Scan File Systems Control (QSCANFSCTL)

The Scan File Systems Control (QSCANFSCTL) system value controls the integrated file system scanning that is enabled when exit programs are registered with any of the integrated file system scan-related exit points.

QSCANFSCTL works with the scan file systems system value to provide granular controls on how and what is scanned in the integrated file system. You can choose different scanning options or you can select to use default scan options. Also, you can select several scan options which control how and what the registered exit programs will scan. These options are described in following table:

Table 1. Possible values for the QSCANFSCTL system value:
*NONE No controls are being specified for the integrated file system scan-related exit points.
*ERRFAIL If there are errors when calling the exit program (for example, program not found or the exit program signals an error), the system will fail the request which triggered the exit program call. If this is not specified, the system will skip the exit program and treat it as if the object was not scanned.
*FSVRONLY Only accesses through the file servers will be scanned. For example, accesses through Network File System will be scanned as well as other file server methods. If this is not specified, all accesses will be scanned.
*NOFAILCLO The system will not fail the close requests with an indication of scan failure, even if the object failed a scan which was done as part of the close processing. Also, this value will override the *ERRFAIL specification for the close processing, but not for any other scan-related exit points.
*NOPOSTRST After objects are restored, they will not be scanned just because they were restored. If the object attribute is that "the object will not be scanned", the object will not be scanned at any time. If the object attribute is that "the object will be scanned only if it has been modified since the last time it was scanned", the object will only be scanned if it is modified after being restored.

If *NOPOSTRST is not specified, objects will be scanned at least once after being restored. If the object attribute is that "the object will not be scanned", the object will be scanned once after being restored. If the object attribute is that "the object will be scanned only if it has been modified since the last time it was scanned", the object will be scanned after being restored because the restore will be treated as a modification to the object.

In general, it may be dangerous to restore objects without scanning them at least once. It is best to use this option only when you know that the objects were scanned before they were saved or they came from a trusted source.

*NOWRTUPG The system will not attempt to upgrade the access for the scan descriptor passed to the exit program to include write access. If this is not specified, the system will attempt to do the write access upgrade.
*USEOCOATR The system will use the specification of the "object change only" attribute to only scan the object if it has been modified (not also because scan software has indicated an update). If this is not specified, this "object change only" attribute will not be used, and the object will be scanned after it is modified and when scan software indicates an update.

Recommended value: If you want the most restrictive values specified for integrated file system scanning, then the recommended settings are *ERRFAIL and *NOWRTUPG. This ensures that any failure from the scan exit programs prevent the associated operations, as well as not give the exit program additional access levels. However, the *NONE value is a good option for most users. When installing code that is shipped from a trusted source, it is recommended that *NOPOSTRST be specified during that install time period.