Overview
The VSP One File servers proactively submit files for scanning to the scan engine on both open (writable) and closed (read-only) file systems. If a file has not been verified by a virus scan engine as clean, a notification is sent to the server and scanning must be done before it can be accessed. However, scanning for viruses when a client on the network is trying to access the file can take time on read-only files (SMB clients may experience a temporary loss of data access). To reduce this latency and ensure maximum accessibility of data, multiple virus scan engines can be configured to support each EVS on which virus scanning is enabled. Files are automatically queued for scanning when they are created or modified. Queued files are scanned promptly, expediting the detection of viruses in new or modified files, and making it unlikely that an infected file remains dormant on the system.
When a virus is detected, a severe event is placed in the event log, identifying the path of the infected file and the IP address of the infected machine.
Virus scanning statistics for a server (in 10-second time slices) are available for viewing in File Administrator since the previous reboot or since the point when statistics were last reset.
You can configure multiple virus scan engines using the RPC protocol or the ICAP protocol to enhance the performance and to maintain high availability of the VSP One File server. The server does not scan files but provides a connection with configured virus scan engines on the network. If a virus scan engine fails during a virus scan, the server automatically redirects the scan to another virus scan engine.
The Internet Content Adaption Protocol (ICAP) is an open standard used to connect devices to enterprise-level virus scan engines. RPC is a remote procedure call interface that some scan engines support.
The server maintains a file type inclusion list that allows you to control the files that are scanned (for example, .exe, .dll, .doc). The default inclusion list includes most file types commonly affected by viruses. You can also create a file type exclusion list to exclude files from virus scanning. Using an exclusion list helps reduce the load on the virus scanning engines and the network. The inclusion and exclusion lists support wildcards.
If virus scanning is temporarily disabled, files are marked as required scanning. If virus scanning is re-enabled, the marked files are scanned the next time the SMB client accesses the files.