This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does Sophos Antivirus for Linux scan program behavior?

Hello,

 

I'm having good time with Sophos Antivirus for Linux. I'm glad it is free. Currently I'm scanning the whole system. Everything is going fine. On-access scan is brilliant.

What I understand: Sophos scans files as they are accessed (thus termed on-access scanner) and then denies access if the file is found to be harmful.

My question: Does Sophos also monitor running programs behaviors? What if a program loads a bad and encrypted script/program into memory, then decrypts it, then run it? Can Sophos detect such runtime behaviors? I hope you get my point. 

 

Thank you,

Temp Man



This thread was automatically locked due to age.
  • Hello Temp Man,

    if the file is found to be harmful
    or potentially harmful. In case of such a two-component threat it's likely that the decrypting program will raise suspicion - it's not that different from a self-decrypting program.
    AFAIK there is no behaviour monitoring on Linux.

    Christian