JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle ZFS Storage Appliance Administration Guide
search filter icon
search icon

Document Information

Preface

1.  Introduction

2.  Status

3.  Configuration

4.  Services

Services

Introduction

Data Services

Directory Services

System Settings

Remote Access

Security

BUI

Viewing a Specific Service Screen

Enabling a Service

Disabling a Service

Defining Properties

Viewing Service Logs

CLI

Selecting a Service

Viewing a Service's State

Enabling a Service

Disabling a Service

Setting Properties

Viewing Service Logs

Service Help

NFS

Introduction

Properties

Kerberos Realms

Logs

Analytics

CLI

Tasks

NFS Tasks

iSCSI

Introduction

Properties

Authentication

Authorization

Targets and Initiators

CLI

Tips

Troubleshooting

SMB

Introduction

Properties

Share Properties

NFS/SMB Interoperability

DFS Namespaces

Tasks

SMB Tasks

Example: Manipulating DFS Namespaces

Autohome Rules

Local Groups

Local Accounts

MMC Integration

Event Viewer

Share Management

Users, Groups and Connections

Services

CLI

Adding autohome rules

Adding a user to a local group

Tasks

SMB Tasks

FTP

Introduction

Properties

General Settings

Security Settings

Logs

Tasks

FTP Tasks

HTTP

Introduction

Properties

Authentication and Access Control

Logs

Tasks

HTTP Tasks

NDMP

Introduction

Local vs. Remote Configurations

Backup Formats and Types

Backing up with "dump" and "tar"

Backing up with "zfs"

Incremental backups

Properties

Logs

Remote Replication

Introduction

Shadow Migration

Introduction

Properties

Managing Shadow Migration

SFTP

Introduction

Properties

SFTP Port

Logs

Tasks

SFTP Tasks

SRP

Introduction

Targets and Initiators

CLI

TFTP

Introduction

Properties

Tasks

TFTP Tasks

Virus Scan

Introduction

Properties

File Extensions

Scanning Engines

Logs

Tasks

Virus Scan Tasks

NIS

Introduction

Properties

Logs

Tasks

NIS Tasks

LDAP

Introduction

Properties

Custom Mappings

Logs

Tasks

LDAP Tasks

Active Directory

Introduction

Properties

Join Domain

Join Workgroup

Domains and Workgroups

LDAP Signing

Windows Server 2012 Support

Windows Server 2008 Support

Section A: Kerberos issue (KB951191)

Section B: NTLMv2 issue (KB957441)

Section C: Note on NTLMv2

BUI

CLI

Tasks

Active Directory Tasks

Identity Mapping

Concepts

Identity Mapping Concepts

Mapping Modes

IDMU

Directory-based Mapping

Identity Mapping Directory-based Mapping

Properties

Name-based Mapping

Identity Mapping Name-based Mapping

Name-based Mapping Rules

Case Sensitivity

Mapping Persistence

Domain-Wide Rules

Deny Mappings

Mapping Rule Directional Symbols

Ephemeral Mapping

Best Practices

Testing Mappings

Examples

Tasks

Identity Mapping Tasks

DNS

Introduction

Properties

CLI

Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

Dynamic Routing

RIP and RIPng Dynamic Routing Protocols

Logs

IPMP

Introduction

Properties

Logs

Tasks

NTP

Introduction

Properties

Validation

Authentication

BUI

CLI

BUI Clock

Tips

Tasks

NTP Tasks

Phone Home

Introduction

Oracle Single Sign-On Account

Properties

Web Proxy

Tasks

Registration

BUI

CLI

Status

Service state

Logs

Service Tags

Introduction

Properties

SMTP

Introduction

Properties

Logs

SNMP

Introduction

Properties

MIBs

Sun FM MIB

Sun AK MIB

Tasks

SNMP Tasks

Syslog

Introduction

Properties

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

Message Format

Alert Message Format

Receiver Configuration Examples

Configuring a Solaris Receiver

Configuring a Linux Receiver

System Identity

Introduction

Properties

Logs

SSH

Introduction

Properties

Logs

Tasks

SSH Tasks

5.  Shares

6.  Integration

Glossary

Virus Scan

Introduction

The Virus Scan service will scan for viruses at the filesystem level. When a file is accessed from any protocol, the Virus Scan service will first scan the file, and both deny access and quarantine the file if a virus is found. Once a file has been scanned with the latest virus definitions, it is not rescanned until it is next modified. Files accessed by NFS clients that have cached file data or been delegated read privileges by the NFSv4 server may not be immediately quarantined.

Properties

Property
Description
Maximum file size to scan
Files larger than this size will not be scanned, to avoid significant performance penalties. These large files are unlikely to be executable themselves (such as database files), and so are less likely to pose a risk to vulnerable clients. The default value is 1GB.
Allow access to files that exceed maximum file size
Enabled by default, this allows access to files larger than the maximum scan size (which are therefore unscanned prior to being returned to clients). Administrators at a site with more stringent security requirements may elect to disable this option and increase the maximum file size, so that all accessible files are known to be scanned for viruses.

Changing services properties is documented in the BUI and CLI sections of services. The CLI property names are shorter versions of those listed above.

File Extensions

This section describes how to control which files are scanned. The default value, " * ", causes all files to be scanned. Scanning all files may impact performance so you can designate a subset of files to scan.

For example, to scan only high-risk files, including zip files, but not files with names that match the pattern "data-archive*.zip", you could configure the following settings:

Action
Pattern
Scan
exe
Scan
com
Scan
bat
Scan
doc
Scan
zip
Don't Scan
data-archive*.zip
Don't Scan
*

Note: You must use "Don't Scan *" to exclude all other file types not explicitly included in the scan list. A file named "file.name.exe.bat.jpg123" would NOT be scanned, as only the "jpg123" portion of the name, the extension, would be compared against the rules.

Do NOT use exclude settings before include settings. For example, do not use a "Don't Scan *" setting before include settings since that would exclude all file types that come after it. The following example would not scan any files:

Action
Pattern
Don't Scan
*
Scan
exe
Scan
com
Scan
bat
Scan
doc
Scan
zip
Don't Scan
data-archive*.zip

Scanning Engines

In this section, specify which scanning engines to use. A scanning engine is an external third-party virus scanning server which the appliance contacts using ICAP (Internet Content Adaptation Protocol, RFC 3507) to have files scanned.

Property
Description
Enable
Use this scan engine
Host
Hostname or IP address of the scan engine server
Maximum Connections
Maximum number of concurrent connections. Some scan engines operate better with connections limited to 8.
Port
Port for the scan engine

Logs

Log
Description
vscan
Log of the Virus Scan service

To view service logs, refer to the Logs section from Services.

Tasks

The following are example tasks. See the BUI and CLI sections for how these tasks apply to each interface method.

Virus Scan Tasks

Configuring virus scanning for a share

  1. Go to Configuration->Services->Virus Scan.
  2. Set desired properties.
  3. Apply/commit the configuration.
  4. Go to Shares.
  5. Edit a filesystem or a project.
  6. Select the "General" tab.
  7. Enable the "Virus scan" option.