1vscand(1M)              System Administration Commands              vscand(1M)
2
3
4

NAME

6       vscand - vscan service daemon
7

SYNOPSIS

9       /usr/lib/vscan/vscand
10
11

DESCRIPTION

13       vscand is the daemon that handles virus scan requests from file systems
14       on file open and close operations. A file system may  support  enabling
15       and disabling of virus scanning on a per dataset basis, using that file
16       system's administrative command, for example zfs(1M).
17
18
19       If the file state or scan policy (see vscanadm(1M) requires that a file
20       be  scanned,  vscand communicates with external third-party virus scan‐
21       ners (scan engines) using  the  Internet  Content  Adaptation  Protocol
22       (ICAP, RFC 3507) to have the file scanned.
23
24
25       A  file  is submitted to a scan engine if it has been modified since it
26       was last scanned, or if it has not been scanned with  the  latest  scan
27       engine configuration (Virus definitions). The file's modified attribute
28       and scanstamp attribute are used to store this  information.  Once  the
29       file  is  scanned,  the modified attribute is cleared and the scanstamp
30       attribute is updated.
31
32
33       If the file is found to contain a virus, the virus is  logged  in  sys‐
34       logd(1M),  an  audit record is written, and the file is quarantined (by
35       setting its quarantine attribute). Once a file is quarantined, attempts
36       to  read, execute or rename the file will be denied by the file system.
37       The syslogd(1M) entry and the audit record  specify  the  name  of  the
38       infected  file  and the violations detected in the file. Each violation
39       is specified as "ID - threat description", where ID and threat descrip‐
40       tion  are  defined  in  the  X-Infection-Found-Header in ICAP RFC 3507;
41       Extensions.
42
43
44       By default, vscand connects to scan engines on port 1344. The port  and
45       other   service   configuration  parameters  can  be  configured  using
46       vscanadm(1M).
47
48
49       The vscan service is disabled by default,  and  can  be  enabled  using
50       svcadm(1M).
51

EXIT STATUS

53       The following exit values are returned:
54
55       0           Daemon started successfully.
56
57
58       non-zero    Daemon failed to start.
59
60

ATTRIBUTES

62       See attributes(5) for descriptions of the following attributes:
63
64
65
66
67       ┌─────────────────────────────┬─────────────────────────────┐
68       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
69       ├─────────────────────────────┼─────────────────────────────┤
70       │Availability                 │SUNWvscanu                   │
71       ├─────────────────────────────┼─────────────────────────────┤
72       │Interface Stability          │Uncommitted                  │
73       └─────────────────────────────┴─────────────────────────────┘
74

SEE ALSO

76       ps(1),  svcs(1),  logadm(1M),  svcadm(1M),  syslogd(1M), vscandadm(1M),
77       zfs(1M), attributes(5), smf(5)
78

NOTES

80       If a file is accessed using a protocol which does not invoke  the  file
81       system  open and close operations, for example NFSv3, virus scanning is
82       not initiated on the file.
83
84
85       File content is transferred to the scan engines as cleartext data.
86
87
88       Administrative actions for the vscan service, such  as  enabling,  dis‐
89       abling, or requesting a restart, can be performed using svcadm(1M). The
90       vscan service status can be queried using the svcs(1) command.
91
92
93       The vscan service  is  managed  by  the  service  management  facility,
94       smf(5), under the service identifier:
95
96         svc:/system/filesystem/vscan
97
98
99
100
101
102SunOS 5.11                        6 Nov 2007                        vscand(1M)
Impressum