REST API reference
Create a Vscan On-Access policy
Suggest changes
PDFs
POST /protocols/vscan/{svm.uuid}/on-access-policies
Introduced In: 9.6
Creates a Vscan On-Access policy. Created only on a data SVM. </b>Important notes:
-
You must enable the policy on an SVM before its files can be scanned.
-
You can enable only one On-Access policy at a time on an SVM. By default, the policy is enabled on creation. * If the Vscan On-Access policy has been created successfully on an SVM but cannot be enabled due to an error, the Vscan On-Access policy configurations are saved. The Vscan On-Access policy is then enabled using the PATCH operation.
Required properties
-
svm.uuid- Existing SVM in which to create the Vscan On-Access policy. -
name- Name of the Vscan On-Access policy. Maximum length is 256 characters.
Default property values
If not specified in POST, the following default property values are assigned:
-
enabled- true -
mandatory- true -
include_extensions- * -
max_file_size- 2147483648 -
only_execute_access- false -
scan_readonly_volumes- false -
scan_without_extension- true
Related ONTAP commands
-
vserver vscan on-access-policy create -
vserver vscan on-access-policy enable -
vserver vscan on-access-policy disable -
vserver vscan on-access-policy file-ext-to-include add -
vserver vscan on-access-policy file-ext-to-exclude add -
vserver vscan on-access-policy paths-to-exclude add
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy ame |
scope |
Example request
{
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": "2147483648"
}
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[vscan_on_access] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": "2147483648"
}
}
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
10027043 |
The new On-Access policy cannot be created as the SVM has reached the maximum number of On-Access policies allowed. Delete an existing policy in order to create a new policy |
10027101 |
The file size must be in the range 1KB to 1TB |
10027107 |
The include extensions list cannot be empty. Specify at least one extension for inclusion |
10027109 |
The specified CIFS path is invalid. It must be in the form "\dir1\dir2" or "\dir1\dir2\" |
10027249 |
The On-Access policy created successfully but failed to enable the policy. The reason for enable policy operation failure might be that another policy is enabled. Disable the enabled policy and then enable the newly created policy using the PATCH operation |
10027253 |
The number of paths specified exceeds the configured number of maximum paths. You cannot specify more than the maximum number of configured paths |
10027254 |
The number of extensions specified exceeds the configured maximum number of extensions. You cannot specify more than the maximum number of configured extensions |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
scope
| Name | Type | Description |
|---|---|---|
exclude_extensions |
array[string] |
List of file extensions for which scanning is not performed. |
exclude_paths |
array[string] |
List of file paths for which scanning must not be performed. |
include_extensions |
array[string] |
List of file extensions to be scanned. |
max_file_size |
integer |
Maximum file size, in bytes, allowed for scanning. |
only_execute_access |
boolean |
Scan only files opened with execute-access. |
scan_readonly_volumes |
boolean |
Specifies whether or not read-only volume can be scanned. |
scan_without_extension |
boolean |
Specifies whether or not files without any extension can be scanned. |
vscan_on_access
An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy ame |
scope |
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |