System Administration Commands vscanadm(1M)
NAME
vscanadm - vscan service configuration utility
SYNOPSIS
vscanadm set -p property=value [-p property=value]...
vscanadm get [-p property]...
vscanadm import -p property filename
vscanadm export -p property filename
vscanadm validate -p property filename
vscanadm add-engine [-p property=value]... engineid
vscanadm remove-engine engineid
vscanadm set-engine -pproperty=value [-p property=value]... engineid
vscanadm get-engine [-p property=value]... [engineid]
vscanadm show
vscanadm stats [-z]
DESCRIPTION
The vscanadm command sets and displays properties of the
vscan service, vscand(1M), and provides scan statistics.
File system exemption from virus scanning may be configured
per file system using the appropriate file system adminis-
trative command, for example zfs(1M).
Scan engines are third-party applications on external hosts
that perform the actual virus scanning operation on files.
Multiple scan engines can be configured for use by the vscan
service. A minimum of two scan engines is recommended. File
scan requests are distributed among the configured scan
SunOS 5.11 Last change: 6 Nov 2007 1
System Administration Commands vscanadm(1M)
engines to achieve load balancing. A scan engine is identi-
fied by its engineid. The engineid is a user defined
string of up to 64 bytes.
The vscan service properties are divided into two
categories: scan engine properties, which are specific to a
scan engine definition, and general properties, which apply
to the service and are not scan engine-specific.
SUBCOMANDS
vscanadm recognizes the following subcommands:
vscanadm set -p property=value [-p property=value]...
Sets the values of vscan service general properties.
-p property=value Specifies a property value
vscanadm get [-p property]...
Displays the values of vscan service general properties.
If no properties are specified, all vscan service gen-
eral properties are displayed.
-p property Specifies a property value
The following properties are available for the vscanadm set
and vscanadm get subcommands:
max-size The maximum size of files that should be
virus scanned. Files exceeding max-size
are not scanned. The max-size-action pro-
perty determines whether access should be
allowed or denied to files that exceed
max-size.
The value of max-size is a string with a
numeric (decimal) component and an
optional letter component that specifies
a unit size, in the format
"N[.N][KMGTP][B]".
Following the numeric component, the
optional unit can be specified as either
one or two characters. For example,
either "K" or "KB" can be used to specify
SunOS 5.11 Last change: 6 Nov 2007 2
System Administration Commands vscanadm(1M)
kilobytes. Unit specifiers are not case-
sensitive, and must follow the numeric
value immediately with no intervening
whitespace.
With either no unit specifier, or a unit
specifier of only "B", the numeric value
is assumed to be in bytes. The default
value is 1GB.
Note that while the vscan service defines
a maximum file size for scanning, scan
engines also typically define their own
maximum file size setting. It is recom-
mended that max-size be set to a value
less than or equal to the maximum file
size for the scan engine(s).
max-size-action Specifies whether access will be allowed
or denied to files larger than max-size.
Files larger than max-size are not virus
scanned. Valid values are:
allow allow access to files larger
than max-size (no virus scan).
This is the default value.
deny deny access to files larger than
max-size (no virus scan)
vscanadm import -p property filename
Imports the property value from the specified file. The
file must contain a single line specifying the value of
a single property.
vscanadm export -p property filename
Exports the property value to the specified file. The
file must contain a single line specifying the value of
a single property.
vscanadm validate -p property filename
Validates the property value in the specified file. The
file must contain a single line specifying the value of
SunOS 5.11 Last change: 6 Nov 2007 3
System Administration Commands vscanadm(1M)
a single property.
The following properties are available for the vscanadm
import, vscanadm export, and vscanadm validate subcommands:
types A comma-separated list of file type extension
matching rules. This list defines which types of
files are scanned and which should be excluded dur-
ing virus scanning. Each rule comprises the rule
indicator []-], followed by a file type express-
sion against which a file's type extension is com-
pared. The file type expresssion is case insensi-
tive and may include the "*" and "?" wildcards.
There should be no whitespace between the rule
indicator and the file type expresssion. If a comma
is included within the file type expression, it
must be escaped using a "\" (backslash). A file
type extension does not include its preceding dot.
The rule indicator is a single character and can be
one of:
] include file type in virus scanning
- exclude file type from virus scanning
When a file is being evaluated as a candidate for
virus scanning, its file type will be compared with
the rules defined in types. The first rule matched
will be applied. If no match is found, the file
will be virus scanned. The total length of the
types string can not exceed 4096 bytes. The default
content of the types list is "]*".
vscanadm add-engine [-p property=value]... engineid
Adds a new scan engine identified by engineid. The
default values are used for any scan engine properties
that are not specified. The hostname defaults to the
engineid.
