Cluster mode: vscan settings : On-access-policy


I am trying to find out the what would be the right vscan setting for my cluster mode environment.

The settings I am specifically after are "Filters" options under  "On-access-policy". By default it is set to mandatory. But the negative with that is if the AV scanners drops out then the end user would get a access denied error. So I was trying to see if "scan-execute-access" would the right one.

The man page of that options says "Scan only files opened with execute-access (CIFS only)". My understanding is that there would be a scan request only when a user open the file (with him having right access ofcourse).

Does this include a scan on the execution and writing of the file as well?

Also would there be a scan request if the same file is opened by a user with only read access?

Any detailed information about this would be of great help.

Thanks in advance.