ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver vscan on-access-policy modify

    Modify an On-Access policy

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver vscan on-access-policy modify command modifies an On-Access policy.

    Parameters

    -vserver <vserver name> - Vserver

    This parameter specifies the name of the Vserver on which you want to modify an On-Access policy.

    -policy-name <Policy name> - Policy

    This parameter specifies the name of the On-Access policy that you want to modify.

    [-filters {scan-ro-volume|scan-execute-access}] - Filters

    This parameter specifies a list of filters which can be used to define the scope of the On-Access policy more precisely. The list can include one or more of the following:

    • scan-ro-volume - Enable scans for read-only volume.

    • scan-execute-access - Scan only files opened with execute-access (CIFS only).

    [-scan-mandatory {on|off}] - Mandatory Scan

    This parameter specifies whether access to a file is allowed if there are no external virus-scanning servers available for virus scanning.

    [-max-file-size {<integer>[KB|MB|GB|TB|PB]}] - Max File Size Allowed for Scanning

    This parameter specifies the maximum size of the file which will be considered for virus scanning.

    [-paths-to-exclude <File path>,…​] - File Paths Not to Scan

    This parameter specifies a list of paths, separated by commas, to exclude from virus scanning. This path is given from the root of the Vserver and can be up to 255 characters long. CIFS protocol based On-Access policies must use "\" as the path separator. The path can be in one of the following forms:

    • \dir1\dir2\name - This would match "\dir1\dir2\name" as well as "\dir1\dir2\name...".

    • \dir1\dir2\name\ - This would only match "\dir1\dir2\name...".

    If you are using the CLI, you must delimit all paths with double quotation marks ("). For instance, to add the paths "\vol\a b\" and "\vol\a,b\" to the -paths-to-exclude in the CLI, type "\vol\a b\","\vol\a,b\" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".
    [-file-ext-to-exclude <File extension>,…​] - File Extensions Not to Scan

    This parameter specifies a list of file extensions, separated by commas, to exclude from virus scanning. Each file extension can be up to 16 characters long. The -file-ext-to-exclude supports wildcard patterns containing "*" and "?". Pattern matching is defined as:

    • * - Matches any string, including the empty string. For example, mp* would match mp, mp3, mp4, mpeg etc.

    • ? - Matches any single character. For example, mp? would match mp3, mp4 but not mp and mpeg.

    If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp* in the CLI, type "mp*" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".
    [-file-ext-to-include <File extension>,…​] - File Extensions to Scan

    This parameter specifies a list of file extensions, separated by commas, to include for virus scanning. Each file extension can be up to 16 characters long. The -file-ext-to-include supports wildcard patterns containing "*" and "?". Pattern matching is defined as:

    • * - Matches any string, including the empty string. For example, mp* would match mp, mp3, mp4, mpeg etc.

    • ? - Matches any single character. For example, mp? would match mp3, mp4 but not mp and mpeg.

    If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp* in the CLI, type "mp*" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".
    If you specify both -file-ext-to-include and -file-ext-to-exclude lists, then only those file extensions are considered for virus scanning which match one of the patterns provided in -file-ext-to-include list but do not match any of the patterns provided in -file-ext-to-exclude list.
    [-scan-files-with-no-ext {true|false}] - Scan Files with No Extension

    This parameter specifies if the files without any extension are considered for virus scanning or not.

    Examples

    The following example modifies an On-Access policy.

    cluster1::> vserver vscan on-access-policy modify -vserver vs1 -policy-name test
                    -protocol CIFS -scan-mandatory on -filters scan-ro-volume -max-file-size 10GB
                    -file-ext-to-exclude "mp3" -file-ext-to-include "mp*" -scan-files-with-no-ext false
                    -paths-to-exclude "\vol1\temp","\vol2\a"
    
    cluster1::> vserver vscan on-access-policy show -instance -vserver vs1 -policy-name test
    Vserver: vs1
                                Policy: test
                         Policy Status: off
                   Policy Config Owner: vserver
                  File-Access Protocol: CIFS
                               Filters: scan-ro-volume
                        Mandatory Scan: off
    Max File Size Allowed for Scanning: 10GB
                File Paths Not to Scan: \vol1\temp, \vol2\a
           File Extensions Not to Scan: mp3
               File Extensions to Scan: mp*
          Scan Files with No Extension: false
    Top of Page