Sophos Anti-Virus for Linux / Unix: Anti-Virus and HIPs policy - applicable settings

  • ID dell'articolo: 117344
  • Aggiornato: 03 gen 2014

This article describes the Sophos Enterprise Console 'Anti-Virus and HIPS' policy settings that apply to Linux and Unix endpoints.  Some settings in the 'Anti-Virus and HIPs' policy do not apply to Linux/Unix endpoints, only to those on Windows.

Known to apply to the following Sophos product(s) and version(s)
SAV for Linux
SAV for Unix

Operating systems
Linux
Unix

Details

The following chart provides details of which settings are relevant to Linux and Unix endpoints.  These settings can also be viewed locally using the 'savconfig' command.

Note:  

  • On-access scan settings marked with LINUX* only apply to systems capable of on-access scanning.  For more details, view the SAV for Linux system requirements see article 14377.
  • Some settings (marked with v9) only apply to version 9.x.  Click here for upgrade details 
Enterprise Console Setting
Applies to Linux / Unix?
 Notes
Local 'savconfig' setting
AUTHORIZATION
Does not apply to Linux / Unix
MESSAGING
Selected Messaging settings are applicable
Desktop Messaging >
Enable Desktop messaging
LINUX
Applicable. However, in order to make the ' Enable Desktop messaging' option available, you are required to select one of the 'Messages to display' options in the GUI.
UINotifier
UIpopupNotification
UIttyNotification
Desktop Messaging >
Messages to display
LINUX
Only 'Virus/Spyware' is applicable.  This also enables alerts regarding scanning errors.
UINotifier
UIpopupNotification
UIttyNotification
Desktop Messaging >
User-defined message
LINUX
This setting defines the message to display on desktop alerts.
UIContactMessage
Email Alerting >
Enable email alerting
LINUX
UNIX
Applicable. However, in order to make the ' Enable email alerting' option available, you are required to select one of the 'Messages to display' options in the GUI.
EmailNotifier
Email Alerting >
Messages to send
LINUX
UNIX
ONLY the following settings are applicable:
‘Virus/spyware’
‘Scanning Errors’
SendThreatEmail
SendErrorEmail
Email Alerting >
Recipients
LINUX
UNIX
Defines the e-mail recipients.  More than one can be configured.
Email
 Email Alerting >
Configure SMTP >
SMTP Server
LINUX
UNIX
Defines the SMTP server for email alerts
EmailServer
Email Alerting >
Configure SMTP >
SMTP Sender Address
LINUX v9
UNIX v9
Defines the SMTP Envelope From address and 'From' header.  
EmailSender
Email Alerting > Configure SMTP >
SMTP reply-to address
LINUX v9
UNIX v9
Defines the 'Reply-To' header.  
EmailReplyTo
Email Alerting >
Configure SMTP > Language
LINUX
UNIX
English and Japanese only
EmailLanguage
SNMP Messaging NO SNMP messaging is not applicable
 
Event Log NO

Event Log is not applicable

 
SOPHOS LIVE PROTECTION
Selected LiveProtection settings are available on Linux in Sophos Anti-Virus 9.x
 Enable Live Protection  LINUX v9 Live Protection can be enabled/disabled LiveProtection
 Automatically Send sample files to Sophos  NO Automatic submission of samples is not available on Linux  
ON-ACCESS SCANNING
Selected On-Access settings are applicable to Linux.  Unix does not support on-access scanning
Enable On-Access Scanning LINUX* On-Access can be enabled/disabled
EnableOnStart
Configure >
Scanning >
Check files on Read / Rename / Write
NO These settings are not centrally configurable.  Linux endpoints scan during both open and close system calls.
 
Configure >
Scanning >
Adware and PUAs
NO Adware and PUAs are not detected on Linux / Unix  
Configure >
Scanning >
Suspicious Files
NO Linux endpoints do not scan for suspicious files
 
Configure >
Scanning >
Allow access to infected boot sectors
LINUX*  Allow access to infected boot sectors.  Boot sectors are scanned on mount by on-access scanning.
AllowIfBootSectorThreat
Configure >
Scanning >
Scan inside archive files
LINUX* Enables/Disables scanning of ALL archive types
ScanArchives
Configure >
Scanning >
Scan System Memory
NO Linux endpoints do not scan system memory
 

Configure >
Extensions

 NO Linux endpoints scan all file extensions during on-access scanning
 
Configure >
Windows Exclusions
NO N/A  
Configure >
Mac Exclusions
NO N/A  
Configure > Linux/Unix Exclusions >
Excluded Items
LINUX*  Files and directories can be excluded by path. 
NOTE:  The end of the path is wildcarded.
ExcludeFilePaths
Configure > Linux/Unix Exclusions >
 Exclude remote files
LINUX* Excluding remote files currently excludes the following by filesystem:
nfs, cifs, smb, smbfs,coda, afs
ExcludeFileSystems
Configure >
Cleanup >
Automatically cleanup items...

