Home
Support
Knowledgebase
All Topics
Endpoint Security and Control
Endpoint Protection
Sophos Anti-Virus
For Linux
Sophos Anti-Virus for Linux / Unix: Anti-Virus and...

Support

Sophos Anti-Virus for Linux / Unix: Anti-Virus and HIPs policy - applicable settings

Article ID: 117344
Rating:
4 customers rated this article 6.0 out of 6

Updated: 04 Apr 2013

This article describes the Sophos Enterprise Console 'Anti-Virus and HIPS' policy settings that apply to Linux and Unix endpoints. Some settings in the 'Anti-Virus and HIPs' policy do not apply to Linux/Unix endpoints, only to those on Windows.

Known to apply to the following Sophos product(s) and version(s)
SAV for Linux
SAV for Unix

Operating systems
Linux
Unix

Details

The following chart provides details of which settings are relevant to Linux and Unix endpoints. These settings can also be viewed locally using the 'savconfig' command.

Note:

On-access scan settings marked with LINUX* only apply to systems capable of on-access scanning. For more details, view the SAV for Linux system requirements see article 14377.
Some settings (marked with v9) only apply to version 9.x. Click here for upgrade details

Enterprise Console Setting	Applies to Linux / Unix?	Notes	Local 'savconfig' setting
AUTHORIZATION		Does not apply to Linux / Unix
MESSAGING		Selected Messaging settings are applicable
Desktop Messaging > Enable Desktop messaging	LINUX UNIX	Applicable. However, in order to make the ' Enable Desktop messaging' option available, you are required to select one of the 'Messages to display' options in the GUI.	UINotifier UIpopupNotification UIttyNotification
Desktop Messaging > Messages to display	LINUX UNIX	Only 'Virus/Spyware' is applicable. This also enables alerts regarding scanning errors.	UINotifier UIpopupNotification UIttyNotification
Desktop Messaging > User-defined message	LINUX UNIX	This setting defines the message to display on desktop alerts.	UIContactMessage
Email Alerting > Enable email alerting	LINUX UNIX	Applicable. However, in order to make the ' Enable email alerting' option available, you are required to select one of the 'Messages to display' options in the GUI.	EmailNotifier
Email Alerting > Messages to send	LINUX UNIX	ONLY the following settings are applicable: ‘Virus/spyware’ ‘Scanning Errors’	SendThreatEmail SendErrorEmail
Email Alerting > Recipients	LINUX UNIX	Defines the e-mail recipients. More than one can be configured.	Email
Email Alerting > Configure SMTP > SMTP Server	LINUX UNIX	Defines the SMTP server for email alerts	EmailServer
Email Alerting > Configure SMTP > SMTP Sender Address	LINUX v9 UNIX v9	Defines the SMTP Envelope From address and 'From' header.	EmailSender
Email Alerting > Configure SMTP > SMTP reply-to address	LINUX v9 UNIX v9	Defines the 'Reply-To' header.	EmailReplyTo
Email Alerting > Configure SMTP > Language	LINUX UNIX	English and Japanese only	EmailLanguage
SNMP Messaging	NO	SNMP messaging is not applicable
Event Log	NO	Event Log is not applicable
SOPHOS LIVE PROTECTION		Selected LiveProtection settings are available on Linux in Sophos Anti-Virus 9.x
Enable Live Protection	LINUX v9	Live Protection can be enabled/disabled	LiveProtection
Automatically Send sample files to Sophos	NO	Automatic submission of samples is not available on Linux
ON-ACCESS SCANNING		Selected On-Access settings are applicable to Linux. Unix does not support on-access scanning
Enable On-Access Scanning	LINUX*	On-Access can be enabled/disabled	EnableOnStart
Configure > Scanning > Check files on Read / Rename / Write	NO	These settings are not centrally configurable. Linux endpoints scan during both open and close system calls.
Configure > Scanning > Adware and PUAs	NO	Adware and PUAs are not detected on Linux / Unix
Configure > Scanning > Suspicious Files	NO	Linux endpoints do not scan for suspicious files
Configure > Scanning > Allow access to infected boot sectors	LINUX*	Allow access to infected boot sectors. Boot sectors are scanned on mount by on-access scanning.	AllowIfBootSectorThreat
Configure > Scanning > Scan inside archive files	LINUX*	Enables/Disables scanning of ALL archive types	ScanArchives
Configure > Scanning > Scan System Memory	NO	Linux endpoints do not scan system memory
Configure > Extensions	NO	Linux endpoints scan all file extensions during on-access scanning
Configure > Windows Exclusions	NO	N/A
Configure > Mac Exclusions	NO	N/A
Configure > Linux/Unix Exclusions > Excluded Items	LINUX*	Files and directories can be excluded by path. NOTE: The end of the path is wildcarded.	ExcludeFilePaths
Configure > Linux/Unix Exclusions > Exclude remote files	LINUX*	Excluding remote files currently excludes the following by filesystem: nfs, cifs, smb, smbfs,coda, afs	ExcludeFileSystems
Configure > Cleanup > Automatically cleanup items...	LINUX*	This option sets AutomaticAction to disinfect. NOTE: This option will only disinfect cleanable files. It will not perform a cleanup routine to delete any file which is completely malicious	AutomaticAction
Configure > Cleanup > Deny access only / Deny access and move...	NO	The linux on-access scanner always blocks access to infected files on detection. However, the ability to move infected files is not currently supported.
Configure > Cleanup > Delete	LINUX*	This option sets AutomaticAction to delete. It can also be used in conjunction with disinfect - Infected files that have not been disinfected will be deleted.	AutomaticAction
Configure > Cleanup > Suspicious Files	NO	Linux endpoints do not scan for suspicious files
BEHAVIOUR MONITORING		No Behavior monitoring settings applicable
WEB PROTECTION		No Web Protection settings applicable

