This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

With one Sophos command, how to virus scan All?

Question:

With one Sophos command, how to virus scan All?

 

All means:

  1. All memory (RAM)
  2. All HDD (hard disk drives plugged in)
  3. All SDD (solid state drives plugged in)
  4. All USB memory sticks plugged into usb 2.0 port
  5. All USB ports (android tablet plugged into usb 2.0 port)

 

 

Installed:

sav-linux-free-9.tgz

352 MB (369,423,602 bytes)

 

Updates February 2020:

sudo /opt/sophos-av/bin/savupdate

Updating from versions - SAV: 9.16.0, Engine: 3.77.1, Data: 5.72

 

Operating System

Ubuntu 19.10

 

Command issued:

/opt/sophos-av/bin/savdstatus

Sophos Anti-Virus is active

 

sudo /opt/sophos-av/bin/savdstatus -vv

          Sophos Anti-Virus is active and on-access scanning is running

 

The following commands did not scan ALL:

sudo savscan / -all -archive

savscan / -all -archive

 

sudo savscan / -all

savscan / -all

 

 

sudo savscan / -archive

savscan / -archive

 

Question:

With one Sophos command, how to virus scan All?

 

--



This thread was automatically locked due to age.
Parents Reply Children
  • Thursday-13-February-2020

    Thank you for Links:

    https://community.sophos.com/kb/en-us/114372
    https://community.sophos.com/kb/en-us/117346
    https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_cg.pdf  
    but above 3 Links have information that is unclear.  
    Entering in those exact commands gives errors.

     

    Question:
    With one Sophos command, how to virus scan All?

    All means:

    1. All memory (RAM)
    2. All HDD (hard disk drives plugged in)
    3. All SDD (solid state drives plugged in)
    4. All USB memory sticks plugged into USB 2.0 port
    5. All USB ports (android tablets plugged into USB 2.0 port)
    6. All DVDs
    7. All CD-ROMs

    From your post, my understanding is:

    savscan / -all 

    is On-demand scanning and
    On-demand scanning is not the command needed to scan All.

     

    From your post, my understanding is:
    A scheduled scan is what is needed to scan All.  

     

    Please clarify.

    1. Please post a text file example.

    A text file that is a schedule.
    A text file that a beginner can copy and paste
    that instructs Sophos to:
    scan All now or
    start scan All in 2 minutes from now,

    or

    2. Please post a Youtube video Link
    showing how to make a Sophos scheduled scan.


    --

  • Hello  

    One thing I missed was that you have the free edition (sav-linux-free-9.tgz) and this document should provide information for the version you have - https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_fsg.pdf

    If our community members would have any input for your inquiry, they are more than welcome to post them.

  • Hello DianneY

    On page 6 of PDF suggested in above post:

    https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_fsg.pdf

    it says to

    savscan /

    this was done, but Question remains.

     


    There are 153 views of this Question and

    over 5 days with no post from community members.

    Help is still needed as of today Wednesday February 19, 2020.

     

    Question:

    How to Sophos virus scan All?

     

    All means:

    1. All memory (RAM)
    2. All HDD (hard disk drives plugged in)
    3. All SDD (solid state drives plugged in)
    4. All USB memory sticks plugged into USB 2.0 port
    5. All USB ports (android tablets plugged into USB 2.0 port)
    6. All DVDs
    7. All CD-ROMs

     

    Installed:

    sav-linux-free-9.tgz

    352 MB (369,423,602 bytes)

     

    Updates February 2020:

    sudo /opt/sophos-av/bin/savupdate

    Updating from versions - SAV: 9.16.0, Engine: 3.77.1, Data: 5.72

     

    Operating System

    Ubuntu 19.10

     

    Question:

    How to Sophos virus scan All?

     

    --

  • Hello Joseph Joseph4,

    given that On-Access scanning is running (as your initial post shows) - what would be the purpose of this scan all? What should it detect?

    RAM isn't scanned on Linux (again - what do you think it could find?)

