How does Sophos Anti-Virus for NetApp communicate with the server?
Sophos product and version
Sophos Anti-Virus for NetApp Storage Systems
NetApp Storage Systems
- The client computer attempts to access a file on the filer. This happens via Common Internet File System (CIFS)
NB. Only CIFS shares are protected by AV. This is because VSCAN on the filer only supports the checking of files on CIFS shares, not because of a problem in SAV for NetApp.
- The filer makes an RPC call to the AV Server requesting for a file to be scanned. The RPC call uses a NetApp proprietary protocol.
- The AV Server then accesses the file using CIFS.
- The file is scanned by the on-access scanner.
- The results from the scan are passed back to the filer via RPC.
- If the file was clean then the client computer is allowed to access the file. If the file was not clean then an access denied message will be sent to the client machine.
- The MMC console (which can be on the same computer as the AV server or a different computer) uses Service Control Manager (SCM) to check whether the SAV for NetApp service is running
- Information sent back from the AV server to the MMC console is done via UDP on port 10000