Dell Unity:Unity NAS 上的 Eicar 恶意软件测试出现网络错误
Summary: 用户在 Unity NAS 服务器中使用 Eicar 恶意软件测试进行测试,显示网络错误“访问 \\172.xx.xx.xx\abc (NasIP \testfolder) 时出现问题。”此错误可由用户纠正。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
EICAR反病毒测试文件或EICAR测试文件是由欧洲计算机反病毒研究所(EICAR)和计算机反病毒研究组织(CARO)开发的计算机文件,用于测试计算机反病毒(AV)程序的响应。
用户是 AV 第三方引擎,即 Sophos Central Intercept X。
用户是 AV 第三方引擎,即 Sophos Central Intercept X。
There is a problem accessing \\172.xx.xx.xx\abc (NasIP \testfolder ) You have received this message because an event that has occurred on your Unity system requires your attention. The alert is: "The virus checker server 172.xx.xx.xx has encountered an error and is no longer operational.(Error: OFFLINE, httpStatus: 1006 Connection Disconnected)" The virus checker server 172.xx.xx.xx has encountered an error and is no longer operational.(Error: ERROR_AVINTERFACE)" "No virus checker server is available."
Cause
此错误清楚地表明,在警报的时间范围内,运行第三方 AV 软件和 Cava Agent 的 Windows Server 不可用于提供服务。如果 Unity 设备在其他方面运行状况良好,则问题可能与网络中断或 Windows Server 问题有关,也可能与 AV Services 相关问题。用户或 Windows 管理员必须检查“Windows 警报日志”,以获得明确的根本原因。
Resolution
Unity 中的故障处理步骤:
- 在 Unity 日志位置中搜索:
EMCSystemBackup.log - cd /EMC/C4core/log/ grep -i infect EMCSystemBackup.log grep -i blocked EMCSystemBackup.log c4_safe_ktrace.log – cd /EMC/C4core/log/ grep -i "virus checker" c4_safe_ktrace.log zgrep -i "virus checker" /EMC/C4core/log/c4_safe_ktrace.log*
Uemcli svc_cava 包含 NAS 服务器名称的服务脚本提供 CAVA 版本和防病毒引擎的名称。
Nas server name/IP : OV-xx-x-xxx-xx-001/ 172.xx.xx.xx AV server IP address: 172.xx.xx.xx
命令列表:
Command Usage: svc_cava
svc_cava { <NAS_Server_Name> | ALL }
[-h | --help]
| <no option>
| -stats
| [ -set accesstime={ now | none | [[[[yy]mm]dd]hh]mm[.ss] }]
| [ -fsscan [<fs_mountpath> { -list | -create | -delete } ]
Example : svc_cava -stats
svc_cava nas1 -stats
svc_cava nas1
命令用法:
08:38:39 root@DE4142343780xx spa:/EMC/C4Core/log# svc_cava OV-xxx-x-xxx-xx-001 -stats OV-xxx-x-xxx-xx-001 : commands processed: 1 command(s) succeeded output is complete 1712653384: VC: 5: Total Requests: 0. 1712653384: VC: 5: 1712653384: VC: 5: NO ANSWER from the Virus Checker Servers: 0. 1712653384: VC: 5: ERROR_SETUP: 0. 1712653384: VC: 5: FAIL: 0. 1712653384: VC: 5: TIMEOUT: 0. 1712653384: VC: 5: 1712653384: VC: 5: 0 files in the collector queue. 1712653384: VC: 5: 0 files processed by the AV threads. Command succeeded
- 下载 viruschecker.config 文件并验证是否显示 shutdown=no 或 shutdown=viruschecking:
打开 Unity UI>存储 > NAS 服务器 >安全>防病毒 >检索当前配置(查看文件)
- 更新 viruschecker.conf 值(上传新配置)并应用更改:
# Example: OV-xxx-x-xxx-xx-001
#
masks=*.EXE:*.COM:*.DOC:*.DOT:*.XL?:*.MD?:*.VXD:*.386:*.SYS:*.BIN:*.ppt:*docx:*.rar:*.zip:*.txt
excl=pagefile.sys:*.tmp
# masks=*.RTF:*.OBD:*.DLL:*.SCR:*.OBT:*.PP?:*.POT:*.OLE:*.SHS:*.MPP
# masks=*.MPT:*.XTP:*.XLB:*.CMD:*.OVL:*.DEV
# masks=*.ZIP:*.TAR:*.ARJ:*.ARC:*.Z
addr=172.xx.xx.xx >> AV Server IP address
shutdown=no (update the value to shutdown=viruschecking and upload the viruschecker.conf file to unity GUI)
# Stops SMB/CIFS if no AV machine available.(No Windows clients can access any Unity share)
08:18:51 root@DE414234378xxx spa:/cores/service/user# svc_cava OV-xxx-x-xxx-xx-001
OV-xxx-x-xxx-xx-001: commands processed: 1
command(s) succeeded
output is complete
1712650760: VC: 5: OV-xxx-x-xxx-xx-001: Enabled and Started.
