I am trying to find out the what would be the right vscan setting for my cluster mode environment.
The settings I am specifically after are "Filters" options under "On-access-policy". By default it is set to mandatory. But the negative with that is if the AV scanners drops out then the end user would get a access denied error. So I was trying to see if "scan-execute-access" would the right one.
The man page of that options says "Scan only files opened with execute-access (CIFS only)". My understanding is that there would be a scan request only when a user open the file (with him having right access ofcourse).
Does this include a scan on the execution and writing of the file as well?
Also would there be a scan request if the same file is opened by a user with only read access?
Any detailed information about this would be of great help.