Using the Vscan Service

Scanning files for viruses is available when the following requirements are met:

At least one scan engine is installed and configured.
The files reside on a file system that supports virus scanning.
Virus scanning is enabled on the file system.
The vscan service is enabled.
The vscan service is configured to scan files of the specified file type.

The following table points to the tasks you perform to set up the vscan service.

Task	Description	For Instructions
Install a scan engine.	Installs and configures one or more of the supported third-party products listed in Table 4-1.	See the product documentation.
Enable the file system to allow virus scans.	Enables virus scans on a ZFS file system. By default, scans are disabled.	How to Enable Virus Scanning on a File System
Enable the vscan service.	Starts the scan service.	How to Enable the Vscan Service
Add a scan engine to the vscan service.	Includes specific scan engines in the vscan service.	How to Add a Scan Engine
Configure the vscan service.	Views and changes vscan properties.	How to View Vscan Properties How to Change Vscan Properties
Configure the vscan service for specific file types.	Specifies the file types to include and exclude in a scan.	How to Exclude Files From Virus Scans

How to Enable Virus Scanning on a File System

Use the file system command to allow virus scans of files. For example, to include a ZFS file system in a virus scan, use the zfs(1M) command.

Before You Begin

You must be assigned the ZFS File System Management or the ZFS Storage Management rights profile.

Become an administrator.
For information about becoming an administrator, see How to Obtain Administrative Rights.
The ZFS file system allows some administrative tasks to be delegated to specific users. For more information about Delegated Administration, see Oracle Solaris ZFS Administration Guide.
Enable virus scanning on a ZFS file system, for example, pool/volumes/vol1.
```
# zfs set vscan=on path/pool/volumes/vol1
```

How to Enable the Vscan Service

Before You Begin

You must be assigned the VSCAN Management rights profile.

Become an administrator with the required security attributes.
For more information, see How to Obtain Administrative Rights.
Use the svcadm(1M) command to enable virus scanning.
```
# svcadm enable vscan
```

How to Add a Scan Engine

Before You Begin

You must be assigned the VSCAN Management rights profile.

Become an administrator with the required security attributes.
For more information, see How to Obtain Administrative Rights.
To add a scan engine to the vscan service with default properties, type:
```
#vscanadm add-engine engine_ID
```
See the man page for the vscanadm(1M) command for a description of the command.

How to View Vscan Properties

View the properties of the vscan service, of all scan engines, or of a specific scan engine.
- To view the properties of a particular scan engine, type:
```
# vscanadm get-engine engineID
```
- To view the properties of all scan engines, type:
```
# vscanadm get-engine
```
- To view one of the properties of the vscan service, type:
```
# vscanadm get -p property
```
  where property is one of the parameters described in the man page for the vscanadm(1M) command.
  For example, if you want to see the maximum size of a file that can be scanned, type:
```
# vscanadm get max-size
```

How to Change Vscan Properties

You can change the properties of a particular scan engine and the general properties of the vscan service. Many scan engines limit the size of the files they scan, so the vscan service's max-size property must be set to a value less than or equal to the scan engine's maximum allowed size. You then define whether files that are larger than the maximum size, and therefore not scanned, are accessible.

Before You Begin

You must be assigned the VSCAN Management rights profile.

Become an administrator with the required security attributes.
For more information, see How to Obtain Administrative Rights.
View the current properties by using the vscanadm show command.
Set the maximum size for virus scans to, for example, 128 megabytes.
```
# vscanadm set -p max-size=128M
```
Specify that access is denied to any file that is not scanned due to its size.
```
# vscanadm set -p max-size-action=deny
```
See the man page for the vscanadm(1M) command for a description of the command.

How to Exclude Files From Virus Scans

When you enable antivirus protection, you can specify that all files of specific types are excluded from the virus scan. Because the vscan service affects the performance of the system, you can conserve system resources by targeting specific file types for virus scans.

Before You Begin

You must be assigned the VSCAN Management rights profile.

Become an administrator with the required security attributes.
For more information, see How to Obtain Administrative Rights.
View the list of all file types included in the virus scan.
```
# vscanadm get -p types
```
Specify the types of files to be scanned for virus:
- Exclude a specific file type, for example the JPEG type, from the virus scan.
```
# vscanadm set -p types=-jpg,+*
```
- Include a specific file type, for example executable files, in the virus scan.
```
# vscanadm set -p types=+exe,-*
```
For more information, see the vscanadm(1M) man page.

Skip Navigation Links
Exit Print View
	System Administration Guide: Security Services Oracle Solaris 11 Express 11/10