Examples: Scanning for viruses and files being opened
These examples show what the exit program can scan for.
- Viruses
The exit programs can scan for viruses. If a virus is located in a file, the antivirus program can act accordingly by repairing the problem or by attempting to quarantine the virus. Because the System i™ platform itself cannot be infected by the virus, what this accomplishes is a reduction in virus transmissions between systems.
- Calls to know when a file was opened
You may also scan to find out when a file was opened. By enacting this scan, you are able to track the date and time of when certain files were accessed. This is useful when you want to track the behavior of certain users.
The scan can occur at two different times depending on how the system values are set and how the scan environment is established. The following list describes different kinds of scanning depending on the time they occur.
- Runtime scanning
A runtime scan is a scan on a file or files during normal day-to-day activities. This ensures the integrity of your files every time they are accessed. Scanning during your normal activities allows you to ensure that your file or files are current for whatever standards you are scanning.
Example of a runtime scan for viruses
You choose to access a file on the integrated file system from your PC. When the file is opened from the PC, it is scanned. Because an open exit program is registered and the QSCANFS system value is set to scan files in the "root" (/), QOpenSys and UDFS file systems. The scan shows one virus is found and the anti-virus exit program proceeds to repair the problem. After the exit program repairs the file, the file is no longer infected. Thus, the access from the PC is not infected and it cannot spread the infection.
Now say that instead of scanning for viruses on that access, you choose not to do a runtime scan. Then, after accessing the infected file from your PC, the virus might be transferred to your PC. By employing a runtime scan, the virus can be detected before it spreads to your PC.
The main shortcoming of this method is that resource time is required to do the scans. Users attempting to access a file must wait until the scan is completed, before being able to use the file. The system ensures that scanning is performed only when required, not on every access.
- Mass or manually activated scanning
You can use this option if you want to scan multiple items at the same time. In this instance, you can set the scan to occur when your system is offline, such as during the weekend. This has very little impact on accessing files during your normal day-to-day activities. The scan is done offline. Therefore, it can reduce runtime scan overhead for files that do not change after the mass scan is completed because re-scans are not required when such files are accessed again.
Parent topic:
Scanning support
Related concepts
Related system values
Related information
Integrated File System Scan on Open Exit Program
Integrated File System Scan on Close Exit Program