Provided by: samba-vfs-modules_4.3.11+dfsg-0ubuntu0.14.04.20_amd64 bug

NAME
       vfs_scannedonly - Ensures that only files that have been scanned for viruses are visible and accessible
       to the end user.


SYNOPSIS

       vfs objects = scannedonly


DESCRIPTION
       This VFS module is part of the samba(8) suite.

       The vfs_scannedonly VFS module ensures that only files that have been scanned for viruses are visible and
       accessible to the end user. If non-scanned files are found an anti-virus scanning daemon is notified. The
       anti-virus scanning daemon is not part of the Samba suite.

       Scannedonly comes in two parts: a samba vfs module and (one or more) daemons. The daemon scans files. If
       a certain file is clean, a second file is created with prefix .scanned:. The Samba module simply looks if
       such a .scanned: file exists, and is newer than the pertinent file. If this is the case, the file is
       shown to the user. If this is not the case, the file is not returned in a directory listing
       (configurable), and cannot be opened (configurable). The Samba vfs module will notify the daemon to scan
       this file.

       So what happens for the user in the default configuration. The first time a directory is listed, it shows
       files as 'file is being scanned for viruses, but after the first time all files are shown. There is a
       utility scannedonly_prescan that can help you to prescan all directories. When new files are written the
       daemon is notified immediately after the file is complete.

       If a virus is found by the daemon, a file with a warning message is created in the directory of the user,
       a warning is sent to the logs, and the file is renamed to have prefix .virus:. Files with the .virus:
       prefix are never shown to the user and all access is denied.

       This module is stackable.


CONFIGURATION
       vfs_scannedonly relies on a anti-virus scanning daemon that listens on the scannedonly socket (unix
       domain socket or UDP socket).


OPTIONS
       scannedonly:domain_socket = True
           Whether to use a unix domain socket or not (false reverts to use udp)

       scannedonly:socketname = /var/lib/scannedonly/scan
           The location of the unix domain socket to connect to

       scannedonly:portnum = 2020
           The udp port number to connect to

       scannedonly:scanhost = localhost
           When using UDP the host that runs the scanning daemon (this host needs access to the files!)

       scannedonly:show_special_files = True
           Whether sockets, devices and fifo's (all not scanned for viruses) should be visible to the user

       scannedonly:rm_hidden_files_on_rmdir = True
           Whether files that are not visible (.scanned: files, .failed: files and .virus: files) should be
           deleted if the user tries to remove the directory. If false, the user will get the "directory is not
           empty" error.

       scannedonly:hide_nonscanned_files = True
           If false, all non-scanned files are visible in directory listings. If such files are found in a
           directory listing the scanning daemon is notified that scanning is required. Access to non-scanned
           files is still denied (see scannedonly:allow_nonscanned_files).

       scannedonly:scanning_message = is being scanned for viruses
           If non-scanned files are hidden (if scannedonly:hide_nonscanned_files = True), a fake 0 byte file is
           shown. The filename is the original filename with the message as suffix.

       scannedonly:recheck_time_open = 50
           If a non-scanned file is opened, the vfs module will wait recheck_tries_open times for
           recheck_time_open milliseconds for the scanning daemon to create a .scanned: file. For small files
           that are scanned by the daemon within the time (tries * time) the behavior will be just like
           on-access scanning.

       scannedonly:recheck_tries_open = 100
           See recheck_time_open.

       scannedonly:recheck_time_readdir = 50
           If a non-scanned file is in a directory listing the vfs module notifies the daemon (once for all
           files that need scanning in that directory), and waits recheck_tries_readdir times for
           recheck_time_readdir milliseconds. Only used when hide_nonscanned_files is false.

       scannedonly:recheck_tries_readdir = 20
           See recheck_time_readdir.

       scannedonly:allow_nonscanned_files = False
           Allow access to non-scanned files. The daemon is notified, however, and special files such as
           .scanned: files.  .virus: files and .failed: files are not listed.


EXAMPLES
       Enable anti-virus scanning:

                   [homes]
                vfs objects = scannedonly
                scannedonly:hide_nonscanned_files = False


CAVEATS
       This is not true on-access scanning. However, it is very fast for files that have been scanned already.


VERSION
       This man page is correct for version 4.0.0 of the Samba suite.


AUTHOR
       The original Samba software and related utilities were created by Andrew Tridgell. Scannedonly was
       developed for Samba by Olivier Sessink. Samba is now developed by the Samba Team as an Open Source
       project similar to the way the Linux kernel is developed.

Samba 4.3                                          04/01/2019                                 VFS_SCANNEDONLY(8)