Scanning the IFS is a time-consuming job, and while it is ideal to scan all directories and files daily, we realize that this may not be realistic in some environments due to the number or type of files and directories.
Please keep in mind that the time required by an On-Demand Scan depends on several performance factors, including:
- The speed of the processor
- The contention of CPU resources with other jobs
- The number and types of files being scanned
- The size of the files
- The depth of the directory structure
The scan job’s default settings ensures that only available CPU capacity is used; the run priority is set to 99. CPU that is available will be used, as much as possible, to speed performance. Do not be surprised if you see the AVSVR job consuming a high amount of CPU while your scan job is running. This is normal behavior.
Use the following suggestions to achieve the fastest performance time for your scan while still allowing for a thorough scan job:
Review Your Scan Settings
Your scan settings can be found by running the command STANDGUARD/AVCFGTSK. (Alternatively, from the Main Menu (AVMENU), choose Option 50 for Settings, Option 6 for Virus Scan Tasks, then enter your Scan Task’s name.)
- Review the time that your scan is scheduled to run. Ideally, scans should be run during quiet times on the system. Choose a time the fewest jobs/users are using system resources in order to allow the scan task to run faster.
- Set the Files parameter to *DFT. The recommended setting is *ALL, which offers you the best protection against virus infection, however, the *DFT option does safely narrow the scope of scan operations to files that are susceptible to virus infection, and reduces the amount of time devoted to scanning files.
- Set the Force parameter to *NONE. The object’s scan settings will be used. Objects set to 'Object scanning *NO’ will not be scanned; objects set to ‘Object scanning *CHGONLY’ will not be scanned unless the object has changed (‘Scan status *REQUIRED').
- Set the Timeout minutes parameter. If a timeout is indicated (e.g. 360), the scan will end after the indicated time. It will finish the current directory before it stops. The next time it starts, the scan restarts where it left off. This allows you to take advantage of quieter system times while ensuring the scan task doesn’t overlap with high-priority jobs.
Note: Please keep in mind that the timeout is checked after each directory is scanned, and will not timeout in the middle of a directory, so the scan may run longer than the time indicated.
Use Daily Scans to Target Heavily-Accessed Directories on the IFS
Perhaps some directories are constantly accessed by users, but others that contain archive files (embedded files usually ending with one of the following extensions: .ZIP, .CAB, .LZH, JAR and .UEE) aren’t accessed as frequently, and take more time to scan. You may wish to create two separate scan tasks: one that runs daily on the heavily-accessed directories, and one that runs less often, perhaps weekly or biweekly, on the less-accessed directories and file types.
If you do not want your daily scan to scan archive files, change the Scan archives parameter to *NO.
Limit Scans to Changed Objects
To reduce the amount of time required for a virus scan, configure to perform a changes-only scan (*CHGONLY), which scans only objects created after the previous scan and objects changed since the previous scan.
For instructions that describe how to make these changes, see Limiting Scans to Changed Objects.
Note: Directories that are shared for mapped drives are not good candidates for *CHGONLY since zero-day threats (unidentified threats not yet addressed by antivirus software) can be dropped after the initial scan and never scanned again because they do not change.
Review Your Scan Log
Review your Scan log from time to time for directories that should be excluded:
- First, ensure your logging level is set to *DETAILED or *FULL under your scan settings.
Note: The *DETAILED or *FULL setting can result in an extremely large file for full system scans, and therefore may not always be the preferred option.
- Review scans for directories that are locked by other jobs running on the system, or causing scan slowdowns. You may want to exclude directories from scanning that are consistently locked during scans.