vserver vscan on-access-policy create
Create an On-Access policy
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver vscan on-access-policy create
command creates an On-Access policy.
Parameters
-vserver <vserver name>
- Vserver-
This parameter specifies the name of the Vserver on which you want to create an On-Access policy.
-policy-name <Policy name>
- Policy-
This parameter specifies the name of the On-Access policy that you want to create. An On-Access policy name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters (a-z, A-Z, 0-9), "_", "-" and ".".
-protocol <CIFS>
- File-Access Protocol-
This parameter specifies the protocol name for which the On-Access policy will be created. Currently only CIFS is supported.
[-filters {scan-ro-volume|scan-execute-access}]
- Filters-
This parameter specifies a list of filters which can be used to define the scope of the On-Access policy more precisely. The list can include one or more of the following:
-
scan-ro-volume
- Enable scans for read-only volume. -
scan-execute-access
- Scan only files opened with execute-access (CIFS only).
-
[-scan-mandatory {on|off}]
- Mandatory Scan-
This parameter specifies whether access to a file is allowed if there are no external virus-scanning servers available for virus scanning. By default, it is on.
[-max-file-size {<integer>[KB|MB|GB|TB|PB]}]
- Max File Size Allowed for Scanning-
This parameter specifies the maximum size of the file which will be considered for virus scanning. By default, it is
2GB
. [-paths-to-exclude <File path>,…]
- File Paths Not to Scan-
This parameter specifies a list of paths, separated by commas, to exclude from virus scanning. This path is given from the root of the Vserver and can be up to 255 characters long. By default, no paths are excluded. CIFS protocol based On-Access policies must use "\" as the path separator. The path can be in one of the following forms:
-
\dir1\dir2\name
- This would match "\dir1\dir2\name" as well as "\dir1\dir2\name...". -
\dir1\dir2\name\
- This would only match "\dir1\dir2\name...".
If you are using the CLI, you must delimit all paths with double quotation marks ("). For instance, to add the paths "\vol\a b\" and "\vol\a,b\" to the -paths-to-exclude
in the CLI, type"\vol\a b\","\vol\a,b\"
at the command prompt. To add a "?" to the expression, press ESC followed by the "?". -
[-file-ext-to-exclude <File extension>,…]
- File Extensions Not to Scan-
This parameter specifies a list of file extensions, separated by commas, to exclude from virus scanning. By default, no file extensions are excluded. Each file extension can be up to 16 characters long. The
-file-ext-to-exclude
supports wildcard patterns containing "*" and "?". Pattern matching is defined as:-
*
- Matches any string, including the empty string. For example,mp*
would match mp, mp3, mp4, mpeg etc. -
?
- Matches any single character. For example,mp?
would match mp3, mp4 but not mp and mpeg.
If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp*
in the CLI, type"mp*"
at the command prompt. To add a "?" to the expression, press ESC followed by the "?". -
[-file-ext-to-include <File extension>,…]
- File Extensions to Scan-
This parameter specifies a list of file extensions, separated by commas, to include for virus scanning. By default it is
*
, which means all the file extensions are considered for virus scanning except those which match one of the patterns provided in-file-ext-to-exclude
list. Each file extension can be up to 16 characters long. The-file-ext-to-include
supports wildcard patterns containing "*" and "?". Pattern matching is defined as:-
*
- Matches any string, including the empty string. For example,mp*
would match mp, mp3, mp4, mpeg etc. -
?
- Matches any single character. For example,mp?
would match mp3, mp4 but not mp and mpeg.
If you are using the CLI, you must delimit all patterns with double quotation marks ("). For instance, to enter the pattern mp*
in the CLI, type"mp*"
at the command prompt. To add a "?" to the expression, press ESC followed by the "?".If you specify both -file-ext-to-include
and-file-ext-to-exclude
lists, then only those file extensions are considered for virus scanning which match one of the patterns provided in-file-ext-to-include
list but do not match any of the patterns provided in-file-ext-to-exclude
list. -
[-scan-files-with-no-ext {true|false}]
- Scan Files with No Extension-
This parameter specifies if the files without any extension are considered for virus scanning or not. By default, it is true.
Examples
The following example creates an On-Access policy.
cluster1::> vserver vscan on-access-policy create -vserver vs1 -policy-name test -protocol CIFS -scan-mandatory on -filters scan-ro-volume -max-file-size 3GB -file-ext-to-exclude "mp3","txt" -file-ext-to-include "mp*","tx*" -paths-to-exclude "\vol\a b\","\vol\a,b\" cluster1::> vserver vscan on-access-policy show -instance -vserver vs1 -policy-name test Vserver: vs1 Policy: test Policy Status: off Policy Config Owner: vserver File-Access Protocol: CIFS Filters: scan-ro-volume Mandatory Scan: on Max File Size Allowed for Scanning: 3GB File Paths Not to Scan: \vol\a b\, \vol\a,b\ File Extensions Not to Scan: mp3, txt File Extensions to Scan: mp*, tx* Scan Files with No Extension: true