test

System Administration Guide: Security Services

ProcedureHow to Change Vscan Properties

You can change the properties of a particular scan engine and the general properties of the vscan service. Many scan engines limit the size of the files they scan, so the vscan service's max-size property must be set to a value less than or equal to the scan engine's maximum allowed size. You then define whether files that are larger than the maximum size, and therefore not scanned, are accessible.

  1. Use the “VSCAN Management” RBAC profile to obtain the authorizations needed for managing the vscan service.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).

  2. View the current properties by using the vscanadm show command.

  3. Set the maximum size for virus scans to, for example, 128 megabytes.


    # vscanadm set -p max-size=128M

  4. Specify that access is denied to any file that is not scanned due to its size.


    # vscanadm set -p max-size-action=deny

    See the manpage for the vscanadm(1M) command for a description of the command.