savscan option
| description
| savscan default
| scheduled scan behaviour
| configurable?
|
-p=<file>
| Write to log file
| Logging is output to stdout and not logged to a file
| Scheduled scans are logged to savd.log.
SAV 7 - No verbose logging can be configured
SAV 9 - An individual log for each scan is created in /opt/sophos-av/log/ | NO |
-di
-ndi
| Disinfect
| Infected items are not disinfected
| Disinfection of infected files can be configured.
| LOCAL
SEC |
-ss
-nss
-s
-ns
-dn
-ndn
| These options control the verbosity of savscan output.
| savscan keeps silent (-s) and does not print scanned files.
| The verbosity of logging cannot be configured. Virus detection, errors, and scan summary are output to savd.log
| NO |
-c
-nc
| Ask for confirmation before disinfection/deletion
| savscan will ask for confirmation before taking action
| Scheduled scans will never ask for confirmation if configured to disinfect/delete
| NO |
-b
-nb
| Sound bell on virus detection
| No bell is sounded on detection. This option does not presently work with savscan, only with sweep.
| No bell is sounded on detection
| NO |
-all
-nall
| Scan all files
| Savscan uses an internal list of file types to scan
| All files are always scanned regardless of extension
| NO |
-rec
-nrec
| Recurse down directories
| savscan does recurse down directories by default
| scheduled scans always recurse down directories
| NO |
-remove
-nremove
| Remove infected files
| Infected items are not removed
| Removal of infected files can be configured
| LOCAL
SEC |
-eex
-neec
| Use extended exit codes
| Extended return codes are not used
| Not applicable to scheduled scans
| NO |
-v
-vv
| Output version information
| N/A
| Not applicable to scheduled scans | NO |
| -maxinfobj=<n> | Maximum number of times to attempt to disinfect
| 100 | There is no limit to the number of disinfection attempts.
| NO |
| -ext=<extension> | Scan additional filename extensions
| N/A | Not applicable to scheduled scans. All file extensions are scanned
| NO |
| -exclude | Exclude items from scanning
| No items are excluded
| Excluded files/directories can be configured
| LOCAL
SEC |
| -include | Include items in scanning
| N/A | Included files/directories can be configured
| LOCAL |
--follow-symlinks
--no-follow-symlinks
| Scan the object pointed to by symbolic links
| Symlinks are followed
| Symlinks are not followed
| NO |
--stay-on-filesystem
--no-stay-on-fileystem
--stay-on-machine
--no-stay-on-machine
| These options control whether the scan leaves the starting filesystem/computer
| savscan will not leave the starting filesystem/computer
| Types of device to be scanned can be configured. The scan will leave the starting filesystem/computer when explicit 'include' options are used.
| LOCAL
SEC |
--skip-special
--no-skip-special
| Don't scan 'special' objects (/dev, /proc, /devices, etc)
| savscan will not scan special objects
| A scheduled scan will never scan special objects
| NO |
--backtrack-protection
--no-backtrack-protection
| Prevent repitition of work due to symbolic links
| Backtrack protection is enabled
| Does not apply to scheduled scans as symlinks are not followed
| NO |
--preserve-backtrack
--no-preserve-backtrack
| Preserve backtracking information for duration of this scan
| Backtracking information is preserved for duration of scan
| Does not apply to scheduled scans as symlinks are not followed | NO |
--examine-x-bit
--no-examine-x-bit
| Examine files with an execute bit set
| files with x-bit are scanned
| files with x-bit are always scanned
| NO |
--reset-atime
--no-reset-atime
| After scanning file, reset the access time
| atime is reset (ctime will change when a file is scanned)
| atime is NOT reset.
(atime will change when a file is scanned. | NO |
--show-file-details
--no-show-file-details
| Show details of file ownership and permissions when using -ns
| File details are not shown
| The verbosity of logging cannot be configured.
| NO |
--quarantine
--no-quarantine
| Change file ownership and permissions of infected files
| Permissions are not altered
| Quarantine options are not available
| NO |
| --args-file=<file> | Read command line arguments from file
| N/A | Does not apply to scheduled scan. No arguments can be passed from file
| NO |
--stop-scan
--no-stop-scan
| Abort scanning of files such as 'zip bombs'
| Scan of zip bombs will be aborted
| Scan of zip bombs are always aborted
| NO |
-bs
-bs=<drive>
-nbs
-mbr
-nmbr
-cdr=<drive>
| These options control whether bootsectors and mbrs are scanned
| Bootsectors and mbrs are not scanned
| Boot records are never scanned.
| NO |
| -idedir=<dir> | Read IDEs from directory
| IDEs are loaded from the same directory as the virus data
| IDEs are always loaded from the same directory as the virus data
| NO |
-f
-q
-nf
| Do full scan of files
| A quick scan of infectable file parts is done by default
| A quick scan of infectable file parts is always done by default. However, full scan of files can be configured.
| LOCAL |
-sc
-nsc
-tnef
-ntnef
-actmime
-nactmime
-mime
-nmime
-oe
-noe
-loopback
| These options control file types which will be scanned.
| N/A | The SAVI configuration defined in savconfig is used.
| LOCAL |
-pua
-npua
| Scan for adware/potentially unwanted applications
| Scan of adware/puas is disabled by default
| No scanning of adware/puas is done
| NO |
-suspicious
-nsuspicious
| Scan fo suspicious files
| Scan of suspicious files is disabled by default
| No scanning of suspicious files is done
| NO |
-zip
-qzip
-arj
-cmz
-tar
-rar
-cab
| Scan inside specific archive types
| Scanning of all archive types is disabled by default
| Scanning of individual archive types can not be configured
| NO |
| -archive | Enable scanning of all archive types
| Scanning of all archive types is disabled by default | Whether all archive types are scanned can be configured.
| LOCAL
SEC |