1712650760: VC: 5: 1 Checker IP Address(es):
1712650760: VC: 5: 172.xx.xx.xx ONLINE at Tue Apr 9 08:19:14 2024 (GMT-00:00)
1712650760: VC: 5: HTTP, CAVA version: 8.9.10.0
1712650760: VC: 5: AV Engine: Microsoft Antivirus ( Third party AV Engine )
1712650760: VC: 5: Remediation Window: 30 seconds
1712650760: VC: 5: Server Name: 172.xx.xx.xx
1712650760: VC: 5: Last time signature updated: Tue Apr 9 05:29:36 2024 (GMT-00:00)
1712650760: VC: 5:
1712650760: VC: 5: 15 File Mask(s):
1712650760: VC: 5: *.EXE *.COM *.DOC *.DOT *.XL? *.MD? *.VXD *.386 *.SYS *.BIN *.PPT *DOCX *.RAR
1712650760: VC: 5: *.ZIP *.TXT
1712650760: VC: 5: 2 Excluded File(s):
1712650760: VC: 5: PAGEFILE.SYS *.TMP
1712650760: VC: 5: Share \\ov-yml-p-ser-fs-001.yoma.com.mm\CHECK$.
1712650760: VC: 5: RPC request timeout=25000 milliseconds.
1712650760: VC: 5: RPC retry timeout=5000 milliseconds.
1712650760: VC: 5: High water mark=200.
1712650760: VC: 5: Low water mark=50.
1712650760: VC: 5: Scan all virus checkers every 10 seconds.
1712650760: VC: 5: When all virus checkers are offline:
1712650760: VC: 5: Continue to work with Virus Checking and CIFS.
1712650760: VC: 5: Scan on read disable.
1712650760: VC: 5: MS-RPC User: OV-xxx-x-xxx-xx-001-FS$
1712650760: VC: 5: MS-RPC ClientName: ov-xxx-x-xxx-xx-001.abc
Command succeeded
更改网络 IP 后,问题已解决,CAVA 开始正常工作。
建议故障处理:
- 确认 viruschecker.conf 设置。(shutdown=viruschecking)
- 确认 CAVA 服务正在使用 AV 用户帐户运行。
- 确认已安装的防病毒(Sophos、TrendMicro、McAfee 等)服务正在使用本地系统帐户运行。
-
确认 AV 用户是每台 AV 服务器上的本地管理员组的成员。
-
确认防病毒软件和 CEE 已按照正确的顺序安装,首先是 CEE,然后是防病毒软件
-
重新启动 CAVA 服务
-
重新启动 AV 服务器一次
-
确认 CAVA 服务器只有一个网络接口。
-
与用户确认客户端计算机是否分配了与 NAS 服务器相同或不同的网络 IP(始终建议它位于同一网络中)
1712650760: VC: 5: HTTP, CAVA version: 8.9.10.0 1712650760: VC: 5: AV Engine: Microsoft Antivirus ( Third party AV Engine )
最佳实践:
- 请勿设置策略 VirusChecking=No,因为这可能会导致线程受阻,这不被视为最佳实践。
- 不要使用单个 AV 服务器,因为不建议这样做。
- 不要将单个 AV 服务器用于多个平台,因为不建议这样做,应视为不受支持。
如果问题仍然存在,用户必须联系第三方防病毒供应商支持以获得进一步的帮助。
Additional Information
Affected Products
Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity FamilyArticle Properties
Article Number: 000224432
Article Type: Solution
Last Modified: 16 Oct 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.