'\" te
.\" Copyright (c) 2007 Sun Microsystems, Inc. All Rights Reserved.
.TH vscand 1M "6 Nov 2007" "SunOS 5.11" "System Administration Commands"
.SH NAME
vscand \- vscan service daemon
.SH SYNOPSIS
.LP
.nf
\fB/usr/lib/vscan/vscand\fR 
.fi

.SH DESCRIPTION
.sp
.LP
\fBvscand\fR is the daemon that handles virus scan requests from file systems on file open and close operations. A file system may support enabling and disabling of virus scanning on a per dataset basis, using that file system's administrative command, for example \fBzfs\fR(1M).
.sp
.LP
If the file state or scan policy (see \fBvscanadm\fR(1M) requires that a file be scanned, \fBvscand\fR communicates with external third-party virus scanners (scan engines) using the Internet Content Adaptation Protocol (\fBICAP\fR, \fBRFC\fR 3507) to have the file scanned.
.sp
.LP
A file is submitted to a scan engine if it has been modified since it was last scanned, or if it has not been scanned with the latest scan engine configuration (Virus definitions). The file's modified attribute and \fBscanstamp\fR attribute are used to store this information. Once the file is scanned, the modified attribute is cleared and the \fBscanstamp\fR attribute is updated.
.sp
.LP
If the file is found to contain a virus, the virus is logged in \fBsyslogd\fR(1M), an audit record is written, and the file is quarantined (by setting its quarantine attribute). Once a file is quarantined, attempts to read, execute or rename the file will be denied by the file system. The \fBsyslogd\fR(1M) entry and the audit record specify the name of the infected file and the violations detected in the file. Each violation is specified as "ID - threat description", where \fBID\fR and threat description are defined in the X-Infection-Found-Header in \fBICAP\fR \fBRFC\fR 3507; Extensions.
.sp
.LP
By default, \fBvscand\fR connects to scan engines on port 1344. The port and other service configuration parameters can be configured using \fBvscanadm\fR(1M).
.sp
.LP
The \fBvscan\fR service is disabled by default, and can be enabled using \fBsvcadm\fR(1M).
.SH EXIT STATUS
.sp
.LP
The following exit values are returned:
.sp
.ne 2
.mk
.na
\fB\fB0\fR\fR
.ad
.RS 12n
.rt  
Daemon started successfully.
.RE

.sp
.ne 2
.mk
.na
\fB\fBnon-zero\fR\fR
.ad
.RS 12n
.rt  
Daemon failed to start.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilityservice/storage/virus-scan
_
Interface StabilityUncommitted
.TE

.SH SEE ALSO
.sp
.LP
\fBps\fR(1), \fBsvcs\fR(1), \fBlogadm\fR(1M), \fBsvcadm\fR(1M), \fBsyslogd\fR(1M), \fBvscanadm\fR(1M), \fBzfs\fR(1M), \fBattributes\fR(5), \fBsmf\fR(5)
.SH NOTES
.sp
.LP
If a file is accessed using a protocol which does not invoke the file system open and close operations, for example \fBNFSv3\fR, virus scanning is not initiated on the file.
.sp
.LP
File content is transferred to the scan engines as \fBcleartext\fR data.
.sp
.LP
Administrative actions for the \fBvscan\fR service, such as enabling, disabling, or requesting a restart, can be performed using \fBsvcadm\fR(1M). The \fBvscan\fR service status can be queried using the \fBsvcs\fR(1) command.
.sp
.LP
The \fBvscan\fR service is managed by the service management facility, \fBsmf\fR(5), under the service identifier: 
.sp
.in +2
.nf
svc:/system/filesystem/vscan
.fi
.in -2
.sp