 

LINUX* This option sets AutomaticAction to disinfect.
NOTE: This option will only disinfect cleanable files.  It will not perform a cleanup routine to delete any file which is completely malicious
AutomaticAction
Configure >
Cleanup >
Deny access only /
Deny access and move...
NO The linux on-access scanner always blocks access to infected files on detection.  However, the ability to move infected files is not currently supported.
 
Configure >
Cleanup >
Delete
LINUX* This option sets AutomaticAction to delete.  It can also be used in conjunction with disinfect - Infected files that have not been disinfected will be deleted.
AutomaticAction
Configure >
Cleanup >
Suspicious Files
NO Linux endpoints do not scan for suspicious files
 
BEHAVIOUR MONITORING
No Behavior monitoring settings applicable
WEB PROTECTION
No Web Protection settings applicable 

The following settings apply to scheduled scans only.  'Extensions and Exclusions' also applies to a console initiated Full System Scan.

Configuration for individual scans can be viewed locally with the 'savconfig' command.  For full details on the local scheduled scan settings see article 114372.

Enterprise Console Setting Applies to Linux / Unix? Notes
Local scheduled scan setting
SCHEDULED SCANNING
Selected settings apply to Linux / Unix

Add / Edit >
What to Scan >
Local Hard Disks

LINUX
UNIX
Hard Drives are any filesystem not detected as special, removable, optical, or network
scanHardDrives
 Add / Edit >
What to Scan >
Floppy disk and removable
 LINUX
UNIX
 Removable devices are detected based on filesystem
 scanRemovableDevices
  Add / Edit >
What to Scan >
CD Drives
 LINUX
UNIX
 CD Drives are detected based on filesystem
 scanOpticalDrives
Add / Edit >
When Scan Occurs >
Days
 LINUX
UNIX
Multiple days can be configured
 day
 Add / Edit >
When Scan Occurs >
Times
 LINUX
UNIX
Multiple times can be configured
 time
 Add / Edit > Configure >
Scanning >
Adware & PUAs

 

 NO
Adware and PUAs are not detected on Linux / Unix
 
 Add / Edit > Configure >
Scanning >
Suspicious Files
 NO Suspicious files are not detected on Linux / Unix
 
  Add / Edit > Configure >
Scanning >
Scan inside archive files
LINUX
UNIX
 Enables/Disables scanning of ALL archive types
 scanArchives
  Add / Edit > Configure >
Scanning >
System Memory
 NO
 Linux endpoints do not scan system memory  
  Add / Edit > Configure >
Scanning >
Run Scan at Lower Priority
 NO  The priority of scheduled scans is not configurable
 
  Add / Edit > Configure >
Cleanup >
Automatically cleanup items...
 LINUX
UNIX
Sets the disinfect option to true/false
This option will only disinfect cleanable files. It will not perform a cleanup routine to delete any file which is completely malicious
 disinfect
  Add / Edit > Configure >
Cleanup >
Log Only /
Move to..

 NO Detections are always logged.  However, the ability to move infected files is not currently supported.
 
  Add / Edit > Configure >
Cleanup >
Delete
 YES Sets threatAction to delete/donothing.  It can also be used in conjunction with disinfect - Infected files that have not been disinfected will be deleted.
 threatAction
  Add / Edit > Configure >
Cleanup >
Adware and PUA
 NO  Adware and PUAs are not detected on Linux / Unix  
  Add / Edit > Configure >
Cleanup >
Suspicious Files
 NO Linux endpoints do not scan for suspicious files  
EXTENSIONS AND EXCLUSIONS
Selected settings apply to Linux / Unix.  These settings apply to scheduled scans configured in SEC, and to the on-demand 'Full System Scan' run via SEC.  They do not apply to on-demand scans run via 'savscan' command.
 Extensions >
Scan all / Scan only
 NO  Sets the 'scanAll' scheduled scan setting, but this currently has no effect.  All file extensions are scanned unless specifically excluded

 Extensions >
Scan files with no extension
 NO  Sets the 'excludeFilesWithoutExtension' scheduled scan setting, but this currently has no effect.  Files without extension are always scanned.
 
 Extensions >
Exclude..
 LINUX
UNIX
Specific file extensions can be excluded   excludeExtension
 Windows Exclusions
 NO  N/A  

 Linux/UNIX exclusions >
Excluded Items

 LINUX
UNIX
 File / directories can be excluded by type.
 exclude
 MAC exclusions  NO  N/A  

 

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti