Dell PowerStore 1200T Using the Common Event Enabler 8.x on Windows Platforms - Page 63

CAVA Calculator

CAVA Calculator is a utility that assists you in determining the number of AV machines for the environment prior to installation.

The CAVA Calculator can be installed and run independent of CAVA and Dell systems (for example, the VNX series), whereas

the sizing tool uses the actual workload. This utility is installed as part of CEE framework.

System requirements

provides more

information.

Virus-checking client

The virus-checking (VC) client is the agent component of VNX software on the Data Mover, or Unity software on a NAS

server. The VC client interacts with the AV engine, which processes requests from the VC client. Scanning is supported only

for SMB/CIFS access. While the scan or other related actions are taking place, access to the file from any SMB/CIFS client is

blocked.

The VC client does the following:

●

Queues and communicates filenames to the antivirus agent for scanning.

●

Provides and acknowledges event triggers for scans. Possible event triggers include:

○

A file is renamed on VNX or Unity

○

A file is copied or saved to VNX or Unity

○

A file is modified and closed on VNX or Unity

NOTE:

Scanning quick glance chart

provides a detailed list of scanning triggers.

●

Requests a virus check by sending the universal naming convention (UNC) pathname to the antivirus agent.

●

Allows the AV engine to perform the correct user-defined action on the file when the file is discovered to contain a virus.

User-defined actions include:

○

Curing or repairing the file

○

Renaming the file

○

Changing the file extension

○

Moving the file to a quarantined area

○

Deleting or purging the file

NOTE:

The AV engine maintains full access to the file being scanned while performing the user-defined action on the

file. After completion, the AV engine returns control of the file to the VC client.

●

If the antivirus agent reports that the file was successfully scanned, VNX or Unity allows the file to be available to the client.

●

If multiple instances of the antivirus agent have been installed, the VC client sends scanning requests to the AV machines in

a round-robin method.

Basic VC client configuration

The VC client can be configured by using the

server_viruschk

command and the

viruschecker.conf

file. An alternative

method uses the EMC Unity/VNX/VNXe AntiVirus snap-in, which is part of the Unity/VNX/VNXe NAS Management snap-in.

(Optional) Install EMC Unity/VNX/VNXe NAS Management snap-in

provides more information.

Full file system scan

An administrator can perform a full scan of a file system by using the

server_viruschk -fsscan

command (VNX systems)

or

svc_cava -fsscan

command (Unity systems). To use this feature, CAVA must be enabled and running. The administrator

can query the state of the scan while it is running, and can stop the scan if necessary. For VNX systems, a file system cannot

be scanned if the file system is mounted with the option

noscan

. As the scan proceeds through the file system, it touches each

file and triggers a scan request for each file.



explains when virus scanning occurs.

Unity and VNX CAVA Information

63

Section	Page
Dell CEE Using the Common Event Enabler on Windows Platforms	1
Contents	3
Preface	7
Introduction	8
About CEE	8
System requirements	9
AntiVirus partners	9
Support for third-party applications	10
Restrictions	10
Related information	11
Installing Third-Party Application Antivirus Engines	12
Installation overview	12
Computer Associates eTrust	13
F-Secure AntiVirus	14
Kaspersky Anti-Virus	15
McAfee VirusScan	18
McAfee Endpoint Security Threat Prevention	19
Microsoft Forefront Endpoint Protection 2010	19
Microsoft System Center 2012 Endpoint Protection	20
Sophos Anti-Virus	20
Symantec Endpoint Protection	22
Set Symantec Endpoint Protection options	22
Set Windows Service Control Manager options	23
Symantec Protection Engine	23
Setting exclusions	23
Setting container handling policies	24
Modifying LimitChoiceStop settings	24
Trend Micro ServerProtect	24
Install Trend Micro ServerProtect	25
Installing the Common Event Enabler Framework	27
Install CEE	27
Verifying the CEE installation package	28
Complete the CEE installation for Windows Server	28
Uninstall CEE	29
Configuring the Domain User Account	30
Domain user account overview	30
Determine the interface name on the Data Mover	31
Create a domain user account	32
Create with Active Directory on a Windows Server	32
Create from User Manager for Domains	32
Create a local group on each Data Mover or NAS server	33
Assign the EMC virus-checking right to the group	33
Assign local administrative rights to the AV user	34
Managing CAVA	36
(Optional) Install EMC Unity/VNX/VNXe NAS Management snap-in	36
Display virus-checking information	36
Audit virus-checking information	37
Start, stop, and restart CAVA	38
Perform a full file system scan	38
Verify the status of a file system scan	39
Stop a file system scan	39
Enable scan-on-first-read	39
Update virus definition files	40
Turn off the AV engine	40
Turn on the AV engine	40
Manage CAVA thread usage	41
Adjust the maxVCThreads parameter	41
View the application log file from a Windows Server	42
Enable automatic virus detection notification	42
Customize virus-checking notification	42
Customize notification messages	43
Managing the Registry and AV Drivers	45
EMC CAVA configuration Registry entries	45
EMC AV driver Registry entry	45
Manage the EMC AV driver	45
Managing VCAPS	47
Set up access	47
Managing CEE for RabbitMQ	48
Set up CEE for RabbitMQ	48
Managing Indexing	49
Set up access for Splunk	49
Monitoring and Sizing the Antivirus Agent	51
Install the CAVA Calculator	51
Start the CAVA Calculator	52
Uninstall the CAVA Calculator	52
Configure the sizing tool	52
Enable the sizing tool	53
Manually compile the cava.mof file	53
Create the cavamon.dat file	53
Start the sizing tool	54
Size the antivirus agent	54
(Optional) Gather AV statistics with cavamon.vbs	54
Third-Party Consumer Applications	55
Overview	55
Set up consumer application access	55
Troubleshooting	57
Dell E-Lab Interoperability Navigator	57
Error messages	57
Known problems	57
Training and Professional Services	58
Unity and VNX CAVA Information	59
CAVA concepts	59
CAVA restrictions and limitations	59
CAVA and Data Mover or NAS server	60
User interface choices	60
CAVA features	60
Load balancing and fault tolerance	61
Updating virus definition files	61
Scan-on-first-read	61
Scan on write	61
Scanning after definition file update (manual process)	61
Virus-checking continuation	61
CAVA sizing tool	62
CAVA Calculator	63
Virus-checking client	63
Configuring viruschecker.conf	64
Create and edit viruschecker.conf	64
Define AV machine IP addresses in viruschecker.conf	65
Send viruschecker.conf to the Data Mover	65
(Optional) Define VC scanning criteria	66
viruschecker.conf parameters	66
Managing the VC Client	70
Start the VC client	70
Stop the VC client	71
Update the viruschecker.conf file	71
Verify the installation	72
Unity and VNX CEPA Information	73
CEPA concepts	73
CEPA restrictions and limitations	73
Overview of the cepp.conf file	74
Create the cepp.conf file	75
Edit the cepp.conf file	78
Assign rights in Windows Server	78
Assign rights for third-party applications	79
Start the CEPA facility	79
Verify the CEPA status	79
Stop the CEPA facility	80
Display the CEPA facility properties	80
Display the CEPA facility statistics	81
Display detailed information for a CEPA pool	81
Index	82
A	82
B	82
C	82
D	82
E	82
F	82
H	83
I	83
K	83
L	83
M	83
N	83
P	83
R	83
S	83
T	84
U	84
V	84

Dell PowerStore 1200T Using the Common Event Enabler 8.x on Windows Platforms - Page 63

CAVA Calculator, Virus-checking client

Page 63 highlights