Sophos Anti-Virus for NetApp Storage Systems: Overview of the scanning process when a client accesses a file

  • Article ID: 33453
  • Rating:
  • 3 customers rated this article 5.7 out of 6
  • Updated: 04 Mar 2014


This article provides an overview of the process when a client accesses a file on a filer and it is scanned by Sophos Anti-Virus for NetApp. The server running Sophos Anti-Virus for NetApp is referred to as the 'antivirus server' throughout this article.


  1. The client computer attempts to access a file on the filer. This happens via Common Internet File System (CIFS)
    NB. Only CIFS shares are protected by antivirus scanning, this is because VSCAN on the filer only supports the checking of files on CIFS shares, not because of a limitation in Sophos Anti-Virus for NetApp.
  2. The filer makes an RPC call to the antivirus server requesting for a file to be scanned. The RPC call uses a NetApp proprietary protocol.
  3. The antivirus server accesses the file using CIFS.
  4. The file is scanned by the Sophos Anti-Virus on-access scanner on the antivirus server.
  5. The results from the scan are passed back to the filer via RPC.
  6. If the file is clean then the client computer is allowed to access the file. If the file is not clean then the user on the client machine will see an access denied message.
  7. The MMC console (which can be on the antivirus server or a different computer) uses Service Control Manager (SCM) to check whether the Sophos Anti-Virus for NetApp service is running
  8. Information sent back from the antivirus server to the MMC console is done via UDP on port 10000

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent