Skip to main content
A newer release of this product is available.

Create a Vscan On-Access policy

Contributors

POST /protocols/vscan/{svm.uuid}/on-access-policies

Creates a Vscan On-Access policy. Created only on a data SVM. </b>Important notes:

  • You must enable the policy on an SVM before its files can be scanned.

  • You can enable only one On-Access policy at a time on an SVM. By default, the policy is enabled on creation. * If the Vscan On-Access policy has been created successfully on an SVM but cannot be enabled due to an error, the Vscan On-Access policy configurations are saved. The Vscan On-Access policy is then enabled using the PATCH operation.

Required properties

  • svm.uuid - Existing SVM in which to create the Vscan On-Access policy.

  • name - Name of the Vscan On-Access policy. Maximum length is 256 characters.

Default property values

If not specified in POST, the following default property values are assigned:

  • enabled - true

  • mandatory - true

  • include_extensions - *

  • max_file_size - 2147483648

  • only_execute_access - false

  • scan_readonly_volumes - false

  • scan_without_extension - true

  • vserver vscan on-access-policy create

  • vserver vscan on-access-policy enable

  • vserver vscan on-access-policy disable

  • vserver vscan on-access-policy file-ext-to-include add

  • vserver vscan on-access-policy file-ext-to-exclude add

  • vserver vscan on-access-policy paths-to-exclude add

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

enabled

boolean

Status of the On-Access Vscan policy

mandatory

boolean

Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.

name

string

On-Access policy ame

scope

scope

Example request
{
  "name": "on-access-test",
  "scope": {
    "exclude_extensions": [
      "mp*",
      "txt"
    ],
    "exclude_paths": [
      "\\dir1\\dir2\\name",
      "\\vol\\a b",
      "\\vol\\a,b\\"
    ],
    "include_extensions": [
      "mp*",
      "txt"
    ],
    "max_file_size": 2147483648
  }
}

Response

Status: 201, Created
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[vscan_on_access]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "name": "on-access-test",
      "scope": {
        "exclude_extensions": [
          "mp*",
          "txt"
        ],
        "exclude_paths": [
          "\\dir1\\dir2\\name",
          "\\vol\\a b",
          "\\vol\\a,b\\"
        ],
        "include_extensions": [
          "mp*",
          "txt"
        ],
        "max_file_size": 2147483648
      }
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

10027043

The new On-Access policy cannot be created as the SVM has reached the maximum number of On-Access policies allowed. Delete an existing policy in order to create a new policy

10027101

The file size must be in the range 1KB to 1TB

10027107

The include extensions list cannot be empty. Specify at least one extension for inclusion

10027109

The specified CIFS path is invalid. It must be in the form "\dir1\dir2" or "\dir1\dir2\"

10027249

The On-Access policy created successfully but failed to enable the policy. The reason for enable policy operation failure might be that another policy is enabled. Disable the enabled policy and then enable the newly created policy using the PATCH operation

10027253

The number of paths specified exceeds the configured number of maximum paths. You cannot specify more than the maximum number of configured paths

10027254

The number of extensions specified exceeds the configured maximum number of extensions. You cannot specify more than the maximum number of configured extensions

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

scope

Name Type Description

exclude_extensions

array[string]

List of file extensions for which scanning is not performed.

exclude_paths

array[string]

List of file paths for which scanning must not be performed.

include_extensions

array[string]

List of file extensions to be scanned.

max_file_size

integer

Maximum file size, in bytes, allowed for scanning.

only_execute_access

boolean

Scan only files opened with execute-access.

scan_readonly_volumes

boolean

Specifies whether or not read-only volume can be scanned.

scan_without_extension

boolean

Specifies whether or not files without any extension can be scanned.

vscan_on_access

An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.

Name Type Description

enabled

boolean

Status of the On-Access Vscan policy

mandatory

boolean

Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning.

name

string

On-Access policy ame

scope

scope

href

Name Type Description

href

string

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.