Unsolved
This post is more than 5 years old
44 Posts
0
4264
Is there a plan to create a more Recent Celerra Error Messages Guide?
Hello Guys,
I was trying to solve my own issues and I went to the Celerra documentation repository on Powerlink only to find that the most recent "Celerra Network Server Error Messages Guide" was for DART 5.5.22. Are there any plans to release a version of the software that applies to DART 5.6.x?
Thanks,
Ayo
bergec
275 Posts
0
May 18th, 2010 11:00
When you test that eicar file, do you copy only one file at the time or multiple files (let's say 10 at the time), and does it "sometimes" detect it (or always return an "access denied" message?
Any possibility you can install "all 64 bits"
Claude
AAdedipe
44 Posts
0
May 18th, 2010 11:00
Hello Karl,
Our environment is not as large but it is very distrubuted. I'm trying to bring up a cava environment in a remote location but they use core infrastructure (ie McAfee) so the only thing different about this case is that our servers are running in Win2k8. The settings are the same as teh other environments they are just modified for the hosts in the new location. The logs you request are as follows:
2010-05-18 11:18:01: VC: 3: 32: Server 'xxx.xxx.xx.29' returned error 'ACCESS_DENIED' when checking file '\Temp\root\eicar.com'
2010-05-18 11:18:38: VC: 3: 32: Server 'xxx.xxx.xx.28' returned error 'ACCESS_DENIED' when checking file '\Temp\root\eicar.com'
2010-05-18 11:19:01: VC: 3: 32: Server 'xxx.xxx.xx.28' returned error 'ACCESS_DENIED' when checking file '\Temp\root\Ooogbiebookjasdfasdf\eicar.com'
These tests prove that CAVA is using both the virus checker servers that I deployed but I'm unsure why it isn't doing its job and marking the files as virus found. If it is infact a McAfee issue where would I check since I'm not an AV administrator.
Thanks,
Ayo
umichklewis_ac7b91
300 Posts
0
May 18th, 2010 11:00
I'm in a similar boat - I'm the storage admin, who got roped into learning (way too much) about McAfee. I wish I could be helpful about your masks, but
everyone has their own theory, practice or policy. Some folks here exclude many, many file types. Others, don't exclude much of anything - like me:
1 File Mask(s):
*.*
6 Excluded File(s):
*.TMP ???????? *JOURNAL *.DOTM *.LNK *SQLITE
Basically, I scan just about everything, but I have seven CAVA servers - it's always a trade off. In my environment, we mount user home directories for almost 8000 users. Users are free download whatever, build applications, etc, so ignoring certain filetypes isn't really something we chose to do. We don't exclude Microsoft Office filetypes, since they can contain every payload known to man.
The ACCESS_DENIED makes me wonder if you're having trouble communicating with your DC. If this a hard error or does it only occur with a scan? Can you paste the message from the log (including any SMB errors around the same time)? Have you checked the firewall settings on both of your CAVA servers? Are they identical? If not, check the exceptions or try disabling the firewall on the failing box briefly.
Also, what version of CEE are you running? Do you have the ability to bring up another CAVA server for testing? I had to run 4.5.1, 4.5.2 and 4.5.2.2 to figure out that 4.5.1 just didn't like the 2008 R2 firewall rules I'd set.
Thanks!
Karl
AAdedipe
44 Posts
0
May 18th, 2010 12:00
Karl,
You're a genius! It appears that CAVA is worknig as expected and the issue is because McAfee can't rename the files. I'm unsure if the rename problem is because McAfee treats the EICAR file differently or if its because of the option you specified in the post above.
What I did to test CAVA functionality, was that I placed the EICAR test file on a share in our "tested and working" CAVA environment and I got the same error so it led me to believe that CAVA is functioning albiet not giving the expected result. I was expecting to get a McAfee popup on the EICAR test file but that doesn't seem to be the case.
I'll continue to investigate and post my findings.
Thanks,
Ayo
umichklewis_ac7b91
300 Posts
0
May 18th, 2010 12:00
I'm glad I could help - I don't know how I remembered that, it just popped in there! If you'd like to help me out, please forward a message to my boss titled "Karl deserves a raise" with the subject "Karl is a genius".
In all seriousness, please keep testing and let me know your findings. I think this is worth a sticky or getting put into some documentation somewhere - we can't be the only two McAfee-CAVA users who've run into this...
Thanks!
Karl
bergec
275 Posts
0
May 18th, 2010 12:00
Good catch, congratulations!
Claude
Rainer_EMC
8.6K Posts
0
May 21st, 2010 08:00
correction: Windows 2008 is indeed available as 32 bit
from Windows 2008R2 its 64 bit only
Microsoft has announced a while ago that any newer server OS or server applications (like Exchange 2010) will only be available in 64 bit versions
Rainer