Using Kaspersky Scan Engine in ICAP mode with Dell EMC Isilon

You can configure Kaspersky Scan Engine to work with Dell EMC Isilon. For convenience, this process is separated into several steps.

The instruction below applies to Dell EMC Isilon 9.1. For information about the interfaces of other versions, see Dell EMC Isilon documentation.

Step I. Configuring Kaspersky Scan Engine

To configure Kaspersky Scan Engine:

  1. Allow Kaspersky Scan Engine to send the 204 No Content HTTP status code by doing one of the following:
  2. Enable scanning of files in the response modification mode (RESPMOD) by doing one of the following:
  3. Set the address that Kaspersky Scan Engine uses to process responses in RESPMOD to avscan by doing one of the following:

Step II. Configuring Dell EMC Isilon

To configure Dell EMC Isilon:

  1. In the Dell OneFS web administration interface, go to Data Protection > Antivirus > ICAP.

    "ICAP" tab and its elements: Policies, Detected threats, Servers, Settings.

    The ICAP tab

  2. In the Servers area, click Add Server.

    The Add ICAP antivirus server dialog box appears.

  3. In the Add ICAP antivirus server dialog box, do the following:
    1. In the Server URL field, type the address Kaspersky Scan Engine: icap://%KSE_IP%:1344/avscan. Here %KSE_IP% is the IPv4 address.
    2. In the Server name field, type the name for the server, for example KasperskyScanEngine.
    3. Click Add Server.

    "Add ICAP antivirus server" dialog box. Server URL = icap://hidden IP:1344/avscan, Server name = KasperskyScanEngine, Enable this server checkbox is on.

    The Add ICAP antivirus server dialog box

  4. In the Settings area, specify the following:
    1. The action on detection. For example, you can choose Attempt to truncate file when threat is found.
    2. Optionally, you can specify the maximum size of the files to scan. The default value is 2 GB.
    3. Optionally, you can specify the path prefixes. Path prefixes are the paths in the filesystem that will trigger scanning when files are added to them.
    4. Optionally, you can specify the filters for object names. Filters for object names define objects that should or should not be scanned in On-Access mode.
    5. Optionally, you can enable the Enable scan of files on open, Enable file access when scanning fails, and Enable scan of files on closed settings.
    6. Optionally, configure scan report retention.
    7. Click Submit.

    All Scans. Action on detection = Attempt to truncate file when a threat is found, Maximum filescan size = 2 GB. Selected options for On access scans: Enable scan of files on open, Enable file access when scanning fails, Enable scan of files on close.

    The All scans dialog box

  5. Click Switch antivirus service.
  6. Turn on Switch ICAP antivirus.
  7. Click Confirm.

Schedule scanning

You can configure scanning schedule to scan your storage on a regular basis.

To configure scanning schedule:

  1. In the Dell OneFS web administration interface, go to Data protection > Antivirus > ICAP > Policies.
  2. Click the Create an antivirus policy.

    The Create a policy dialog box appears.

    "Create a policy" dialog box. Antivirus policy is enabled. Policy name = ScanEngineRegularScan, Paths = /ifs/home/ftp/incoming, Recursion depth = Full recursion. Impact Policy = DEFAULT, Scheduled daily at 12:00 AM.

    The Create a policy dialog box

  3. Select the Enable antivirus policy check box.
  4. Specify the name of the policy in the Policy name text field.
  5. Enter the description of the policy in the Description text field.
  6. Add paths to the directories that you want to scan.
  7. Optionally, you can set a limit on the recursion depth in the Recursion depth section, but this is not recommended.
  8. Specify the impact policy settings:
    1. Optionally, you can select Enable force run of policy regardless of impact policy, but this is not recommended.
    2. Select the DEFAULT impact policy from the Impact Policy drop-down list.
  9. Select the Scheduled radio button.
  10. Specify the scheduling settings:
    1. Choose the interval for running the policy.
    2. Configure the policy to run at the desired time.
  11. Click Submit.

Reviewing the detect objects

To review the detected objects,

In the Dell OneFS web administration interface, go to Data Protection > Antivirus > ICAP > Detected Threats.

Detected objects table. Columns: Name, Path, Remediation, Policy, Detected (date and time), Actions.

The list of detected objects

This is the list of files that were quarantined or truncated, along with the name of the detected object, file path, remediation method, policy, and timestamp.

Click the View details button next to a detected object to view the detailed information.

To restore a file from the list and allow user access to it:

  1. Click the More drop-down list.
  2. Select Release file.

Recommendations

You must configure at least one copy of Kaspersky Scan Engine to provide virus scanning for each Isilon cluster. In a typical environment, a minimum of two Kaspersky Scan Engine instances are required to handle a NAS server. Having only one instance can cause denial of file access, in which case the instance does not respond. Isilon clusters handle load balancing across multiple Kaspersky Scan Engine instances automatically.

All Kaspersky Scan Engine instances that are registered with an Isilon cluster must have identical configurations.

Page top