the scanner pool. The possible values are:

  • primary - Always active.

  • secondary - Active only when none of the primary external virus-scanning servers are connected.

  • idle - Always inactive.

servers

array[string]

Specifies a list of IP addresses or FQDN for each Vscan server host names which are allowed to connect to clustered ONTAP.

  • example: ["1.1.1.1", "10.72.204.27", "vmwin204-27.fsct.nb"]

  • Introduced in: 9.10

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

vscan

Vscan can be used to protect data from being compromised by viruses or other malicious code. This combines best-in-class third-party antivirus software with ONTAP features that give you the flexibility you need to control which files get scanned and when. Storage systems offload scanning operations to external servers hosting antivirus software from thirdparty vendors. An Antivirus Connector on the external server handles communications between the storage system and the antivirus software.

Name Type Description

_links

_links

cache_clear

boolean

Discards the cached information of the files that have been successfully scanned. Once the cache is cleared, files are scanned again when they are accessed. PATCH only

enabled

boolean

Specifies whether or not Vscan is enabled on the SVM.

on_access_policies

array[vscan_on_access]

on_demand_policies

array[vscan_on_demand_policy]

scanner_pools

array[scanner_pool]

svm

svm

SVM, applies only to SVM-scoped objects.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.