This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

With one Sophos command, how to virus scan All?

Question:

With one Sophos command, how to virus scan All?

 

All means:

  1. All memory (RAM)
  2. All HDD (hard disk drives plugged in)
  3. All SDD (solid state drives plugged in)
  4. All USB memory sticks plugged into usb 2.0 port
  5. All USB ports (android tablet plugged into usb 2.0 port)

 

 

Installed:

sav-linux-free-9.tgz

352 MB (369,423,602 bytes)

 

Updates February 2020:

sudo /opt/sophos-av/bin/savupdate

Updating from versions - SAV: 9.16.0, Engine: 3.77.1, Data: 5.72

 

Operating System

Ubuntu 19.10

 

Command issued:

/opt/sophos-av/bin/savdstatus

Sophos Anti-Virus is active

 

sudo /opt/sophos-av/bin/savdstatus -vv

          Sophos Anti-Virus is active and on-access scanning is running

 

The following commands did not scan ALL:

sudo savscan / -all -archive

savscan / -all -archive

 

sudo savscan / -all

savscan / -all

 

 

sudo savscan / -archive

savscan / -archive

 

Question:

With one Sophos command, how to virus scan All?

 

--



This thread was automatically locked due to age.
  • Hello Jasmin,

    the KB article don't have any information
    I beg to differ [:)]. Indeed inSophos Anti-Virus v9.x For Unix/Linux: Scheduled scan options there's this sentence:

    For full details on how to configure/import/update a scheduled scan, please review the User Manual:
    www.sophos.com/.../

    Christian

  • > Jasmin
    > I have provided the user manual link separately from the KB -
    > https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_fsg.pdf
    > I hope this and QC 's answer will help you to understand the scan better.

     

    (2019/01/23) = date in above PDF with title:
    Sophos Anti-Virus for Linux free edition product version: 9

    Hello Jasmin, above PDF helped a little bit, example:
    Section 5.1 How to check if on-access scanning is active?
    /opt/sophos-av/bin/savdstatus
    Sophos Anti-Virus is active


    Section 6 Scan the computer now
    savscan /
    scans the Operating System drive, Ubuntu 19.10   SSD sata 2.0 port


    But:
    savscan /
    did not scan the Windows NTFS HDD, plugged into SATA 2.0 port

    savscan /
    did not scan the Windows USB Stick, plugged into USB 2.0 port

    Note:
    df   Terminal Command shows
    NTFS HDD and
    USB Stick.


    savscan /
    did not scan the Android 6 Tablet, plugged into USB 2.0 port

    Note:
    df   Terminal Command does not show Android 6 Tablet
    But, Ubuntu 19.10 Explorer sees Android 6 Tablet as
    mpt://Android_Android_/14faf1ce/

    Side Question:
    How to Mount Android 6 Tablet?
    So   df   Terminal Command shows Tablet.
    So Sophos can then scan Tablet.

    Ctrl+Alt+T          run Terminal
    df
    (df = abbreviation for disk free)

    Question clarified:
    What is the Sophos command to scan
    all devices the   df   Terminal Command can see?
    (NTFS drive, USB Stick)

    This command does not scan (NTFS drive, USB Stick)
    savscan /

    --

  • Experiments done:
    In Windows know your drive particulars.  

    USB Stick (flash drive, thumb drive, pen drive, jump drive) at
    Windows J:\ drive, do
    NBRT = record Drive Label, use Label with no space in name
    because saves using quotes "" later .
    Ctrl-A = Select All files / Shift-F10 / Properties
    57 files
    12 folders
    01.73 GB (01,858,326,243 bytes) Size used
    29.20 GB (31,360,319,488 bytes)   Capacity


    Eject (unMount) USB Stick from Windows
    Insert USB Stick into Linux Ubuntu 19.10
    Ctrl+Alt+T          run Terminal

    df
    (df = abbreviation for disk free)

    In   df   output Look for:
    /media/username/device-label


    Example:
    /media/user1/NBRT/
    Recall NBRT = Drive Label from Windows

    Here are some Sophos commands.
    Change commands below to match your situation.

