Dell Unity:Unity NAS 上的 Eicar 恶意软件测试出现网络错误
Resumen: 用户在 Unity NAS 服务器中使用 Eicar 恶意软件测试进行测试,显示网络错误“访问 \\172.xx.xx.xx\abc (NasIP \testfolder) 时出现问题。”此错误可由用户纠正。
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Síntomas
EICAR反病毒测试文件或EICAR测试文件是由欧洲计算机反病毒研究所(EICAR)和计算机反病毒研究组织(CARO)开发的计算机文件,用于测试计算机反病毒(AV)程序的响应。
用户是 AV 第三方引擎,即 Sophos Central Intercept X。
用户是 AV 第三方引擎,即 Sophos Central Intercept X。
There is a problem accessing \\172.xx.xx.xx\abc (NasIP \testfolder ) You have received this message because an event that has occurred on your Unity system requires your attention. The alert is: "The virus checker server 172.xx.xx.xx has encountered an error and is no longer operational.(Error: OFFLINE, httpStatus: 1006 Connection Disconnected)" The virus checker server 172.xx.xx.xx has encountered an error and is no longer operational.(Error: ERROR_AVINTERFACE)" "No virus checker server is available."
Causa
此错误清楚地表明,在警报的时间范围内,运行第三方 AV 软件和 Cava Agent 的 Windows Server 不可用于提供服务。如果 Unity 设备在其他方面运行状况良好,则问题可能与网络中断或 Windows Server 问题有关,也可能与 AV Services 相关问题。用户或 Windows 管理员必须检查“Windows 警报日志”,以获得明确的根本原因。
Resolución
Unity 中的故障处理步骤:
- 在 Unity 日志位置中搜索:
EMCSystemBackup.log - cd /EMC/C4core/log/ grep -i infect EMCSystemBackup.log grep -i blocked EMCSystemBackup.log c4_safe_ktrace.log – cd /EMC/C4core/log/ grep -i "virus checker" c4_safe_ktrace.log zgrep -i "virus checker" /EMC/C4core/log/c4_safe_ktrace.log*
Uemcli svc_cava 包含 NAS 服务器名称的服务脚本提供 CAVA 版本和防病毒引擎的名称。
Nas server name/IP : OV-xx-x-xxx-xx-001/ 172.xx.xx.xx AV server IP address: 172.xx.xx.xx
命令列表:
Command Usage: svc_cava
svc_cava { <NAS_Server_Name> | ALL }
[-h | --help]
| <no option>
| -stats
| [ -set accesstime={ now | none | [[[[yy]mm]dd]hh]mm[.ss] }]
| [ -fsscan [<fs_mountpath> { -list | -create | -delete } ]
Example : svc_cava -stats
svc_cava nas1 -stats
svc_cava nas1
命令用法:
08:38:39 root@DE4142343780xx spa:/EMC/C4Core/log# svc_cava OV-xxx-x-xxx-xx-001 -stats OV-xxx-x-xxx-xx-001 : commands processed: 1 command(s) succeeded output is complete 1712653384: VC: 5: Total Requests: 0. 1712653384: VC: 5: 1712653384: VC: 5: NO ANSWER from the Virus Checker Servers: 0. 1712653384: VC: 5: ERROR_SETUP: 0. 1712653384: VC: 5: FAIL: 0. 1712653384: VC: 5: TIMEOUT: 0. 1712653384: VC: 5: 1712653384: VC: 5: 0 files in the collector queue. 1712653384: VC: 5: 0 files processed by the AV threads. Command succeeded
- 下载 viruschecker.config 文件并验证是否显示 shutdown=no 或 shutdown=viruschecking:
打开 Unity UI>存储 > NAS 服务器 >安全>防病毒 >检索当前配置(查看文件)
- 更新 viruschecker.conf 值(上传新配置)并应用更改:
# Example: OV-xxx-x-xxx-xx-001
#
masks=*.EXE:*.COM:*.DOC:*.DOT:*.XL?:*.MD?:*.VXD:*.386:*.SYS:*.BIN:*.ppt:*docx:*.rar:*.zip:*.txt
excl=pagefile.sys:*.tmp
# masks=*.RTF:*.OBD:*.DLL:*.SCR:*.OBT:*.PP?:*.POT:*.OLE:*.SHS:*.MPP
# masks=*.MPT:*.XTP:*.XLB:*.CMD:*.OVL:*.DEV
# masks=*.ZIP:*.TAR:*.ARJ:*.ARC:*.Z
addr=172.xx.xx.xx >> AV Server IP address
shutdown=no (update the value to shutdown=viruschecking and upload the viruschecker.conf file to unity GUI)
# Stops SMB/CIFS if no AV machine available.(No Windows clients can access any Unity share)
08:18:51 root@DE414234378xxx spa:/cores/service/user# svc_cava OV-xxx-x-xxx-xx-001
OV-xxx-x-xxx-xx-001: commands processed: 1
command(s) succeeded
output is complete
1712650760: VC: 5: OV-xxx-x-xxx-xx-001: Enabled and Started.
