System Administration Commands vscanadm(1M)
NAME
vscanadm - vscan service configuration utility
SYNOPSIS
vscanadm set -p property=value [-p property=value]...
vscanadm get [-p property]...
vscanadm import -p property filename
vscanadm export -p property filename
vscanadm validate -p property filename
vscanadm add-engine [-p property=value]... engine_id
vscanadm remove-engine engine_id
vscanadm set-engine -pproperty=value [-p property=value]... engine_id
vscanadm get-engine [-p property=value]... [engine_id]
vscanadm show
vscanadm stats [-z]
DESCRIPTION
The vscanadm command sets and displays properties of the
vscan service, vscand(1M), and provides scan statistics. File system exemption from virus scanning may be configuredper file system using the appropriate file system adminis-
trative command, for example zfs(1M).Scan engines are third-party applications on external hosts
that perform the actual virus scanning operation on files. Multiple scan engines can be configured for use by the vscan service. A minimum of two scan engines is recommended. File scan requests are distributed among the configured scanSunOS 5.11 Last change: 7 Jul 2009 1
System Administration Commands vscanadm(1M)
engines to achieve load balancing. A scan engine is identi-
fied by its engine_id. The engine_id is a user defined
string of up to 64 bytes. The vscan service properties are divided into two categories: scan engine properties, which are specific to a scan engine definition, and general properties, which applyto the service and are not scan engine-specific.
SUBCOMMANDSvscanadm recognizes the following subcommands:
vscanadm set -p property=value [-p property=value]...
Sets the values of vscan service general properties.-p property=value Specifies a property value
vscanadm get [-p property]...
Displays the values of vscan service general properties.If no properties are specified, all vscan service gen-
eral properties are displayed.-p property Specifies a property value
The following properties are available for the vscanadm set
and vscanadm get subcommands:
max-size The maximum size of files that should be
virus scanned. Files exceeding max-size
are not scanned. The max-size-action pro-
perty determines whether access should be allowed or denied to files that exceedmax-size.
The value of max-size is a string with a
numeric (decimal) component and an optional letter component that specifies a unit size, in the format "N[.N][KMGTP][B]". Following the numeric component, the optional unit can be specified as either one or two characters. For example, either "K" or "KB" can be used to specifySunOS 5.11 Last change: 7 Jul 2009 2
System Administration Commands vscanadm(1M)
kilobytes. Unit specifiers are not case-
sensitive, and must follow the numeric value immediately with no intervening whitespace. With either no unit specifier, or a unit specifier of only "B", the numeric value is assumed to be in bytes. The default value is 1GB. Note that while the vscan service defines a maximum file size for scanning, scan engines also typically define their ownmaximum file size setting. It is recom-
mended that max-size be set to a value
less than or equal to the maximum file size for the scan engine(s).max-size-action Specifies whether access will be allowed
or denied to files larger than max-size.
Files larger than max-size are not virus
scanned. Valid values are: allow allow access to files largerthan max-size (no virus scan).
This is the default value. deny deny access to files larger thanmax-size (no virus scan)
vscanadm import -p property filename
Imports the property value from the specified file. The file must contain a single line specifying the value of a single property.vscanadm export -p property filename
Exports the property value to the specified file. The file must contain a single line specifying the value of a single property.vscanadm validate -p property filename
Validates the property value in the specified file. The file must contain a single line specifying the value ofSunOS 5.11 Last change: 7 Jul 2009 3
System Administration Commands vscanadm(1M)
a single property.The following properties are available for the vscanadm
import, vscanadm export, and vscanadm validate subcommands:
types A comma-separated list of file type extension
matching rules. This list defines which types offiles are scanned and which should be excluded dur-
ing virus scanning. Each rule comprises the ruleindicator [+|-], followed by a file type express-
sion against which a file's type extension is com-
pared. The file type expresssion is case insensi-
tive and may include the "*" and "?" wildcards. There should be no whitespace between the rule indicator and the file type expresssion. If a comma is included within the file type expression, it must be escaped using a "\" (backslash). A file type extension does not include its preceding dot. The rule indicator is a single character and can be one of: + include file type in virus scanning- exclude file type from virus scanning
When a file is being evaluated as a candidate for virus scanning, its file type will be compared with the rules defined in types. The first rule matched will be applied. If no match is found, the file will be virus scanned. The total length of the types string can not exceed 4096 bytes. The default content of the types list is "+*".vscanadm add-engine [-p property=value]... engine_id
Adds a new scan engine identified by engine_id. The
default values are used for any scan engine properties that are not specified. The hostname defaults to theengine_id.
