Go to main content

Securing Systems and Attached Devices in Oracle® Solaris 11.4

Exit Print View

Updated: July 2019
 
 

How to Change vscan Properties

You can change the properties of a particular scan engine and the general properties of the vscan service. Many scan engines limit the size of the files they scan, so the vscan service's max-size property must be set to a value less than or equal to the scan engine's maximum allowed size. You then define whether files that are larger than the maximum size, and therefore not scanned, are accessible.

Before You Begin

You must become an administrator who is assigned the VSCAN Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. View the current properties by using the vscanadm show command.
    $ vscanadm show
    max-size=1GB
    max-size-action=allow
    timeout=30
    ...
  2. Set the timeout value.

    If the scanning time exceeds the timeout, access to the file is denied.

    $ vscanadm set -p timeout=60
  3. Set the maximum size for virus scans to, for example, 128 megabytes.
    $ vscanadm set -p max-size=128M
  4. Specify that access is denied to any file that is not scanned due to its size.
    $ vscanadm set -p max-size-action=deny

    For more information, see the vscanadm(8) man page.