Configure Scan Task (AVCFGTSK)

Restrictions

The user running the command must either have *ALLOBJ authority OR have *RX authority to all files and directories referenced on the OBJ parameter, and *RWX authority for cleaning of any viruses. We recommend running the command under a profile with *ALLOBJ authority to ensure complete scanning and cleaning. The Integrated File System does not recognize adopted authorities. Therefore, you cannot use the command in a CL program that adopts authority. The actual job user must have the required authorities to properly scan files.

Parameters

Task name (TASK)

Specifies the name or description of the task. The task name is used to configure and run tasks. To change an existing task, press F4 and type the name of the task you want to change, then press Enter. To create a new task, type the name of the task you want to create and press Enter.

*SYS The system default task.

task-name Specify the name of a task to create or use.

Objects (OBJ)

This is the object (starting path or filename) to scan.

Examples:

The following file systems are always excluded from scanning (even if they are specified in the starting path). This may not be a complete list. In general, only local file systems can be scanned (not network files).

QSYS.LIB
QNTC
QFileSvr.400
QTCPTMM

To scan the entire Integrated File System, specify '/'.
To scan only the /QIBM directory, specify '/QIBM'.

Directory subtree (SUBTREE)

Specifies if files contained in subfolders relative to the starting path are scanned.

*ALL Files within subfolders of the starting path will be scanned. If the subfolders also contain subfolders, they will also be scanned, and so on. If you want to exclude a folder within a subfolder, see the Exclude paths (EXCL) parameter.

*NONE To exclude directories within the subtree use the following OMIT parameter.

Do not scan subfolders. If the subfolders contain additional files and folders, they will not be scanned.

Omit (OMIT)

Specifies the list of directories to exclude from scanning.

Heuristic analysis (HEURISTIC)

Include heuristic analysis to find new viruses. When you use heuristic analysis, the scanning engine employs heuristic technology to detect potentially unknown viruses in executable files (programs). Without this option, the engine can only find viruses that are already known and identified in the current virus definition files.

*YES Include heuristic analysis to find new viruses. This attribute slows the engine's performance and consumes additional processor resources.

*NO Do not use heuristic analysis.

Macro analysis (MACRO)

Specifies if you want to treat embedded macros that have code resembling a virus as if they were viruses. This parameter is similar to Heuristic analysis but scans for new viruses in compound document formats; for example, Microsoft OLE formats such as Word documents.

You can use both Macro analysis and Heuristic analysis as parameters, and the engine determines which heuristics to implement based on the file type.

*YES Include macro analysis to find new viruses. This attribute slows the engine's performance and consumes additional processor resources.

*NO Do not use macro analysis.

Potentially unwanted programs (PROGRAMS)

Specifies if you want scanning activities to include detection of some widely available applications, such as password crackers or remote access utilities that can be used maliciously or pose a security threat.

*NO Do not scan for potentially unwanted programs.

*YES Scan for potentially unwanted programs.

Scan archives (ARCHIVES)

Specifies if you want scanning activities to include archive files. Archive files contain embedded files and usually end with one of the following extensions: .ZIP, .TAR, .CAB, .LZH, .JAR, and .UUE. This option will also permit scanning of MSCompress files.

*YES Scan archive files to find new viruses. This attribute slows the engine's performance and consumes additional processor resources.

*NO Do not scan archive files.

Clean infected files (CLEAN)

Specifies if the engine should remove the virus from the file ("clean"). If a file cannot be cleaned, the Clean failure action (CLEANFAIL) parameter provides a secondary choice.

*YES Clean the infected file(s) by removing the virus.

*NO Do not clean infected files.

Clean failure action (CLEANFAIL)

Specifies the secondary action if the file cannot be cleaned.

*QRN Move or create a link in the quarantine folder to the infected file. Whether a link is created or the file is moved depends on the file system where the virus was found. For more information about quarantining files see Quarantine.

*DELETE Delete the file. These files are first overwritten with zeros, made zero length and then deleted using an operating system call. Therefore, you cannot undelete these files.

*NONE No action is performed. Use this option with caution as any viruses that are found and cannot be cleaned are left in place and still present a threat.

Files (FILES)

Specifies the types of files to include in scanning activities.

*ALL Scan all files. This attribute slows the engine's performance, but offers you the best protection against infection.

*DFT Scan only file types that are most susceptible to virus infection. This option safely narrows the scope of scan operations to files that are susceptible to virus infection and reduces the amount of time devoted to scanning files.

*ALLMACRO Expands scanning activities to include an examination of all files to determine if they contain known macro viruses. This attribute slows the engine's performance but offers you the best protection against infection from macro viruses. This option is faster than the *ALL files option, which examines every file for program viruses and macro viruses.

