1vscand(1M) System Administration Commands vscand(1M)
2
3
4
6 vscand - vscan service daemon
7
9 /usr/lib/vscan/vscand
10
11
13 vscand is the daemon that handles virus scan requests from file systems
14 on file open and close operations. A file system may support enabling
15 and disabling of virus scanning on a per dataset basis, using that file
16 system's administrative command, for example zfs(1M).
17
18
19 If the file state or scan policy (see vscanadm(1M) requires that a file
20 be scanned, vscand communicates with external third-party virus scan‐
21 ners (scan engines) using the Internet Content Adaptation Protocol
22 (ICAP, RFC 3507) to have the file scanned.
23
24
25 A file is submitted to a scan engine if it has been modified since it
26 was last scanned, or if it has not been scanned with the latest scan
27 engine configuration (Virus definitions). The file's modified attribute
28 and scanstamp attribute are used to store this information. Once the
29 file is scanned, the modified attribute is cleared and the scanstamp
30 attribute is updated.
31
32
33 If the file is found to contain a virus, the virus is logged in sys‐
34 logd(1M), an audit record is written, and the file is quarantined (by
35 setting its quarantine attribute). Once a file is quarantined, attempts
36 to read, execute or rename the file will be denied by the file system.
37 The syslogd(1M) entry and the audit record specify the name of the
38 infected file and the violations detected in the file. Each violation
39 is specified as "ID - threat description", where ID and threat descrip‐
40 tion are defined in the X-Infection-Found-Header in ICAP RFC 3507;
41 Extensions.
42
43
44 By default, vscand connects to scan engines on port 1344. The port and
45 other service configuration parameters can be configured using
46 vscanadm(1M).
47
48
49 The vscan service is disabled by default, and can be enabled using
50 svcadm(1M).
51
53 The following exit values are returned:
54
55 0 Daemon started successfully.
56
57
58 non-zero Daemon failed to start.
59
60
62 See attributes(5) for descriptions of the following attributes:
63
64
65
66
67 ┌─────────────────────────────┬─────────────────────────────┐
68 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
69 ├─────────────────────────────┼─────────────────────────────┤
70 │Availability │SUNWvscanu │
71 ├─────────────────────────────┼─────────────────────────────┤
72 │Interface Stability │Uncommitted │
73 └─────────────────────────────┴─────────────────────────────┘
74
76 ps(1), svcs(1), logadm(1M), svcadm(1M), syslogd(1M), vscandadm(1M),
77 zfs(1M), attributes(5), smf(5)
78
80 If a file is accessed using a protocol which does not invoke the file
81 system open and close operations, for example NFSv3, virus scanning is
82 not initiated on the file.
83
84
85 File content is transferred to the scan engines as cleartext data.
86
87
88 Administrative actions for the vscan service, such as enabling, dis‐
89 abling, or requesting a restart, can be performed using svcadm(1M). The
90 vscan service status can be queried using the svcs(1) command.
91
92
93 The vscan service is managed by the service management facility,
94 smf(5), under the service identifier:
95
96 svc:/system/filesystem/vscan
97
98
99
100
101
102SunOS 5.11 6 Nov 2007 vscand(1M)