Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 8 subscribers
  • Views 2664 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how do I modify savscan DEFAULT options?

Fred Smith1

Just installed Sophos free for linux and am trying to work thru some issues. (this is made difficult by my inability to find any documentation for the linux free product, except for the man pages in the installed package, not all of which actually get installed onto the system.)

My immediate problem is this: I use mutt for email. ever since installing Sophos, mutt no longer shows which mailboxes have new mail. I'm assuming it is related to this issue:

community.sophos.com/.../sophos-for-linux-savscan-changes-metadata-of-all-scanned-files

which says the solution is: call savscan with option --no-reset-atime

but I have no clue how to make that setting for the default settings. I'm not even running savscan (from the commandline). Using "PS -eLf" I can see that there are a lot of processes/threads for savd, and "ps ax | grep scan" I can see savscand running. I'm assuming that I need to change something so that these default processes/threads are running with the above option, but I have no clue how to do that.

18623 ? Sl 0:19 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.10 --ondemandcontrol=socketpair://58/61 socketpair://56/57 --threads=5
18641 ? Sl 0:18 savscand --incident=unix://tmp/incident socketpair://42/61 --threads=5

I know about savconfig, and I've used it to tell Sophos NOT to scan /var/spool/mail and /home/fredex/Mail, but that doesn't solve the problem. savconfig has no options that I can figure out that would set the "--no-reset-atime" option.

[root@fcshome man8]# ../../../bin/savconfig query
Email: root@localhost
EmailDemandSummaryIfThreat: true
EmailLanguage: English
EmailNotifier: true
EmailServer: localhost:25
EnableOnStart: true
ExcludeFilePaths: /home/fredex/Mail
/var/spool/mail
ExclusionEncodings: UTF-8
EUC-JP
ISO-8859-1
LogMaxSizeMB: 100
NotifyOnUpdate: false
PrimaryUpdateSourcePath: sophos:
PrimaryUpdateUsername: FAVLjWY3354MB
PrimaryUpdatePassword: ********
UploadSamples: false
SendErrorEmail: true
SendThreatEmail: true
UINotifier: true
UIpopupNotification: true
UIttyNotification: true
UpdatePeriodMinutes: 60
LiveProtection: enabled
ScanArchives: mixed

You can sense my frustration, so I'd REALLY APPRECIATE IT if someone could offer me a little guidance here.

Thanks in advance!

Fred



This thread was automatically locked due to age.
  • +1

    Hello Fred,

    savscan is the on-demand scanner. savscand is the daemon that performs on-access (real-time) scanning. As the latter scans (and thus accesses) a file in response to an access (attempt) by some other process (i.e. when the access is intercepted) -(-no)-reset-atime doesn't apply.
    Any anyway you're not using savscan.

    I've used [savconfig] to tell Sophos NOT to scan /var/spool/mail and /home/fredex/Mail
    apparently you did not use a trailing slash. As you can exclude single files the slash is necessary to indicate a directory.  /home/fredex/Mail denotes the file Mail in directory /home/fredex/ whereas /home/fredex/Mail/     excludes the directory Mail (recursively all its contents) under /home/fredex/. Please see also chapter 15.2 in the Configuration Guide.

    Christian

  • 0 in reply to QC

    Christian:

     

    Thanks for the tip! That makes sense, and I've just made that change and should be able to see, soon, the result.

     

    Fred

Unfiltered HTML