-p property=value Specifies a property value
vscanadm remove-engine engineid
Remove scan engine identified by engineid, removing all
of its configuration property values.
SunOS 5.11 Last change: 6 Nov 2007 4
System Administration Commands vscanadm(1M)
vscanadm set-engine -pproperty=value [-p property=value]...
engineid
Creates or updates the configuration property values for
the scan engine identified by engineid.
-p property=value Specifies a property value
vscanadm get-engine [-p property=value]... [engineid]
Displays the values of the specified scan engine proper-
ties for the scan engine identified by engineid. If no
engineid is specified, this subcommand displays the
specified scan engine property values for all configured
scan engines. If no properties are specified, this sub-
command displays all vscan service scan engine proper-
ties.
-p property=value Specifies a property value
The following properties are available for the vscanadm
add-engine, vscanadm remove-engine, vscanadm set-engine, and
vscanadm get-engine subcommands:
enable Specifies whether the scan engine is
enabled or disabled. Valid values are "on"
(enabled) and "off" (disabled). The
default is "on" (enabled). A scan engine
cannot be enabled if its host property is
invalid.
host Hostname or IPv4 format IP address of the
scan engine.
port ICAP port number of the scan engine. The
numeric value ranges from 0 to 65535. The
default ICAP port is 1344.
max-connection The maximum number of concurrent connec-
tions that may be established with a scan
engine. The numeric value ranges from 1 to
512. This property defaults to 32.
SunOS 5.11 Last change: 6 Nov 2007 5
System Administration Commands vscanadm(1M)
vscanadm show Displays the values of all vscan ser-
vice general properties and scan
engine properties.
vscanadm stats [-z] Displays or resets the following
vscan service statistics:
o number of files scanned
o number of infected files
o number of failed scan
requests
o scan errors (including a per
scan engine error count)
-z Resets vscan service statistics
counters to zero
EXAMPLES
Example 1 Setting the Maximum Size Limit
To set the maximum size limit for files to be virus scanned
to 128 megabytes, enter
# vscanadm set -p max-size=128M
Example 2 Allowing Access to Files
To allow access to files exceeding the maximum file size,
enter
# vscanadm set -p max-size-action=allow
Example 3 Setting File Types
To set the types so that only files of type "odt", "exe" and
"jpg" are virus scanned, enter
SunOS 5.11 Last change: 6 Nov 2007 6
System Administration Commands vscanadm(1M)
# vscanadm set -p types=]odt,]exe,]jpg,-*
To set the types so that all file types except "doc" are
virus scanned, enter
# vscanadm set -p types=-doc,]*
Example 4 Displaying the File Types List
To display the file types list, enter
# vscanadm get -p types
Example 5 Adding the Scan Engine
To add the scan engine "myeng" using the default values,
enter
# vscanadm add-engine myeng
Example 6 Disabling the Scan Engine
To disable the scan engine "myeng", enter
# vscanadm set-engine -p enable=off myeng
Example 7 Displaying Scan Engine Properties
To display the properties of the scan engine "myeng", enter
# vscanadm get-engine myeng
SunOS 5.11 Last change: 6 Nov 2007 7
System Administration Commands vscanadm(1M)
Example 8 Removing Scan Engine
To remove the scan engine "myeng", enter
# vscanadm remove-engine myeng
Example 9 Displaying Vscan Service General and Scan Engine
Properties
To Display all vscan service general properties and scan
engine properties, enter
# vscanadm show
EXIT STATUS
The following exit values are returned:
0 Successful completion.
non-zero An error occurred.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 6 Nov 2007 8
System Administration Commands vscanadm(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWvscanu
Interface Stability Uncommitted
Utility output format Not-An-Interface
SEE ALSO
vscand(1M), zfs(1M), attributes(5), smf(5)
NOTES
All users are permitted to use vscanadm to view vscan pro-
perties and statistics. To set property values or reset
statistics, the following authorizations are required:
solaris.smf.value.vscan
change the property values or reset statistics
solaris.manage.vscan
refresh the service to apply property value changes
To add or remove properties (add-engine, remove-engine) the
following authorizations are required:
solaris.smf.modify.application
add or remove property group
solaris.manage.vscan
refresh the service to apply property value changes
All of these authorizations are included in the "VSCAN
Management" profile.
SunOS 5.11 Last change: 6 Nov 2007 9
|