1712650760: VC: 5: 1 Checker IP Address(es):
1712650760: VC: 5: 172.xx.xx.xx ONLINE at Tue Apr 9 08:19:14 2024 (GMT-00:00)
1712650760: VC: 5: HTTP, CAVA version: 8.9.10.0
1712650760: VC: 5: AV Engine: Microsoft Antivirus ( Third party AV Engine )
1712650760: VC: 5: Remediation Window: 30 seconds
1712650760: VC: 5: Server Name: 172.xx.xx.xx
1712650760: VC: 5: Last time signature updated: Tue Apr 9 05:29:36 2024 (GMT-00:00)
1712650760: VC: 5:
1712650760: VC: 5: 15 File Mask(s):
1712650760: VC: 5: *.EXE *.COM *.DOC *.DOT *.XL? *.MD? *.VXD *.386 *.SYS *.BIN *.PPT *DOCX *.RAR
1712650760: VC: 5: *.ZIP *.TXT
1712650760: VC: 5: 2 Excluded File(s):
1712650760: VC: 5: PAGEFILE.SYS *.TMP
1712650760: VC: 5: Share \\ov-yml-p-ser-fs-001.yoma.com.mm\CHECK$.
1712650760: VC: 5: RPC request timeout=25000 milliseconds.
1712650760: VC: 5: RPC retry timeout=5000 milliseconds.
1712650760: VC: 5: High water mark=200.
1712650760: VC: 5: Low water mark=50.
1712650760: VC: 5: Scan all virus checkers every 10 seconds.
1712650760: VC: 5: When all virus checkers are offline:
1712650760: VC: 5: Continue to work with Virus Checking and CIFS.
1712650760: VC: 5: Scan on read disable.
1712650760: VC: 5: MS-RPC User: OV-xxx-x-xxx-xx-001-FS$
1712650760: VC: 5: MS-RPC ClientName: ov-xxx-x-xxx-xx-001.abc
Command succeeded
更改网络 IP 后,问题已解决,CAVA 开始正常工作。
建议故障处理:
- 确认 viruschecker.conf 设置。(shutdown=viruschecking)
- 确认 CAVA 服务正在使用 AV 用户帐户运行。
- 确认已安装的防病毒(Sophos、TrendMicro、McAfee 等)服务正在使用本地系统帐户运行。
-
确认 AV 用户是每台 AV 服务器上的本地管理员组的成员。
-
确认防病毒软件和 CEE 已按照正确的顺序安装,首先是 CEE,然后是防病毒软件
-
重新启动 CAVA 服务
-
重新启动 AV 服务器一次
-
确认 CAVA 服务器只有一个网络接口。
-
与用户确认客户端计算机是否分配了与 NAS 服务器相同或不同的网络 IP(始终建议它位于同一网络中)
1712650760: VC: 5: HTTP, CAVA version: 8.9.10.0 1712650760: VC: 5: AV Engine: Microsoft Antivirus ( Third party AV Engine )
最佳实践:
- 请勿设置策略 VirusChecking=No,因为这可能会导致线程受阻,这不被视为最佳实践。
- 不要使用单个 AV 服务器,因为不建议这样做。
- 不要将单个 AV 服务器用于多个平台,因为不建议这样做,应视为不受支持。
如果问题仍然存在,用户必须联系第三方防病毒供应商支持以获得进一步的帮助。
Información adicional
Productos afectados
Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity FamilyPropiedades del artículo
Número del artículo: 000224432
Tipo de artículo: Solution
Última modificación: 16 oct 2025
Versión: 3
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.