The following settings apply to scheduled scans only. 'Extensions and Exclusions' also applies to a console initiated Full System Scan.

Configuration for individual scans can be viewed locally with the 'savconfig' command. For full details on the local scheduled scan settings see article 114372.

Enterprise Console Setting	Applies to Linux / Unix?	Notes	Local scheduled scan setting
SCHEDULED SCANNING		Selected settings apply to Linux / Unix
Add / Edit > What to Scan > Local Hard Disks	LINUX UNIX	Hard Drives are any filesystem not detected as special, removable, optical, or network	scanHardDrives
Add / Edit > What to Scan > Floppy disk and removable	LINUX UNIX	Removable devices are detected based on filesystem	scanRemovableDevices
Add / Edit > What to Scan > CD Drives	LINUX UNIX	CD Drives are detected based on filesystem	scanOpticalDrives
Add / Edit > When Scan Occurs > Days	LINUX UNIX	Multiple days can be configured	day
Add / Edit > When Scan Occurs > Times	LINUX UNIX	Multiple times can be configured	time
Add / Edit > Configure > Scanning > Adware & PUAs	NO	Adware and PUAs are not detected on Linux / Unix
Add / Edit > Configure > Scanning > Suspicious Files	NO	Suspicious files are not detected on Linux / Unix
Add / Edit > Configure > Scanning > Scan inside archive files	LINUX UNIX	Enables/Disables scanning of ALL archive types	scanArchives
Add / Edit > Configure > Scanning > System Memory	NO	Linux endpoints do not scan system memory
Add / Edit > Configure > Scanning > Run Scan at Lower Priority	NO	The priority of scheduled scans is not configurable
Add / Edit > Configure > Cleanup > Automatically cleanup items...	LINUX UNIX	Sets the disinfect option to true/false This option will only disinfect cleanable files. It will not perform a cleanup routine to delete any file which is completely malicious	disinfect
Add / Edit > Configure > Cleanup > Log Only / Move to..	NO	Detections are always logged. However, the ability to move infected files is not currently supported.
Add / Edit > Configure > Cleanup > Delete	YES	Sets threatAction to delete/donothing. It can also be used in conjunction with disinfect - Infected files that have not been disinfected will be deleted.	threatAction
Add / Edit > Configure > Cleanup > Adware and PUA	NO	Adware and PUAs are not detected on Linux / Unix
Add / Edit > Configure > Cleanup > Suspicious Files	NO	Linux endpoints do not scan for suspicious files
EXTENSIONS AND EXCLUSIONS		Selected settings apply to Linux / Unix. These settings apply to scheduled scans configured in SEC, and to the on-demand 'Full System Scan' run via SEC. They do not apply to on-demand scans run via 'savscan' command.
Extensions > Scan all / Scan only	NO	Sets the 'scanAll' scheduled scan setting, but this currently has no effect. All file extensions are scanned unless specifically excluded
Extensions > Scan files with no extension	NO	Sets the 'excludeFilesWithoutExtension' scheduled scan setting, but this currently has no effect. Files without extension are always scanned.
Extensions > Exclude..	LINUX UNIX	Specific file extensions can be excluded	excludeExtension
Windows Exclusions	NO	N/A
Linux/UNIX exclusions > Excluded Items	LINUX UNIX	File / directories can be excluded by type.	exclude
MAC exclusions	NO	N/A

If you need more information or guidance, then please contact technical support.

Rate this article

How did the article rate?

Did this solve your problem?

YesNo

Comments

Help us improve this article

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Support

Sophos Anti-Virus for Linux / Unix: Anti-Virus and HIPs policy - applicable settings

Details

Rate this article

Comments