vserver vscan on-access-policy modify
Modify an On-Access policy
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver vscan on-access-policy modify
command modifies an On-Access policy.
Parameters
-vserver <vserver name>
- Vserver-
This parameter specifies the name of the Vserver on which you want to modify an On-Access policy.
-policy-name <Policy name>
- Policy-
This parameter specifies the name of the On-Access policy that you want to modify.
[-filters {scan-ro-volume|scan-execute-access}]
- Filters-
This parameter specifies a list of filters which can be used to define the scope of the On-Access policy more precisely. The list can include one or more of the following:
-
scan-ro-volume
- Enable scans for read-only volume. -
scan-execute-access
- Scan only files opened with execute-access (CIFS only).
-
[-scan-mandatory {on|off}]
- Mandatory Scan-
This parameter specifies whether access to a file is allowed if there are no external virus-scanning servers available for virus scanning.
[-max-file-size {<integer>[KB|MB|GB|TB|PB]}]
- Max File Size Allowed for Scanning-
This parameter specifies the maximum size of the file which will be considered for virus scanning.
[-paths-to-exclude <File path>,…]
- File Paths Not to Scan-
This parameter specifies a list of paths, separated by commas, to exclude from virus scanning. This path is given from the root of the Vserver and can be up to 255 characters long. CIFS protocol based On-Access policies must use "\" as the path separator. The path can be in one of the following forms:
-
\dir1\dir2\name
- This would match "\dir1\dir2\name" as well as "\dir1\dir2\name...". -
\dir1\dir2\name\
- This would only match "\dir1\dir2\name...".
If you are using the CLI, you must delimit all paths with double quotation marks ("). For instance, to add the paths "\vol\a b\" and "\vol\a,b\" to the -paths-to-exclude
in the CLI, type"\vol\a b\","\vol\a,b\"
at the command prompt. To add a "?" to the expression, press ESC followed by the "?". -
[-file-ext-to-exclude <File extension>,…]
- File Extensions Not to Scan-
This parameter specifies a list of file extensions, separated by commas, to exclude from virus scanning. Each file extension can be up to 16 characters long. The
-file-ext-to-exclude
supports wildcard patterns containing "*" and "?". Pattern matching is defined as:-
*
- Matches any string, including the empty string. For example,mp*
would match mp, mp3, mp4, mpeg etc. -
?
- Matches any single character. For example,mp?
would match mp3, mp4 but not mp and mpeg.
If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp*
in the CLI, type"mp*"
at the command prompt. To add a "?" to the expression, press ESC followed by the "?". -
[-file-ext-to-include <File extension>,…]
- File Extensions to Scan-
This parameter specifies a list of file extensions, separated by commas, to include for virus scanning. Each file extension can be up to 16 characters long. The
-file-ext-to-include
supports wildcard patterns containing "*" and "?". Pattern matching is defined as:-
*
- Matches any string, including the empty string. For example,mp*
would match mp, mp3, mp4, mpeg etc. -
?
- Matches any single character. For example,mp?
would match mp3, mp4 but not mp and mpeg.
If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp*
in the CLI, type"mp*"
at the command prompt. To add a "?" to the expression, press ESC followed by the "?".If you specify both -file-ext-to-include
and-file-ext-to-exclude
lists, then only those file extensions are considered for virus scanning which match one of the patterns provided in-file-ext-to-include
list but do not match any of the patterns provided in-file-ext-to-exclude
list. -
[-scan-files-with-no-ext {true|false}]
- Scan Files with No Extension-
This parameter specifies if the files without any extension are considered for virus scanning or not.
Examples
The following example modifies an On-Access policy.
cluster1::> vserver vscan on-access-policy modify -vserver vs1 -policy-name test -protocol CIFS -scan-mandatory on -filters scan-ro-volume -max-file-size 10GB -file-ext-to-exclude "mp3" -file-ext-to-include "mp*" -scan-files-with-no-ext false -paths-to-exclude "\vol1\temp","\vol2\a" cluster1::> vserver vscan on-access-policy show -instance -vserver vs1 -policy-name test Vserver: vs1 Policy: test Policy Status: off Policy Config Owner: vserver File-Access Protocol: CIFS Filters: scan-ro-volume Mandatory Scan: off Max File Size Allowed for Scanning: 10GB File Paths Not to Scan: \vol1\temp, \vol2\a File Extensions Not to Scan: mp3 File Extensions to Scan: mp* Scan Files with No Extension: false