This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to automatically say "Yes" to quarantine file and continue with scan

Hello

I been running Sophos for Linux in a script that checks files on a mount drive.  The problem I encountering is  Sophos scan is waiting for a responds (Yes/No/All) when quarantine a file. One has to type in responds  in order to continue with the scan.  How do I get Sophos to quarantine a file , and continue with the scan automatically

The command I am using is  savscan -f -rec -all -dn -archive --quarantine /       I try adding   Y or -Y at the end of the command but it doesn't work 

Any suggestion much appreciated 



This thread was automatically locked due to age.
Parents
  • Hi  

    --quarantine changes the permission on the file because of that it'll ask you for the change on each file.

    Instead of --quarantine, you can use --move which will move the infected files to quarantine directory and that should not be asking you Yes/No on each file.

    Please refer to this document which has all the valid arguments for savscan command.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Jasmin

     

    So i try the -move option with the following command 

    savscan /root -f -rec -dn -archive -move=/root/sophos-av/quarantine

     

    But is still pause and ask if I want to move the infect file to the quarantine directory instead of moving it automatically.  And it does not change the permission of the files like --quarantine option does 

    .

    .

    .

    Using IDE file zbot-oaw.ide
    Using IDE file emoge-go.ide
    Using IDE file nano-aez.ide
    Using IDE file zbot-oay.ide

    Full Scanning

    >>> Virus 'EICAR-AV-Test' found in file /root/Downloads/eicar.com
    Proceed with moving /root/Downloads/eicar.com (Yes/No/All) ? Yes  <- Still pausing and asking if I want to move this file over to quarantine directory instead of continueing automatically with the scan
    Moved /root/Downloads/eicar.com to /root/sophos-av/quarantine successfully
    >>> Virus 'EICAR-AV-Test' found in file /root/Downloads/eicar_com.zip/eicar.com
    Proceed with moving /root/Downloads/eicar_com.zip (Yes/No/All) ? Yes
    Moved /root/Downloads/eicar_com.zip to /root/sophos-av/quarantine successfully


    32 files scanned in 1 minute and 58 seconds.
    2 viruses were discovered.
    2 files out of 32 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: www.sophos.com/.../threat-center.aspx
    End of Scan.
    [root@localhost Downloads]# cd /root/sophos-av/quarantine/
    [root@localhost quarantine]# ll
    total 8
    -rw-r--r--. 1 root root 68 Jan 8 13:35 eicar.com
    -rw-r--r--. 1 root root 184 Jan 8 13:35 eicar_com.zip
    [root@localhost quarantine]#

     

    Should there be an addition option I need to add/use?

Reply
  • Hi Jasmin

     

    So i try the -move option with the following command 

    savscan /root -f -rec -dn -archive -move=/root/sophos-av/quarantine

     

    But is still pause and ask if I want to move the infect file to the quarantine directory instead of moving it automatically.  And it does not change the permission of the files like --quarantine option does 

    .

    .

    .

    Using IDE file zbot-oaw.ide
    Using IDE file emoge-go.ide
    Using IDE file nano-aez.ide
    Using IDE file zbot-oay.ide

    Full Scanning

    >>> Virus 'EICAR-AV-Test' found in file /root/Downloads/eicar.com
    Proceed with moving /root/Downloads/eicar.com (Yes/No/All) ? Yes  <- Still pausing and asking if I want to move this file over to quarantine directory instead of continueing automatically with the scan
    Moved /root/Downloads/eicar.com to /root/sophos-av/quarantine successfully
    >>> Virus 'EICAR-AV-Test' found in file /root/Downloads/eicar_com.zip/eicar.com
    Proceed with moving /root/Downloads/eicar_com.zip (Yes/No/All) ? Yes
    Moved /root/Downloads/eicar_com.zip to /root/sophos-av/quarantine successfully


    32 files scanned in 1 minute and 58 seconds.
    2 viruses were discovered.
    2 files out of 32 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: www.sophos.com/.../threat-center.aspx
    End of Scan.
    [root@localhost Downloads]# cd /root/sophos-av/quarantine/
    [root@localhost quarantine]# ll
    total 8
    -rw-r--r--. 1 root root 68 Jan 8 13:35 eicar.com
    -rw-r--r--. 1 root root 184 Jan 8 13:35 eicar_com.zip
    [root@localhost quarantine]#

     

    Should there be an addition option I need to add/use?

Children