Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 8 subscribers
  • Views 6631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AV for Linux - how to enable quarantine on-access scanning

Paul Nerie

I have installed Sophos AV on Linux, and on-access scanning is enabled.

When I review the logs, there are entries like 'Threat detected in <path>: Troj/PHP-BB (Open) (The file is still infected).

Usually the path is a temporary folder used in PHP sites, and the file reported does not exist anymore.

I've been reading the SAV for Linux guide, and I cannot see any info regarding putting files detected by on-access scans into quarantine.

How do I enable or configure this?

Or is it on by default and the files in the log do not exist anymore because they were already quarantined?

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • 0

    Hello Paul Nerie,

    the available actions for on-access detections are disinfect and delete. Both are disabled by default. quarantine is only available for on-demand scans (savscan).
    AFAIK the on-access scanner permits deletes so the files might have been deleted by the application.

    Christian

  • 0 in reply to QC

    Thanks Christian.

    I'm actually not sure if the files were deleted by the on-access scan since they are in the temp folders. They may have been deleted automatically.

    Also if the disinfect and delete options are disabled by default (and I haven't enabled them), then it's almost sure that they weren't deleted by the on-access scan.

    Would you know how to enable disinfect option by default?

    - Paul

Reply
  • 0 in reply to QC

    Thanks Christian.

    I'm actually not sure if the files were deleted by the on-access scan since they are in the temp folders. They may have been deleted automatically.

    Also if the disinfect and delete options are disabled by default (and I haven't enabled them), then it's almost sure that they weren't deleted by the on-access scan.

    Would you know how to enable disinfect option by default?

    - Paul

Children
Unfiltered HTML