Sophos Anti-Virus v7.x For Unix/Linux: Scheduled scan options

  • ID dell'articolo: 114372
  • Aggiornato: 20 feb 2013
This article describes the scheduled scan options available in Sophos Anti-Virus for Unix/Linux version 7.x, including the priority in which they are applied.

Known to apply to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Unix
Sophos Anti-Virus for Linux

Operating systems
Unix
Linux

What To Do

Retrieving Scan Configuration

A template of all available options is available in the following files:
/opt/sophos-av/doc/namedscan.example.en
/opt/sophoa-av/doc/namedscan.example.jp

To view the configuration of a configured scan please run:
/opt/sophos-av/bin/savconfig query NamedScans <name>

For full details on how to configure/import/update a scheduled scan, please review the User Manual:
http://www.sophos.com/support/docs/


Device Type Options

 

Sophos Anti-Virus will detect mounted file systems.  The following options determine which filesystems will be scanned.

 Option / Usage
 Default  Description
scanHardDrives = yes|no  yes includes/excludes all mounted filesystems that are not detected as Optical, Removable, Network, or Special.  Unknown filesystem types are also included/excluded based on this option
 scanOpticalDrives = yes/no  yes  
includes/excludes all mounted filesystems that are detected as Optical 
 scanRemovableDevices = yes/no  yes
 includes/excludes all mounted filesystems that are detect as Removable Devices
 scanNetworkFileSystems = yes|no  no  includes/excludes all mounted filesystems that are detected as Remote (network filesystems/shares)
 

Priority:

  • If any of these Device Types are set to 'yes' the filesystem will be scanned regardless of whether it has been explicitly added with 'include' options (below).
  • If any of these Devices Types are set to 'no' then they will not be scanned, unless they have been explicitly added using 'include'.
  • Device type options are still overriden by any explicit 'exclude' options.  Excluded files/directories will not be scanned.

Note: Filesystem types detected as 'Special' will never be scanned, as the scanning of these types is not recommended.  This includes operating system dependant filesystems such as 'proc' 

 

Include Options

It is also possible (although not required) to explicitly include files/directories as well as filesystems.

 Option/Usage  Default 
 Description
 include = /path/example  none  Explicitly include a file/directory.  Multiple inclusions can be added

Priority:

  • Explicit inclusions override any Device Type exclusions
  • Device Type inclusions will also apply
  • If nothing has been explicitly included then filesystems will still be scanned if configured in the Device Type options
  • 'include' options are still overriden by any explicit 'exclude' options.  Excluded files/directories will not be scanned. 

Exclude Options

Files/directories can also be explicitly excluded:

 Option/Usage  Default  Description
 exclude = /path/example  none  Explicitly exclude a file/directory.  Multiple exclusions can be added
 excludeExtension = iso  none
 Explicitly excludes a file extension from scanning.  Multiple exclusions can be added
 scanArchives = 1|0  1  If 1, files detected as archive type will be scanned

Priority:

  • Exclusions override both the 'include' option and any Device Type inclusions.  Excluded files/directories will not be scanned regardless of any other options
  • Excluded file extensions will not be scanned regardless of any other options
  • If the scanning of archives is disabled, they will not be scanned regardless of any other options
  • If the scanning of archives is enabled, only archives located in 'include' or Device Type directories will be scanned
     

Other Options:

 Option/Usage  Default  Description

 day = monday
day = 1

 none
 The day of the week for the scheduled scan to run, specified as text or a numeric value.  This option is required.  Multiple days can be specified
 time = 01:00  none  The time of day for the scheduled scan to run, specified as HH:MM.  This options is required.  Multiple times can be specified
 disinfect = enable|disable  enable  Specify whether disinfection (cleanup) of infected files will be attempted.  Note:  disinfection will only be attempted on infections that are known to be disinfectable
 threatAction = donothing|delete  donothing  If disinfection is not possible, or disinfection is disabled, this option specifies whether to attempt deletion of the infected file
 scanLevel = normal|extensive  normal  Specifies how thoroughly to inspect each file.  normal scanning will inspect only the known-infectable file parts.  extensive will scan the complete file
 

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti