ZFS Has Virus Scanning Functionality Built In

/zfs-has-virus-scanning-functionality-built-in 2009-10-23T11:23:14+01:00

I've just had a "how cool is this" moment. I was browsing through the zfs(1M) man page on OpenSolaris and spotted this excerpt...

     vscan=on | off

         Controls whether regular files  should  be  scanned  for
         viruses when a file is opened and closed. In addition to
         enabling this property, the virus scan service must also
         be  enabled  for  virus  scanning  to occur. The default
         value is off.

Huh??? Virus scan???!!! Solaris viruses are almost unheard of. In fact I can only think of the telnet worm. So I did a bit more research and sure enough, ZFS now has the ability to interface with a 3rd party virus scanning engine that can be used on Solaris.

The OpenSolaris Security Services Guide describes the virus scanning as follows:

About Virus Scanning

Data is protected from viruses by a scanning service, vscan, that uses various scan engines. A scan engine is a third-party application, residing on an external host, that examines a file for known viruses. A file is a candidate for virus scanning if the file system supports the vscan service, the service has been enabled, and the type of file has not been exempted. The virus scan is then performed on a file during open and close operations if the file has not been scanned with the current virus definitions previously or if the file has been modified since it was last scanned.

The vscan service can be configured to use multiple scan engines. It is recommended that the vscan service use a minimum of two scan engines. The requests for virus scans are distributed among all available scan engines. Table 4–1 shows the scan engines that are supported when configured with their most recent patch.

Of course, this isn't the same type of anti-virus scanning that you'd expect to implement on a Windows system (we all know Windows viruses don't affect Solaris) - this is purely a file checking mechanism.

Sadly, the free open source ClamAV Anti-Virus product isn't on the list of "officially supported" scan engines, but given it's open source nature, I'm sure it won't be long before someone works out how to get it working with ZFS.

So there you have it. My "how cool is that" moment.

Oh, and if your wondering - "Why do you need an anti-virus app on Solaris?" Well, you don't really, as I said, Solaris viruses are almost unheard of, however given the fact you can share your ZFS data using CIFS to your Windows clients, it makes sense for the Solaris host to be daddy and make sure the data it's looking after is virus free.

On the topic of viruses, here's a little challenge for everyone: name 3 UNIX (it doesn't even have to be Solaris specific) viruses in the world at large, excluding the Solaris telnet worm.

Copyright © 2005 - 2021 Colin Seymour All rights reserved. Privacy Policy.
Check out the feed if you do the RSS/Atom thing.