Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 11 Express 11/10 |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
How to Enable Virus Scanning on a File System
How to Enable the Vscan Service
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Oracle Solaris Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
Scanning files for viruses is available when the following requirements are met:
At least one scan engine is installed and configured.
The files reside on a file system that supports virus scanning.
Virus scanning is enabled on the file system.
The vscan service is enabled.
The vscan service is configured to scan files of the specified file type.
The following table points to the tasks you perform to set up the vscan service.
|
Use the file system command to allow virus scans of files. For example, to include a ZFS file system in a virus scan, use the zfs(1M) command.
You must be assigned the ZFS File System Management or the ZFS Storage Management rights profile.
For information about becoming an administrator, see How to Obtain Administrative Rights.
The ZFS file system allows some administrative tasks to be delegated to specific users. For more information about Delegated Administration, see Oracle Solaris ZFS Administration Guide.
# zfs set vscan=on path/pool/volumes/vol1
You must be assigned the VSCAN Management rights profile.
For more information, see How to Obtain Administrative Rights.
# svcadm enable vscan
You must be assigned the VSCAN Management rights profile.
For more information, see How to Obtain Administrative Rights.
#vscanadm add-engine engine_ID
See the man page for the vscanadm(1M) command for a description of the command.
# vscanadm get-engine engineID
# vscanadm get-engine
# vscanadm get -p property
where property is one of the parameters described in the man page for the vscanadm(1M) command.
For example, if you want to see the maximum size of a file that can be scanned, type:
# vscanadm get max-size
You can change the properties of a particular scan engine and the general properties of the vscan service. Many scan engines limit the size of the files they scan, so the vscan service's max-size property must be set to a value less than or equal to the scan engine's maximum allowed size. You then define whether files that are larger than the maximum size, and therefore not scanned, are accessible.
You must be assigned the VSCAN Management rights profile.
For more information, see How to Obtain Administrative Rights.
# vscanadm set -p max-size=128M
# vscanadm set -p max-size-action=deny
See the man page for the vscanadm(1M) command for a description of the command.
When you enable antivirus protection, you can specify that all files of specific types are excluded from the virus scan. Because the vscan service affects the performance of the system, you can conserve system resources by targeting specific file types for virus scans.
You must be assigned the VSCAN Management rights profile.
For more information, see How to Obtain Administrative Rights.
# vscanadm get -p types
# vscanadm set -p types=-jpg,+*
# vscanadm set -p types=+exe,-*
For more information, see the vscanadm(1M) man page.