Specifies scan control options. (QSCANFSCTL)
Scan control, also known as QSCANFSCTL, is a member of the security category of i5/OS™ system values. You can use this system value to specify whether the default scan control options are used or to specify specific scan control options. To learn more, keep reading.
| Quick reference | |
|---|---|
| Location | In iSeries™ Navigator, select your system, |
| Special authority | All object (*ALLOBJ) and security administrator (*SECADM) |
| Default value | Use default scan control options |
| Changes take effect | Immediately |
| Lockable | Yes Lock function of security-related system values (Click for details) |
What can I do with this system value?
Use this system value to specify scanning options for the Use registered exit programs to scan the root (/), QOpenSys, and user-defined file systems (QSCANFS) system value. These options control the integrated file system scanning on the system when exit programs are registered with any of the integrated file system scan-related exit points.
- Use default scan control options (*NONE specified)
Indicates that the system uses the following scanning options when calling the registered exit programs:
- Perform write access upgrades
- Fail close request if scan fails during close
- Scan on next access after object has been restored
- Use specified scan control options
Allows you to select which scanning options the system should use when calling the registered exit programs. Select from the following:
- Scan accesses through file servers only (*FSVRONLY specified)
By selecting this option, only accesses from a file server to the iSeries server are scanned. Accesses through the Network File System (NFS) are scanned as well as other file server methods. However, native or direct connections to the iSeries server are not scanned. If this option is not selected, all accesses will be scanned no matter if you connect directly to the iSeries or through a file server.
- Fail request if exit program fails (*ERRFAIL specified)
By selecting this option, you are specifying to fail the request or operation which triggered the call to the exit program, if there are errors when the exit program is called. Possible errors may be that the program is not found or the program is not coded requiredly to handle the exit program request. If this happens, the requested operation receives an indication that the object failed a scan. If this option is not selected, the system will skip the failing exit program and treat the object as if it was not scanned by this exit program.
- Perform write access upgrades (*NOWRTUPG not specified)
By selecting this option (*NOWRTUPG not specified), you are specifying to allow the iSeries system to upgrade the access for the scan descriptor passed to the exit program to include write access, if possible. Use this option if you want the exit program to be able to fix or modify objects even though they were originally opened with read-only access. If this option is not selected, the system will not upgrade the access to include write access.
- Use 'only when objects have changed' attribute to control scan
(*USEOCOATR specified)
By selecting this option, the system will use the specification of the 'object change only' attribute to only scan the object if it has been modified (not also because scan software has indicated an update). If this is not specified, this 'object change only' attribute will not be used, and the object will be scanned after it is modified and when scan software indicates an update.
- Fail close request if scan fails during close (*NOFAILCLO not
specified)
When this option is selected (*NOFAILCLO not specified), the system will fail the close request if an object failed a scan during close processing. This option only applies to close requests.
If this option is not selected (*NOFAILCLO specified), the system will not fail the close request if an object failed a scan even if the Fail request if exit program fails option is selected.
For example, if the Fail request if exit program fails option is selected and this option is not selected, the system will not send a failure indication even though an object failed a scan during close processing. But, the object will be marked as failing a scan.
- Scan on next access after object has been restored (*NOPOSTRST
not specified)
By selecting this option (*NOPOSTRST not specified), objects will be scanned at least once after being restored no matter what its object scan attribute is. If the object scan attribute is that 'the object will not be scanned,' the object will be scanned once after being restored. If the object scan attribute is that 'the object will only be scanned if it has been modified since the last time it was scanned,' the object will be scanned after being restored because the restore will be treated as a modification to the object.
If this option is not selected (*NOPOSTRST specified), objects will not be scanned just because they are restored. Scanning depends on the object's scanning attribute.
In general, it is good practice to scan restored objects at least once. However, you may not select this option if you know that the objects being restored were scanned before they were saved or they came from a trusted source.
- Scan accesses through file servers only (*FSVRONLY specified)
For more information, see Integrated file system concepts. Only stream file objects that are in Type 2 directories are scanned. For more information on Type 2 directories, see *TYPE2 directories.
Where can I get more information about this system value?
To learn more, go to the security system values overview topic. If you are looking for a specific system value or category of system values, try using the i5/OS system value finder.