This article describes the scheduled scan options available in Sophos Anti-Virus for Unix/Linux version 7.x, including the priority in which they are applied.
Known to apply to the following Sophos product(s) and version(s)
Sophos Anti-Virus for Linux
Sophos Anti-Virus for Unix
Operating systems
Unix
Linux
What To Do
Retrieving Scan Configuration
A template of all available options is available in the following files:
/opt/sophos-av/doc/namedscan.example.en
/opt/sophoa-av/doc/namedscan.example.jp
To view the configuration of a configured scan please run:
/opt/sophos-av/bin/savconfig query NamedScans <name>
For full details on how to configure/import/update a scheduled scan, please review the User Manual:
http://www.sophos.com/support/docs/
Device Type Options
Sophos Anti-Virus will detect mounted file systems. The following options determine which filesystems will be scanned.
Option / Usage
| Default | Description |
scanHardDrives = yes|no | yes | includes/excludes all mounted filesystems that are not detected as Optical, Removable, Network, or Special. Unknown filesystem types are also included/excluded based on this option |
scanOpticalDrives = yes/no | yes
| includes/excludes all mounted filesystems that are detected as Optical
|
scanRemovableDevices = yes/no | yes
| includes/excludes all mounted filesystems that are detect as Removable Devices
|
scanNetworkFileSystems = yes|no | no | includes/excludes all mounted filesystems that are detected as Remote (network filesystems/shares)
|
Priority:
- If any of these Device Types are set to 'yes' the filesystem will be scanned regardless of whether it has been explicitly added with 'include' options (below).
- If any of these Devices Types are set to 'no' then they will not be scanned, unless they have been explicitly added using 'include'.
- Device type options are still overriden by any explicit 'exclude' options. Excluded files/directories will not be scanned.
Note: Filesystem types detected as 'Special' will never be scanned, as the scanning of these types is not recommended. This includes operating system dependant filesystems such as 'proc'
Include Options
It is also possible (although not required) to explicitly include files/directories as well as filesystems.
| Option/Usage | Default
| Description |
include = /path/example | none | Explicitly include a file/directory. Multiple inclusions can be added
|
Priority:
- Explicit inclusions override any Device Type exclusions
- Device Type inclusions will also apply
- If nothing has been explicitly included then filesystems will still be scanned if configured in the Device Type options
- 'include' options are still overriden by any explicit 'exclude' options. Excluded files/directories will not be scanned.
Exclude Options
Files/directories can also be explicitly excluded:
| Option/Usage | Default | Description |
exclude = /path/example | none | Explicitly exclude a file/directory. Multiple exclusions can be added
|
excludeExtension = iso | none
| Explicitly excludes a file extension from scanning. Multiple exclusions can be added
|
scanArchives = 1|0 | 1 | If 1, files detected as archive type will be scanned
|
Priority:
- Exclusions override both the 'include' option and any Device Type inclusions. Excluded files/directories will not be scanned regardless of any other options
- Excluded file extensions will not be scanned regardless of any other options
- If the scanning of archives is disabled, they will not be scanned regardless of any other options
- If the scanning of archives is enabled, only archives located in 'include' or Device Type directories will be scanned
Other Options:
| Option/Usage | Default | Description |
| day = monday
day = 1 | none
| The day of the week for the scheduled scan to run, specified as text or a numeric value. This option is required. Multiple days can be specified
|
time = 01:00 | none | The time of day for the scheduled scan to run, specified as HH:MM. This options is required. Multiple times can be specified
|
disinfect = enable|disable | enable | Specify whether disinfection (cleanup) of infected files will be attempted. Note: disinfection will only be attempted on infections that are known to be disinfectable
|
threatAction = donothing|delete | donothing | If disinfection is not possible, or disinfection is disabled, this option specifies whether to attempt deletion of the infected file
|
scanLevel = normal|extensive | normal | Specifies how thoroughly to inspect each file. normal scanning will inspect only the known-infectable file parts. extensive will scan the complete file
|