Hi
Today i have installed both Sophos Enterprise Console 4.5.0.9 and Sophos A/V for Netapp 1.0.1 in an effort to build a solution for my filer A/V issues. So far so good, Trial setup is hooked up to my filer, i can see 100710 open file requests, avg scans p/min 140 etc.
So far ive received one auto email explaining 2 files have been cleaned, fantastic, looking like a product i'll pickup for the long term. My question is around the error reporting. All i can manage to generate from the canned reports is basically the time / virus type, it doesnt explain the files that were infected, from which client machine etc. If i check the sav.txt log i can see which files were cleaned etc which is great but i really need to try and determine who was requesting the file when it was picked up as infected (which would lead me to do further cleans on the client). At the moment the a/v server is the client being reported - which makes sense as it was the one that cleaned it, but not the client that requested it.
I understand how the basic NetApp A/V system works ... a request is made for a file, the filer shoots the file to the a/v server, if an infected file can be cleaned it is and passed onto the user, if not its quarantined, same but in reverse for files being saved to the filer. The a/v server essentially works as a scanning proxy. Hopefully the requester is tagged somewhere in this process? Surely must be, how else would the file make it to the destination?
Any tips would be appreciated.
Cheers - Ben
This thread was automatically locked due to age.