Skip to main content

vserver vscan on-access-policy modify

Contributors
Suggest changes

Modify an On-Access policy

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver vscan on-access-policy modify command modifies an On-Access policy.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the name of the Vserver on which you want to modify an On-Access policy.

-policy-name <Policy name> - Policy

This parameter specifies the name of the On-Access policy that you want to modify.

[-filters {scan-ro-volume|scan-execute-access}] - Filters

This parameter specifies a list of filters which can be used to define the scope of the On-Access policy more precisely. The list can include one or more of the following:

  • scan-ro-volume - Enable scans for read-only volume.

  • scan-execute-access - Scan only files opened with execute-access (CIFS only).

[-scan-mandatory {on|off}] - Mandatory Scan

This parameter specifies whether access to a file is allowed if there are no external virus-scanning servers available for virus scanning.

[-max-file-size {<integer>[KB|MB|GB|TB|PB]}] - Max File Size Allowed for Scanning

This parameter specifies the maximum size of the file which will be considered for virus scanning.

[-paths-to-exclude <File path>,…​] - File Paths Not to Scan

This parameter specifies a list of paths, separated by commas, to exclude from virus scanning. This path is given from the root of the Vserver and can be up to 255 characters long. CIFS protocol based On-Access policies must use "\" as the path separator. The path can be in one of the following forms:

  • \dir1\dir2\name - This would match "\dir1\dir2\name" as well as "\dir1\dir2\name...".

  • \dir1\dir2\name\ - This would only match "\dir1\dir2\name...".

Note If you are using the CLI, you must delimit all paths with double quotation marks ("). For instance, to add the paths "\vol\a b\" and "\vol\a,b\" to the -paths-to-exclude in the CLI, type "\vol\a b\","\vol\a,b\" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".
[-file-ext-to-exclude <File extension>,…​] - File Extensions Not to Scan

This parameter specifies a list of file extensions, separated by commas, to exclude from virus scanning. Each file extension can be up to 16 characters long. The -file-ext-to-exclude supports wildcard patterns containing "*" and "?". Pattern matching is defined as:

  • * - Matches any string, including the empty string. For example, mp* would match mp, mp3, mp4, mpeg etc.

  • ? - Matches any single character. For example, mp? would match mp3, mp4 but not mp and mpeg.

Note If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp* in the CLI, type "mp*" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".
[-file-ext-to-include <File extension>,…​] - File Extensions to Scan

This parameter specifies a list of file extensions, separated by commas, to include for virus scanning. Each file extension can be up to 16 characters long. The -file-ext-to-include supports wildcard patterns containing "*" and "?". Pattern matching is defined as:

  • * - Matches any string, including the empty string. For example, mp* would match mp, mp3, mp4, mpeg etc.

  • ? - Matches any single character. For example, mp? would match mp3, mp4 but not mp and mpeg.

Note If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp* in the CLI, type "mp*" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".
Note If you specify both -file-ext-to-include and -file-ext-to-exclude lists, then only those file extensions are considered for virus scanning which match one of the patterns provided in -file-ext-to-include list but do not match any of the patterns provided in -file-ext-to-exclude list.
[-scan-files-with-no-ext {true|false}] - Scan Files with No Extension

This parameter specifies if the files without any extension are considered for virus scanning or not.

Examples

The following example modifies an On-Access policy.

cluster1::> vserver vscan on-access-policy modify -vserver vs1 -policy-name test
                -protocol CIFS -scan-mandatory on -filters scan-ro-volume -max-file-size 10GB
                -file-ext-to-exclude "mp3" -file-ext-to-include "mp*" -scan-files-with-no-ext false
                -paths-to-exclude "\vol1\temp","\vol2\a"

cluster1::> vserver vscan on-access-policy show -instance -vserver vs1 -policy-name test
Vserver: vs1
                            Policy: test
                     Policy Status: off
               Policy Config Owner: vserver
              File-Access Protocol: CIFS
                           Filters: scan-ro-volume
                    Mandatory Scan: off
Max File Size Allowed for Scanning: 10GB
            File Paths Not to Scan: \vol1\temp, \vol2\a
       File Extensions Not to Scan: mp3
           File Extensions to Scan: mp*
      Scan Files with No Extension: false