    Whether a disk is an HDD or an SSD doesn't matter - as does the connection type.
    A supported mounted filesystem on a device that presents itself as storage is scanned - in case of an android tablet it depends on the tablet what part of its storage it exposes.
    All DVDs - it's not clear what you mean. You don't have several DVD drives, do you? Or are you talking about ISOs mounted as virtual DVDs, similarily CDs.

    Last but not least: A frequent complete scan isn't necessary. If you really insist of scanning a disk or medium you haven't scanned before you'd not want to (re-)scan the whole system, it'll literally take hours if not days. Maybe I misunderstand your question but looking for an ALL command does - IMO - not make much sense.

    Christian
    P.S.: How long do you use Linux or are you new to it?

  • > Christian replied:
    > given that On-Access scanning is running (as your initial post shows) -

    Correct, On-Access scanning is running, from above post:

    sudo /opt/sophos-av/bin/savdstatus -vv 
    Sophos Anti-Virus is active and on-access scanning is running


    > what would be the purpose of this scan all?

    Examples:
    1. Scan a USB stick.
    2. Scan a Tablet.
    3. Scan a HDD, like NTFS drive from a Windows computer.
    4. Scan DVD disks.

    > What should it detect?
    Whatever Sophos does, guessing Sophos detects:
    Malware, virus, trojan, worms, adware, spyware, backdoor, undesirables.


    > RAM isn't scanned on Linux
    That is new information.


    > (again - what do you think it could find?)
    Whatever Sophos does, guessing Sophos detects:
    Malware, virus, trojan, worms, adware, spyware, backdoor, undesirables.


    > Christian replied:
    > Whether a disk is an HDD or an SSD doesn't matter -
    > as does the connection type.
    > A supported mounted filesystem on a device
    > that presents itself as storage is scanned - in case of an
    > android tablet it depends on the tablet
    > what part of its storage it exposes.

     

    > All DVDs - it's not clear what you mean.

    At this moment there is one DVD drive.
    Many DVD disks.

    Scan DVD disk #1 with Sophos, thus DVD disk #1 is confirmed clean, virus free.
    Insert DVD disk #2, scan, thus DVD disk #2 is confirmed clean, virus free.
    Etc…

     

    > Christian replied:
    > Last but not least:
    > A frequent complete scan isn't necessary.

    > If you really insist of scanning a disk or
    > medium you haven't scanned before
    > you'd not want to (re-)scan the whole system,
    > it'll literally take hours if not days.


    That is Ok. 
    It is Ok to take hours or days for scanning.  

    The target for this Linux (Ubuntu 19.10) computer is to do one thing, scan.

    Insert (Plug in) a medium (USB stick, tablet, NTFS drive, etc…)
    Scan medium.
    Confirm all is clean, virus free (zero viruses discovered)

    Examples:

    1. Insert USB stick, confirm it is clean.
    2. Insert Tablet, confirm it is clean.
    3. Insert a NTFS drive HDD from a Windows computer, confirm it is clean.
    4. Insert a DVD disk into a DVD drive, confirm it is clean.


    > Maybe I misunderstand your question
    > but looking for an ALL command does - IMO - not make much sense.

    Background information, experience:
    Scan times:

    sudo savscan /home
    Scanned 5,200 files in 1 minute  


    sudo savscan /
    Scanned 65,000 files in 18 minutes  


    sudo savscan / -all -archive
    Scanned 352,000 files in 70 minutes 


    Now insert HDD with NTFS format
    from a Windows computer with 100,000 files

    Based on above experience of
    Scanned 352,000 files in 70 minutes
    The expectation is Sophos to show, all clean, virus free (zero viruses discovered)
    Scanned 452,000 files in 170 minutes (or however long it takes)


    > Christian
    > P.S.: How long do you use Linux or are you new to it?

    New to it, using Linux (Ubuntu 19.10) less than 6 months.
    For now, using Windows more than Linux.
    Learning Linux.

