Sophos Anti-Virus for Linux / Unix: savscan / Scheduled scan comparison chart

  • N.º del artículo: 117346
  • Actualizado: 29 mar 2013

This chart compares the behaviour of advanced savscan options against the behaviour of a scheduled scan.

Known to apply to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Unix
Sophos Anti-Virus for Linux

Operating systems
Linux
Unix

Details

savscan

savscan is the command-line scanner used in Sophos Anti-Virus for Linux version 7.  This utility contains many configurable options to change the behaviour of the scan.  If changing advanced options is required it is recommended to use 'cron' or other method to schedule a savscan, rather than using built-in scheduled scanning.

For full details of savscan options, see:  man savscan

Scheduled Scans

Scheduled scans contain a simplified number of options to allow for easy scan configuration.  These scans are controlled by the Sophos Anti-Virus daemon and can be locally scheduled or scheduled by Sophos Enterprise Console

For full details on how scheduled scans can be configured, see the following article: 
http://www.sophos.com/en-us/support/knowledgebase/114372.aspx

 

 

savscan option
description
savscan default
scheduled scan behaviour
configurable?
-p=<file>
Write to log file
Logging is output to stdout and not logged to a file
Scheduled scans are logged to savd.log. 
SAV 7 - No verbose logging can be configured
SAV 9 - An individual log for each scan is created in /opt/sophos-av/log/
 NO
-di
-ndi
Disinfect
Infected items are not disinfected
Disinfection of infected files can be configured.
LOCAL
SEC
-ss
-nss
-s
-ns
-dn
-ndn
These options control the verbosity of savscan output.
savscan keeps silent (-s) and does not print scanned files.
The verbosity of logging cannot be configured.  Virus detection, errors, and scan summary are output to savd.log
 NO
 -c
-nc
 Ask for confirmation before disinfection/deletion
 savscan will ask for confirmation before taking action
 Scheduled scans will never ask for confirmation if configured to disinfect/delete
 NO
 -b
-nb
 Sound bell on virus detection
No bell is sounded on detection.  This option does not presently work with savscan, only with sweep.
 No bell is sounded on detection
 NO
 -all
-nall
 Scan all files
 Savscan uses an internal list of file types to scan
 All files are always scanned regardless of extension
 NO
 -rec
-nrec
 Recurse down directories
 savscan does recurse down directories by default
 scheduled scans always recurse down directories
 NO
 -remove
-nremove
 Remove infected files
 Infected items are not removed
Removal of infected files can be configured
LOCAL
SEC
 -eex
-neec
 Use extended exit codes
 Extended return codes are not used
 Not applicable to scheduled scans
 NO
 -v
-vv
 Output version information
 N/A
  Not applicable to scheduled scans  NO
 -maxinfobj=<n>  Maximum number of times to attempt to disinfect
 100  There is no limit to the number of disinfection attempts.
 NO
 -ext=<extension>  Scan additional filename extensions
 N/A  Not applicable to scheduled scans.  All file extensions are scanned
 NO
 -exclude  Exclude items from scanning
 No items are excluded
 Excluded files/directories can be configured
LOCAL
SEC
 -include  Include items in scanning
 N/A  Included files/directories can be configured
 LOCAL
 --follow-symlinks
--no-follow-symlinks
 Scan the object pointed to by symbolic links
 Symlinks are followed
 Symlinks are not followed
 NO
 --stay-on-filesystem
--no-stay-on-fileystem
--stay-on-machine
--no-stay-on-machine
 These options control whether the scan leaves the starting filesystem/computer
 savscan will not leave the starting filesystem/computer
 Types of device to be scanned can be configured.  The scan will leave the starting filesystem/computer when explicit 'include' options are used.
 LOCAL
SEC
 --skip-special
--no-skip-special
 Don't scan 'special' objects (/dev, /proc, /devices, etc)
 savscan will not scan special objects
 A scheduled scan will never scan special objects
 NO
 --backtrack-protection
--no-backtrack-protection
 Prevent repitition of work due to symbolic links
 Backtrack protection is enabled
 Does not apply to scheduled scans as symlinks are not followed
 NO
 --preserve-backtrack
--no-preserve-backtrack
 Preserve backtracking information for duration of this scan
 Backtracking information is preserved for duration of scan
 Does not apply to scheduled scans as symlinks are not followed  NO
 --examine-x-bit
--no-examine-x-bit
 Examine files with an execute bit set
 files with x-bit are scanned
 files with x-bit are always scanned
 NO
 --reset-atime
--no-reset-atime
 After scanning file, reset the access time
 atime is reset (ctime will change when a file is scanned)
 atime is NOT reset.
(atime will change when a file is scanned.
 NO
 --show-file-details
--no-show-file-details
 Show details of file ownership and permissions when using -ns
 File details are not shown
 The verbosity of logging cannot be configured.
 NO
 --quarantine
--no-quarantine
 Change file ownership and permissions of infected files
 Permissions are not altered
 Quarantine options are not available
 NO
 --args-file=<file>  Read command line arguments from file
 N/A  Does not apply to scheduled scan.  No arguments can be passed from file
 NO
 --stop-scan
--no-stop-scan
 Abort scanning of files such as 'zip bombs'
 Scan of zip bombs will be aborted
 Scan of zip bombs are always aborted
 NO
-bs
-bs=<drive>
-nbs
-mbr
-nmbr
-cdr=<drive>
 These options control whether bootsectors and mbrs are scanned
 Bootsectors and mbrs are not scanned
 Boot records are never scanned.
 NO
 -idedir=<dir>  Read IDEs from directory
 IDEs are loaded from the same directory as the virus data
 IDEs are always loaded from the same directory as the virus data
 NO
 -f
-q
-nf
 Do full scan of files
 A quick scan of infectable file parts is done by default
 A quick scan of infectable file parts is always done by default.  However, full scan of files can be configured.
 LOCAL
 -sc
-nsc
-tnef
-ntnef
-actmime
-nactmime
-mime
-nmime
-oe
-noe
-loopback

These options control file types which will be scanned.
N/A  The SAVI configuration defined in savconfig is used.
 LOCAL
-pua
-npua
 Scan for adware/potentially unwanted applications
 Scan of adware/puas is disabled by default
 No scanning of adware/puas is done
 NO
 -suspicious
-nsuspicious
 Scan fo suspicious files
 Scan of suspicious files is disabled by default
 No scanning of suspicious files is done
 NO
 -zip
-qzip
-arj
-cmz
-tar
-rar
-cab
 Scan inside specific archive types
 Scanning of all archive types is disabled by default
 Scanning of individual archive types can not be configured
 NO
 -archive  Enable scanning of all archive types
 Scanning of all archive types is disabled by default  Whether all archive types are scanned  can be configured.
LOCAL
SEC

 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios