VSCAND(8) Maintenance Commands and Procedures VSCAND(8)
NAME
vscand - vscan service daemon
SYNOPSIS
/usr/lib/vscan/vscandDESCRIPTION
vscand is the daemon that handles virus scan requests from file
systems on file open and close operations. A file system may support
enabling and disabling of virus scanning on a per dataset basis,
using that file system's administrative command, for example
zfs(8).
If the file state or scan policy (see
vscanadm(8) requires that a
file be scanned,
vscand communicates with external third-party virus
scanners (scan engines) using the Internet Content Adaptation
Protocol (
ICAP,
RFC 3507) to have the file scanned.
A file is submitted to a scan engine if it has been modified since it
was last scanned, or if it has not been scanned with the latest scan
engine configuration (Virus definitions). The file's modified
attribute and
scanstamp attribute are used to store this information.
Once the file is scanned, the modified attribute is cleared and the
scanstamp attribute is updated.
If the file is found to contain a virus, the virus is logged in
syslogd(8), an audit record is written, and the file is quarantined
(by setting its quarantine attribute). Once a file is quarantined,
attempts to read, execute or rename the file will be denied by the
file system. The
syslogd(8) entry and the audit record specify the
name of the infected file and the violations detected in the file.
Each violation is specified as "ID - threat description", where
ID and threat description are defined in the X-Infection-Found-Header in
ICAP RFC 3507; Extensions.
By default,
vscand connects to scan engines on port 1344. The port
and other service configuration parameters can be configured using
vscanadm(8).
The
vscan service is disabled by default, and can be enabled using
svcadm(8).
EXIT STATUS
The following exit values are returned:
0 Daemon started successfully.
non-zero Daemon failed to start.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Uncommitted |
+--------------------+-----------------+
SEE ALSO
ps(1),
svcs(1),
attributes(7),
smf(7),
logadm(8),
svcadm(8),
syslogd(8),
vscanadm(8),
zfs(8)NOTES
If a file is accessed using a protocol which does not invoke the file
system open and close operations, for example
NFSv3, virus scanning
is not initiated on the file.
File content is transferred to the scan engines as
cleartext data.
Administrative actions for the
vscan service, such as enabling,
disabling, or requesting a restart, can be performed using
svcadm(8).
The
vscan service status can be queried using the
svcs(1) command.
The
vscan service is managed by the service management facility,
smf(7), under the service identifier:
svc:/system/filesystem/vscan
November 6, 2007 VSCAND(8)