-p property=value Specifies a property value
vscanadm remove-engine engine_id
Remove scan engine identified by engine_id, removing all
of its configuration property values.SunOS 5.11 Last change: 7 Jul 2009 4
System Administration Commands vscanadm(1M)
vscanadm set-engine -pproperty=value [-p property=value]...
engine_id
Creates or updates the configuration property values forthe scan engine identified by engine_id.
-p property=value Specifies a property value
vscanadm get-engine [-p property=value]... [engine_id]
Displays the values of the specified scan engine proper-
ties for the scan engine identified by engine_id. If no
engine_id is specified, this subcommand displays the
specified scan engine property values for all configuredscan engines. If no properties are specified, this sub-
command displays all vscan service scan engine proper-
ties.-p property=value Specifies a property value
The following properties are available for the vscanadm
add-engine, vscanadm remove-engine, vscanadm set-engine, and
vscanadm get-engine subcommands:
enable Specifies whether the scan engine is enabled or disabled. Valid values are "on" (enabled) and "off" (disabled). The default is "on" (enabled). A scan engine cannot be enabled if its host property is invalid. host Hostname or IPv4 format IP address of the scan engine. port ICAP port number of the scan engine. The numeric value ranges from 0 to 65535. The default ICAP port is 1344.max-connection The maximum number of concurrent connec-
tions that may be established with a scan engine. The numeric value ranges from 1 to 512. This property defaults to 8.SunOS 5.11 Last change: 7 Jul 2009 5
System Administration Commands vscanadm(1M)
vscanadm show Displays the values of all vscan ser-
vice general properties and scan engine properties.vscanadm stats [-z] Displays or resets the following
vscan service statistics: o number of files scanned o number of infected files o number of failed scan requests o scan errors (including a per scan engine error count)-z Resets vscan service statistics
counters to zeroEXAMPLES
Example 1 Setting the Maximum Size Limit To set the maximum size limit for files to be virus scanned to 128 megabytes, enter# vscanadm set -p max-size=128M
Example 2 Allowing Access to Files To allow access to files exceeding the maximum file size, enter# vscanadm set -p max-size-action=allow
Example 3 Setting File Types To set the types so that only files of type "odt", "exe" and "jpg" are virus scanned, enterSunOS 5.11 Last change: 7 Jul 2009 6
System Administration Commands vscanadm(1M)
# vscanadm set -p types=+odt,+exe,+jpg,-*
To set the types so that all file types except "doc" are virus scanned, enter# vscanadm set -p types=-doc,+*
Example 4 Displaying the File Types List To display the file types list, enter# vscanadm get -p types
Example 5 Adding the Scan EngineTo add the scan engine "my_eng" using the default values,
enter# vscanadm add-engine my_eng
Example 6 Disabling the Scan EngineTo disable the scan engine "my_eng", enter
# vscanadm set-engine -p enable=off my_eng
Example 7 Displaying Scan Engine PropertiesTo display the properties of the scan engine "my_eng", enter
# vscanadm get-engine my_eng
SunOS 5.11 Last change: 7 Jul 2009 7
System Administration Commands vscanadm(1M)
Example 8 Removing Scan EngineTo remove the scan engine "my_eng", enter
# vscanadm remove-engine my_eng
Example 9 Displaying Vscan Service General and Scan Engine Properties To Display all vscan service general properties and scan engine properties, enter# vscanadm show
EXIT STATUS The following exit values are returned: 0 Successful completion.non-zero An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 7 Jul 2009 8
System Administration Commands vscanadm(1M)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | service/storage/virus-scan |
|_____________________________|_____________________________|
| Interface Stability | Uncommitted ||_____________________________|_____________________________|
| Utility output format | Not-An-Interface |
|_____________________________|_____________________________|
SEE ALSO
vscand(1M), zfs(1M), attributes(5), smf(5) NOTESAll users are permitted to use vscanadm to view vscan pro-
perties and statistics. To set property values or reset statistics, the following authorizations are required: solaris.smf.value.vscan change the property values or reset statistics solaris.manage.vscan refresh the service to apply property value changesTo add or remove properties (add-engine, remove-engine) the
following authorizations are required: solaris.smf.modify.application add or remove property group solaris.manage.vscan refresh the service to apply property value changes All of these authorizations are included in the "VSCAN Management" profile.SunOS 5.11 Last change: 7 Jul 2009 9