Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

AAdedipe

44 Posts

4264

May 12th, 2010 14:00

Is there a plan to create a more Recent Celerra Error Messages Guide?

Hello Guys,

I was trying to solve my own issues and I went to the Celerra documentation repository on Powerlink only to find that the most recent "Celerra Network Server Error Messages Guide" was for DART 5.5.22. Are there any plans to release a version of the software that applies to DART 5.6.x?

Thanks,

Ayo

bergec

275 Posts

May 18th, 2010 11:00

When you test that eicar file, do you copy only one file at the time or multiple files (let's say 10 at the time), and does it "sometimes" detect it (or always return an "access denied" message?

Any possibility you can install "all 64 bits"

Claude

AAdedipe

44 Posts

May 18th, 2010 11:00

Hello Karl,

Our environment is not as large but it is very distrubuted. I'm trying to bring up a cava environment in a remote location but they use core infrastructure (ie McAfee)  so the only thing different about this case is that our servers are running in Win2k8. The settings are the same as teh other environments they are just modified for the hosts in the new location. The logs you request are as follows:

2010-05-18 11:18:01: VC: 3: 32: Server 'xxx.xxx.xx.29' returned error 'ACCESS_DENIED' when checking file '\Temp\root\eicar.com'
2010-05-18 11:18:38: VC: 3: 32: Server 'xxx.xxx.xx.28' returned error 'ACCESS_DENIED' when checking file '\Temp\root\eicar.com'
2010-05-18 11:19:01: VC: 3: 32: Server 'xxx.xxx.xx.28' returned error 'ACCESS_DENIED' when checking file '\Temp\root\Ooogbiebookjasdfasdf\eicar.com'

These tests prove that CAVA is using both the virus checker servers that I deployed but I'm unsure why it isn't doing its job and marking the files as virus found. If it is infact a McAfee issue where would I check since I'm not an AV administrator.

Thanks,

Ayo

umichklewis_ac7b91

300 Posts

May 18th, 2010 11:00

I'm in a similar boat - I'm the storage admin, who got roped into learning (way too much) about McAfee.  I wish I could be helpful about your masks, but

everyone has their own theory, practice or policy.  Some folks here exclude many, many file types.  Others, don't exclude much of anything - like me:

1 File Mask(s):
*.*
6 Excluded File(s):
*.TMP ???????? *JOURNAL *.DOTM *.LNK *SQLITE

Basically, I scan just about everything, but I have seven CAVA servers - it's always a trade off.  In my environment, we mount user home directories for almost 8000 users.  Users are free download whatever, build applications, etc, so ignoring certain filetypes isn't really something we chose to do.  We don't exclude Microsoft Office filetypes, since they can contain every payload known to man.

The ACCESS_DENIED makes me wonder if you're having trouble communicating with your DC.  If this a hard error or does it only occur with a scan?  Can you paste the message from the log (including any SMB errors around the same time)?  Have you checked the firewall settings on both of your CAVA servers?  Are they identical?  If not, check the exceptions or try disabling the firewall on the failing box briefly.

Also, what version of CEE are you running?  Do you have the ability to bring up another CAVA server for testing?  I had to run 4.5.1, 4.5.2 and 4.5.2.2 to figure out that 4.5.1 just didn't like the 2008 R2 firewall rules I'd set.

Thanks!

Karl

AAdedipe

44 Posts

May 18th, 2010 12:00

Karl,

You're a genius! It appears that CAVA is worknig as expected and the issue is because McAfee can't rename the files. I'm unsure if the rename problem is because McAfee treats the EICAR file differently or if its because of the option you specified in the post above.

What I did to test CAVA functionality, was that I placed the EICAR test file on a share in our "tested and working" CAVA environment and I got the same error so it led me to believe that CAVA is functioning albiet not giving the expected result.  I was expecting to get a McAfee popup on the EICAR test file but that doesn't seem to be the case.

I'll continue to investigate and post my findings.

Thanks,

Ayo

umichklewis_ac7b91

300 Posts

May 18th, 2010 12:00

I'm glad I could help - I don't know how I remembered that, it just popped in there!  If you'd like to help me out, please forward a message to my boss titled "Karl deserves a raise" with the subject "Karl is a genius".

In all seriousness, please keep testing and let me know your findings.  I think this is worth a sticky or  getting put into some documentation somewhere - we can't be the only two McAfee-CAVA users who've run into this...

Thanks!

Karl

bergec

275 Posts

May 18th, 2010 12:00

Good catch, congratulations!

Claude

Rainer_EMC

8.6K Posts

May 21st, 2010 08:00

Rainer wrote:

AFAIK Windows 2008 is always 64 bit ...

correction: Windows 2008 is indeed available as 32 bit

from Windows 2008R2 its 64 bit only

Microsoft has announced a while ago that any newer server OS or server applications (like Exchange 2010) will only be available in 64 bit versions

Rainer

View More

View All

No Events found!

Top