• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src-rt-6.x.4708/router/samba-3.5.8/docs/htmldocs/manpages/
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>vfs_scannedonly</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="vfs_scannedonly.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfs_scannedonly &#8212; Ensures that only files that have been scanned for viruses are
2	visible and accessible to the end user.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">vfs objects = scannedonly</code></p></div></div><div class="refsect1" lang="en"><a name="id2522904"></a><h2>DESCRIPTION</h2><p>This VFS module is part of the
3	<a class="citerefentry" href="samba.8.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(8)</span></a> suite.</p><p>The <code class="literal">vfs_scannedonly</code> VFS module ensures that
4	only files that have been scanned for viruses are visible and accessible
5	to the end user. If non-scanned files are found an anti-virus scanning
6	daemon is notified. The anti-virus scanning daemon is not part of the
7	Samba suite.
8	</p><p>Scannedonly comes in two parts: a samba vfs module and (one or
9	more) daemons. The daemon scans files. If a certain file is clean,
10	a second file is created with prefix <code class="filename">.scanned:</code>.
11	The Samba module simply looks if such a <code class="filename">.scanned:</code>
12	file exists, and is newer than the pertinent file. If this is the case,
13	the file is shown to the user. If this is not the case, the file is not
14	returned in a directory listing (configurable), and cannot be opened
15	(configurable). The Samba vfs module will notify the daemon to scan
16	this file.
17	</p><p>So what happens for the user in the default configuration. The
18	first time a directory is listed, it shows files as 'file is being
19	scanned for viruses, but after the first time all files are shown.
20	There is a utility scannedonly_prescan that can help you to prescan
21	all directories. When new files are written the daemon is notified
22	immediately after the file is complete.
23	</p><p>If a virus is found by the daemon, a file with a warning message
24	is created in the directory of the user, a warning is sent to the logs,
25	and the file is renamed to have prefix <code class="filename">.virus:</code>.
26	Files with the <code class="filename">.virus:</code> prefix are never shown to
27	the user and all access is denied.
28	</p><p>This module is stackable.</p></div><div class="refsect1" lang="en"><a name="id2483361"></a><h2>CONFIGURATION</h2><p><code class="literal">vfs_scannedonly</code> relies on a anti-virus scanning
29	daemon that listens on the scannedonly socket (unix domain socket or UDP
30	socket).
31	</p></div><div class="refsect1" lang="en"><a name="id2483378"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">scannedonly:domain_socket = True </span></dt><dd><p>Whether to use a unix domain socket or not (false reverts
32		to use udp)
33		</p></dd><dt><span class="term">scannedonly:socketname = /var/lib/scannedonly/scan</span></dt><dd><p>The location of the unix domain socket to connect to</p></dd><dt><span class="term">scannedonly:portnum = 2020</span></dt><dd><p>The udp port number to connect to
34		</p></dd><dt><span class="term">scannedonly:scanhost = localhost</span></dt><dd><p>
35		When using UDP the host that runs the scanning daemon (this host
36		needs access to the files!)
37		</p></dd><dt><span class="term">scannedonly:show_special_files = True</span></dt><dd><p>
38		Whether sockets, devices and fifo's (all not scanned for
39		viruses) should be visible to the user
40		</p></dd><dt><span class="term">scannedonly:rm_hidden_files_on_rmdir = True</span></dt><dd><p>
41		Whether files that are not visible (<code class="filename">.scanned:</code>
42		files, <code class="filename">.failed:</code> files and <code class="filename">.virus:
43		</code> files) should be deleted if the user tries to remove
44		the directory. If false, the user will get the "directory is not
45		empty" error.
46		</p></dd><dt><span class="term">scannedonly:hide_nonscanned_files = True</span></dt><dd><p>
47		If false, all non-scanned files are visible in directory listings.
48		If such files are found in a directory listing the scanning daemon
49		is notified that scanning is required. Access to non-scanned files
50		is still denied (see scannedonly:allow_nonscanned_files).
51		</p></dd><dt><span class="term">scannedonly:scanning_message = is being scanned for
52	viruses</span></dt><dd><p>
53		If non-scanned files are hidden
54		(if scannedonly:hide_nonscanned_files = True), a fake 0 byte file
55		is shown. The filename is the original filename with the message
56		as suffix.
57		</p></dd><dt><span class="term">scannedonly:recheck_time_open = 50</span></dt><dd><p>
58		If a non-scanned file is opened, the vfs module will wait
59		recheck_tries_open times for recheck_time_open milliseconds for
60		the scanning daemon to create a <code class="filename">.scanned:</code>
61		file. For small files that are scanned by the daemon within the
62		time (tries * time) the behavior will be just like on-access
63		scanning.
64		</p></dd><dt><span class="term">scannedonly:recheck_tries_open = 100</span></dt><dd><p>
65		See recheck_time_open.
66		</p></dd><dt><span class="term">scannedonly:recheck_time_readdir = 50</span></dt><dd><p>
67		If a non-scanned file is in a directory listing the vfs module
68		notifies the daemon (once for all files that need scanning in
69		that directory), and waits recheck_tries_readdir times for
70		recheck_time_readdir milliseconds. Only used when
71		hide_nonscanned_files is false.
72		</p></dd><dt><span class="term">scannedonly:recheck_tries_readdir = 20</span></dt><dd><p>
73		See recheck_time_readdir.
74		</p></dd><dt><span class="term">scannedonly:allow_nonscanned_files = False</span></dt><dd><p>
75		Allow access to non-scanned files. The daemon is notified,
76		however, and special files such as <code class="filename">.scanned:</code>
77		files. <code class="filename">.virus:</code> files and
78		<code class="filename">.failed:</code> files are not listed.
79		</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2483751"></a><h2>EXAMPLES</h2><p>Enable anti-virus scanning:</p><pre class="programlisting">
80        <em class="parameter"><code>[homes]</code></em>
81	<a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = scannedonly</a>
82	<a class="link" href="smb.conf.5.html#SCANNEDONLY:HIDE_NONSCANNED_FILES" target="_top">scannedonly:hide_nonscanned_files = False</a>
83</pre></div><div class="refsect1" lang="en"><a name="id2483793"></a><h2>CAVEATS</h2><p>This is not true on-access scanning. However, it is very fast
84	for files that have been scanned already.
85	</p></div><div class="refsect1" lang="en"><a name="id2481570"></a><h2>VERSION</h2><p>This man page is correct for version 3.5.0 of the Samba suite.
86	</p></div><div class="refsect1" lang="en"><a name="id2481581"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
87	were created by Andrew Tridgell. Scannedonly was
88	developed for Samba by Olivier Sessink. Samba is now developed
89	by the Samba Team as an Open Source project similar
90	to the way the Linux kernel is developed.</p></div></div></body></html>
91