VNX: CAVA error VC: 3: 32: Server 'x.x.x.x' returned error 'FAIL' when checking file
Zhrnutie: Errors in data mover logs indicate that the VC service failed to scan a file
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Symptómy
While virus checking is running, in the logs an error indicating that the VC service has failed to check it:
2016-03-29 11:38:44: VC: 3: 32: Server 'x.x.x.x' returned error 'FAIL' when checking file '\root_vdm_id\mount_path\filename.ext'
Príčina
The 'FAIL' message occurs when a scan request is opened (the VC service on the data mover sends a request to the CAVA servers) and when the CAVA server tries to open it the file is not found. This means that the file was deleted before it could be scanned. There are some scenarios where this could happen:
- One way this occurs is if the file was a cookie, temporary file, or lock file. Microsoft office, for example, creates temporary files that follow the format ~$<original_filename.xxxx>. These files normally disappear when the file is saved or closed, and if this happens quickly the file can disappear before it has a chance to be scanned, leading to the FAIL message in the data mover log. The filenames that are failing scans usually identify this as the source of the issue.
- Another way this can occur is if the file has a special 'disposition' on it. In SMB and SMB2 the user can set a disposition 'delete on close' when opening a file. If the file that is referred for scanning is opened by another user with this disposition set, the file is deleted before it can be scanned, leading to the FAIL message in the data mover logs. This option can be seen in packet traces by looking at SMB 'Create' or 'SetInfo' calls, but will be set by the user doing the deleting, and probably not the CAVA servers. This can make things difficult because normal traffic must be monitored (not just the AV server) to determine who is setting the flag.
Riešenie
The best resolution is to stop what is deleting the file (the external users deleting the file). This may mean disabling the use of temp files in office, or storing other temp files or cookies to a local directory instead of a shared one. If this cannot be done, then alter viruschecker.conf to exclude these types of files from being checked by altering the 'excl' line to exclude ~$*.* (for office files), *.tmp or any other extension that may be causing these errors.
viruschecker.conf:
CIFSserver=<CIFS server on data mover>
addr=<configured CAVA servers>
excl=~$*.*:*.accdb:*.laccdb:*.ldb:*.mdb:*.pst:*.tmp:????????
masks=*.*
shutdown=viruschecking
viruschecker.conf:
CIFSserver=<CIFS server on data mover>
addr=<configured CAVA servers>
excl=~$*.*:*.accdb:*.laccdb:*.ldb:*.mdb:*.pst:*.tmp:????????
masks=*.*
shutdown=viruschecking
Ďalšie informácie
Additional resources:
https://wiki.wireshark.org/SMB2/SMB2_FILE_DISPOSITION_INFO 
(SMB2_FILE_DISPOSITION_INFO addresses 'delete on close') feature
Dotknuté produkty
VNX1 SeriesProdukty
Celerra, VNX1 Series, VNX2 SeriesVlastnosti článku
Číslo článku: 000052379
Typ článku: Solution
Dátum poslednej úpravy: 25 máj 2026
Verzia: 4
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.