Under normal circumstances you should run Sophos Anti-Virus for Linux version 6+ with the default settings.
It is best to avoid unnecessary scanning because the more items you check, particularly with on-access scanning, the more system resources will be taken up by scanning. This could, for example, cause high CPU usage when starting up.
If you need a non-default scanning regime the following settings are recommended.
On-access scanning of archived files
On-access scanning of archived files can be useful where a server is checking files before forwarding them to client computers, e.g. as part of through traffic. Normally you should not use on-access scanning of archives on a workstation nor should it be part of a standard network setup for the following reasons:
- On-access scanning of archived files consumes a lot of memory. If on-access scanning of archived files is in use, every time such a file is opened the contents of that file will be fully checked. Checking the whole file, every time, with on-access scanning is unnecessary.
- The increased memory and CPU usage caused by scanning archived files is wasted if the file is not then accessed.
Preferred methods of scanning archived files
- If you need to check an archive before opening it, use the command "savscan -archive", this will perform an on-demand scan. The contents of the file will be checked by on-access scanning anyway, before you run them.
- If you need to check archived files on a file server, use a scheduled scan.
- On-access scanning of archived files can be useful where a server is checking files before forwarding them to client workstations, e.g. as part of through traffic.
Sophos scanning on Windows compared with Linux
Due to different concepts on the Operating System Layer, the following Sophos scanning settings which are available on Windows are not available on Linux:
- File Extensions
- All other settings in the 'Scanning' and 'Extensions' tabs of the On-Access scan settings (except the setting 'Scan inside archive files').
Sophos Anti-Virus for Linux will scan all files that are opened and closed, not just executable and infectable files. On Linux this doesn't adversely affect system performance in the way it might on Windows.