JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11.1 Administration: Security Services     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

About Virus Scanning

About the Vscan Service

Using the Vscan Service (Tasks)

How to Enable Virus Scanning on a File System

How to Enable the Vscan Service

How to Add a Scan Engine

How to View Vscan Properties

How to Change Vscan Properties

How to Exclude Files From Virus Scans

5.  Controlling Access to Devices (Tasks)

6.  Verifying File Integrity by Using BART (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Using Pluggable Authentication Modules

15.  Using Secure Shell

16.  Secure Shell (Reference)

17.  Using Simple Authentication and Security Layer

18.  Network Services Authentication (Tasks)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Glossary

Index

Using the Vscan Service (Tasks)

Scanning files for viruses is available when the following requirements are met:

The following table points to the tasks you perform to set up the vscan service.

Task
Description
For Instructions
Install a scan engine.
Installs and configures one or more of the supported third-party products listed in Table 4-1.
See the product documentation.
Enable the file system to allow virus scans.
Enables virus scans on a ZFS file system. By default, scans are disabled.
Enable the vscan service.
Starts the scan service.
Add a scan engine to the vscan service.
Includes specific scan engines in the vscan service.
Configure the vscan service.
Views and changes vscan properties.
Configure the vscan service for specific file types.
Specifies the file types to include and exclude in a scan.

How to Enable Virus Scanning on a File System

Use the file system command to allow virus scans of files. For example, to include a ZFS file system in a virus scan, use the zfs(1M) command.

The ZFS file system allows some administrative tasks to be delegated to specific users. For more information about delegated administration, see Chapter 8, Oracle Solaris ZFS Delegated Administration, in Oracle Solaris 11.1 Administration: ZFS File Systems.

Before You Begin

You must become an administrator who is assigned the ZFS File System Management or the ZFS Storage Management rights profile. For more information, see How to Use Your Assigned Administrative Rights.

How to Enable the Vscan Service

Before You Begin

You must become an administrator who is assigned the VSCAN Management rights profile. For more information, see How to Use Your Assigned Administrative Rights.

How to Add a Scan Engine

Before You Begin

You must become an administrator who is assigned the VSCAN Management rights profile. For more information, see How to Use Your Assigned Administrative Rights.

How to View Vscan Properties

Before You Begin

You must become an administrator who is assigned the VSCAN Management rights profile. For more information, see How to Use Your Assigned Administrative Rights.

How to Change Vscan Properties

You can change the properties of a particular scan engine and the general properties of the vscan service. Many scan engines limit the size of the files they scan, so the vscan service's max-size property must be set to a value less than or equal to the scan engine's maximum allowed size. You then define whether files that are larger than the maximum size, and therefore not scanned, are accessible.

Before You Begin

You must become an administrator who is assigned the VSCAN Management rights profile. For more information, see How to Use Your Assigned Administrative Rights.

  1. View the current properties by using the vscanadm show command.
  2. Set the maximum size for virus scans to, for example, 128 megabytes.
    # vscanadm set -p max-size=128M
  3. Specify that access is denied to any file that is not scanned due to its size.
    # vscanadm set -p max-size-action=deny

    For more information, see the vscanadm(1M) man page.

How to Exclude Files From Virus Scans

When you enable antivirus protection, you can specify that all files of specific types are excluded from the virus scan. Because the vscan service affects the performance of the system, you can conserve system resources by targeting specific file types for virus scans.

Before You Begin

You must become an administrator who is assigned the VSCAN Management rights profile. For more information, see How to Use Your Assigned Administrative Rights.

  1. View the list of all file types that are included in the virus scan.
    # vscanadm get -p types
  2. Specify the types of files to be scanned for virus:
    • Exclude a specific file type, for example the JPEG type, from the virus scan.
      # vscanadm set -p types=-jpg,+*
    • Include a specific file type, for example executable files, in the virus scan.
      # vscanadm set -p types=+exe,-*

    For more information, see the vscanadm(1M) man page.