Force (FORCE)

Specifies if you want to recognize or override the object's scan settings when performing this scan. The object's scan settings can be seen using the WRKLNK command and choosing option 8 to view the object's attributes as seen below:

Object scanning . . . . . . . . . . . : *YES
Scan status . . . . . . . . . . . . : *SUCCESS
Scan signatures different . . . . . : No
Binary scan . . . . . . . . . . . . : Yes
CCSID scan . . . . . . . . . . . . . : 0

The scan settings for an object can be changed using the CHGATR ATTR(*SCAN) command.

*NONE The object's scan settings will be utilized. This is the default. Objects set to 'Object scanning *NO' will not be scanned. Objects set to 'Object scanning *CHGONLY' will not be scanned unless the object has changed ('Scan status *REQUIRED').

*ALL All files will be scanned regardless of the 'Object scanning' parameter, provided the virus definitions have been updated to a newer level since the object was last scanned ('Scan signatures different *YES'). This option can be useful to periodically scan objects that would normally be skipped from scanning.

*NOSCAN Files that have been configured with 'Object scanning *NO' will be scanned, provided the virus definitions have been updated to a newer level since the object was last scanned ('Scan signatures different *YES').

*CHGONLY Files that have been configured with 'Object scanning *CHGONLY' will be scanned even though the object has not changed, provided the virus definitions have been updated to a newer level since the object was last scanned ('Scan signatures different *YES').

Output (OUTPUT)

Specifies where output from the program should be sent.

*LOGFILE The output is sent to an IFS stream file in the logs directory.

*PRINT The output is spooled to an output queue.

Schedule (SCHEDULE)

Specifies when to schedule the task. When you specify a schedule and press Enter, the product schedules the job AVRUNTSK using the ADDJOBSCHDE command.

*NONE Do not schedule the command or process to run. Tasks that are configured but not scheduled need to be run manually using the AVRUNTSK command.

*DAILY Run the command or process every day.

*WEEKLY Run the command or process on the same day once per week.

*MONTHLY Run the command or process on the same day each month.

Additional Parameters

The following parameters appear when you prompt the command and press F9 for All parameters.

Days (SCHEDDAYS)

Specifies the days to perform the task.

*ALL Schedule the task to run every day.

*SUN Schedule the task to run every Sunday.

*MON Schedule the task to run every Monday.

*TUE Schedule the task to run every Tuesday.

*WED Schedule the task to run every Wednesday.

*THR Schedule the task to run every Thursday.

*FRI Schedule the task to run every Friday.

*SAT Schedule the task to run every Saturday.

Time (SCHEDTIME)

Specifies the time to run the task.

Run priority (RUNPTY)

Specifies the job run priority for the task. The value can be in the range of 11 - 99, where 11 is the highest priority and 99 is the lowest. 99 will have the least impact on other jobs but will take longer to run.

Logging level (LOGLVL)

Specifies the number of directory levels listed in the scan log.

*DETAILED Detailed information is logged. Detailed logging contains more information than *SUMMARY but less than *FULL.

*SUMMARY Summary information is logged.

*FULL All information is logged.

Timeout minutes (TIMEOUT)

Specifies the number of minutes the scan task will run before the operation times out. Use this option to limit the time for long‑running scan tasks to complete. Incomplete scan tasks will automatically resume scanning from the last directory on the next run of the task. For example, if a complete scan requires 8 hours but is configured with a 240 minute timeout (and is scheduled to run daily), then you will get a complete scan every other day.

*NONE The task will run as long as necessary to completion without timing out.

minutes The task will time out after the specified number of minutes. Note: The timeout is checked after each directory is scanned and will not time out in the middle of a directory. Therefore, the task may run longer than the specified number of minutes as needed to establish a directory boundary.

Host (HOST)

Specifies the name of the NFS host where the files are stored. Use this option to scan files and directories on Linux and AIX partitions. To use this option you must export the root directory on the specified host with read/write and allow root access (no_root_squash). When you specify a host name, the root file system will be mounted using the Network File System (NFS) to a temporary directory, the files and directories will be scanned, and the file system unmounted. You can determine the host name using the DSPNWSD command.

*LOCAL The start path is located on the local file system.

hostname The start path is located on the specified NFS host. You must have *ALLOBJ authority for this option to work correctly.

Delete (DELETE)

Specifies if you want to delete or change the task.

*NO The task will be changed or created.

*YES The task will be deleted. All other parameters except the task name are ignored.

NOTE:

At the beginning of ‘Configure Scan Task' (AVCFGTSK) there is the option to submit a ‘Task name’.

You can create one by entering the desired name, but if you select the default (*SYS), there is a restriction: The default task name *SYS cannot be deleted, so if you select *YES for *SYS, it will not be deleted. Only ‘customized’ tasks named anything other than *SYS will be able to be deleted using this *YES option.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
8.12 | 202502030833 | February 2025