     

    Said differently, 2 Questions:


    1. What is the Sophos command to scan
      All the files,
      All archive files,
      All boot sectors,
      All master boot records
      on a Windows NTFS hard disk drive with 100,000 files?

     

     2.
    What is the Sophos command to scan All newly inserted mediums? 

    --

  • Hi  

    Linux OS and SAV for Linux are quite different from Windows and Behaviour of SAV on windows. Even on windows when you insert a new USB drive or a DVD drive, SAV does on-access scanning without notifying you and will not give you the pop-up that device is free from virus or etc., it will try to automatically clean the threat if it is detected and will mention that in Sophos client logs for windows.

    Everything is same for SAV for Linux, it will just give you the pop-up when it'll detect the threat while scanning the newly inserted device through on-access scanning. Please refer the section 7 of this document

    Basically, every new device will be scanned through SAV for Linux whenever they are inserted but will not give you pop-up about they are virus-free unless that device has any malicious software or file.

    1. What is the Sophos command to scan
      All the files, : -f is the switch for it.
      All archive files: -
      -zip
      -qzip
      -arj
      -cmz
      -tar
      -rar
      -cab
      Scan inside specific archive types
      All boot sectors, All master boot records -
      -bs
      -bs=<drive>
      -nbs
      -mbr
      -nmbr
      -cdr=<drive>
      These options control whether bootsectors and mbrs are scanned

      on a Windows NTFS hard disk drive with 100,000 files? - https://community.sophos.com/kb/en-us/114372

     

         2. What is the Sophos command to scan All newly inserted mediums?  - All the mediums will be scanned through the on-access scan whenever they are inserted. There is no single command to access them at one go.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Joseph Joseph4,

    so you want to use your Linux as kind of sheep-dip?

    First of all, to avoid any misinterpretation of Jasmin's statement when you insert a new USB drive or a DVD drive, SAV does on-access scanning. On-Access does not scan the device or medium (i.e. "all" the files on it) in response to an insertion, it scans the files the OS or a registered application (e.g. media player) accesses upon insertion. In other words this doesn't trigger a scan job that reliably scans or a defined subset of the files and consequently as there is no start of a job there's also no end.

    More important: Mounting another OS's storage to scan for threats is like analysing CCTV recordings instead of watching the live stream. You'll gather some evidence, you might identify some trespassers but you wouldn't be able to prevent or stop some misdeed.
    Furthermore, if you don't connect the device/storage directly but through the OS (e.g. Smartphones or Cameras) what you can then scan might be neither everything nor the actual contents.

    Last but not least: With What should it detect? I meant what kind of and how many threats and infected items do you expect to find? Especially on CDs and DVDs - while not unheard of these are nowadays seldom carriers.

    Christian

  • Hello Jasmin, thanks for the Link but difficulties …

    On Thursday-20-February-2020, the Link:
    https://community.sophos.com/kb/en-us/114372
    Above web page says:

    For full details on how to
    configure/import/update a scheduled scan,
    please review the User Manual:
    http://www.sophos.com/support/docs/
    Sorry!
    We can't find the page you requested.
    We may have moved it or removed it from the site.

    Link is broken:
    http://www.sophos.com/support/docs/
    Can Link be fixed?

    Looking for particulars to:
    - configure a scheduled scan
    - import a scheduled scan
    - update a scheduled scan

    --

  • Hello  

    I just provided you with the below two links in my reply and the KB article don't have any information written like "For full details on how to configure/import/update a scheduled scan" and also no link to the user manual in the KB itself.

    I have provided the user manual link separately from the KB - https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_fsg.pdf

    I hope this and  's answer will help you to understand the scan better.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Jasmin,

    the KB article don't have any information
    I beg to differ [:)]. Indeed inSophos Anti-Virus v9.x For Unix/Linux: Scheduled scan options there's this sentence:

    For full details on how to configure/import/update a scheduled scan, please review the User Manual:
    www.sophos.com/.../

    Christian