    Scan one file:
    sudo savscan /media/user1/NBRT/temp/test.txt

    Scan media players:
    sudo savscan /media/user1/NBRT/temp/GOM.EXE
    sudo savscan /media/user1/NBRT/temp/vlc.exe

    sudo savscan /media/user1/NBRT/temp/ -all
    sudo savscan /media/user1/NBRT/temp/*.*
    sudo savscan /media/user1/NBRT/ -all
    sudo savscan /media/user1/NBRT/*.*

    sudo savscan /media/user1/NBRT/-all -f
              Full Scanning

    sudo savscan /media/user1/NBRT/ -all -archive  
              Quick Scanning

    sudo savscan /media/user1/NBRT/ -all -archive -f
    Full Scanning

    sudo savscan /media/user1/NBRT/ -mbr
              2 master boot records scanned.   Quick Scanning

    sudo savscan /media/user1/NBRT/ -bs
              3 boot sectors scanned.   Quick Scanning

    sudo savscan /media/user1/NBRT/ -all -archive -f -bs -mbr  

    sudo savscan /media/user1/NBRT/ -dn -bs -mbr -vv -all -archive -f -pua -eec –suspicious


    above commands work for USB Stick because   df   shows the way
    /media/user1/NBRT/


    Question clarified:
    What is the Sophos command to scan
    all devices the   df   Terminal Command can see?
    (NTFS drive, USB Stick)

    --

  • > Christian
    > so you want to use your Linux as kind of sheep-dip?

    Yes.
    I was unfamiliar with term "sheep-dip".

    This clarifies "sheep-dip":

    In data security, a sheep dip is the process of
    using a dedicated computer to
    test files on removable media
    for viruses
    before they are allowed to be used with other computers.
    https://en.wikipedia.org/wiki/Sheep_dip_(computing)
    Isolated from other computers.
    Not connected to office network.


    For clarity, beyond "sheep-dip", using Linux Sophos to:
    1. Test files before they are allowed to be used with other computers.
    2. Sophos finds "Could not check" (corrupt files).
    3. Sophos finds "Password protected files".
    4. Sophos finds "virus scan failed" files.
    5. Sophos detects number of "encrypted files were not checked".
    6. Sophos finds PUAs (Potentially Unwanted Applications)
    7. Sophos finds virus. Then manual deletion.   Then Long term Off-Line file storage.  

    From above seven (7) points, characterizing
    Linux Sophos and other
    Linux Anti-Virus programs as a:
    - Sheep-dipper and
    - Error detector and
    - Encryption detector and
    - Virus detector then Scrubber (Cleanser), before storing files.

    --

  • Update 10-March-2020:  

    With ubuntu 19.10, Format/Erase a drive  
    Fresh install of ubuntu 19.10 to above Formatted/Erased drive
    Fresh install of Sopho & update definitions, March 2020  
    No usb stick plugged-in & No other drive attached


    1. Timed scans:

    8 (eight) seconds scan of ubuntu1910 partition with
    Display Name, boot sector, master boot record, verbose archive types, full:
    sudo savscan -dn -bs -mbr -vv -f *


    3 (three) minute scan of ubuntu1910 partition:  
    savscan /
    or
    sudo savscan / -dn -bs -mbr -vv


    11 (eleven) minute scan of ubuntu1910 partition:
    savscan / -dn -bs -mbr -vv -all
    or
    sudo savscan / -dn -bs -mbr -vv -all    


    19 (nineteen) minute scan of ubuntu1910 partition:
    sudo savscan / -dn -bs -mbr -vv -all -archive -pua -eec -suspicious


    24 (twenty-four) minute scan of ubuntu1910 partition:
    savscan / -dn -bs -mbr -vv -all -f


    34 (thirty-four) minute scan of ubuntu1910 partition:
    savscan / -dn -bs -mbr -vv -all -archive –f



    2. Attach HDD (hard disk drive sata 2 NTFS Windows files) to be scanned and
    No HDD automatic detection by ubuntu1910
    No HDD automatic mount

    Must do a manual HDD mount.

    Used ubuntu1910 GUI (graphical user interface) to mount HDD:
    Bottom Left corner button = ShowApplications /
    DISKS /
    AdditionalPartitionOptions /
    EditMountOptions /
    UserSessionDefaults = Off /


    Terminal Command:
    df  
    Examples of HDD display in df
    /media/username/device-label
    /media/user1/s_931GBmbrN
    /mnt/E6849A098499DBFC  


    3. Plug-in Tablet android 6 to usb 2.0 port to be scanned and
    No Tablet automatic detection by ubuntu1910
    No Tablet automatic mount
    No easy manual Tablet mounting in ubuntu1910
    No scanning (savscan /) for Tablet
    Suggestion was to find android 6 anti-virus app to scan Tablet.


    --