Some infected files are not deleted by Symantec AntiVirus for Network Attached Storage 5.x when used with a NetApp Filer

Article:TECH123891  |  Created: 2010-01-12  |  Updated: 2012-04-17  |  Article URL
Article Type
Technical Solution


Some files that are detected as infected by Symantec AntiVirus for Network Attached Storage 5.x, with the scan policy set to "scan and repair and delete", are not deleted off of the NetApp Filer by SAV for NAS

The Scan Engine log reports that the file in question was caught as infected but instead of listing the file Status as DELETED, Scan Engine reports NOT REPAIRED.



Infected files have the attribute set as "read only" By default, Scan Engine will not repair or delete infected files which have the Read Only file attribute set.

This could be caused by the Symantec AntiVirus for Network Attached Storage 5.x HonorReadOnly parameter.  By default SAV for NAS 5.x does not delete infected files that are read-only.  If the file we reported infected was read-only, SAV for NAS would not delete the file.  Rather SAV for NAS would report to the NetApp Filer that the file was infected, so that the Filer would block clients from accessing the file and we would log that we could not repair the file.  Since deleting was not an with HonorReadOnly set to true. 


To set the HonorReadOnly flag to false within Symantec Scan Engine (SAV for NAS) 5.x

  1. At the command line, navigate to the installation location of Scan Engine.
  2. At the command line, type the following command:
    java -jar xmlmodifier.jar -s /policies/Misc/HonorReadOnly/@value false policy.xml
  3. Restart the Symantec Scan Engine (SAV for NAS) service to make the change effective

Technical Information
How to configure SAV for NAS 5.x for use with NetApp File 

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices