The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The ability of UNIX and Linux to expand wildcard characters (e.g. * and ?) automatically on the command line is limited.
In Sophos Anti-Virus for UNIX/Linux, you can use the command line option --expand-wildcards to instruct Sophos Anti-Virus to expand wildcards, rather than to use the shell's built-in expansion. NOTE: This option is applicable to on-demand scans executed with sweep (SAV4) or savscan (SAV7/9).
The wildcard '*' will exclude a variable number of characters. The wildcard '?' will exclude only one character.
To use the command line option --expand-wildcards to make Sophos Anti-Virus expand wildcards itself, you must enclose anything containing wildcard characters in double quotation marks. Otherwise, the shell will process them first, and then expand them.
The option --expand-wildcards only applies to the filename part of a path. For example
sweep --expand-wildcards "/usr/fred/f*"
scans all files called f* in the directory /usr/fred (for example: f, f1, ftwo are scanned; e1 and /usr/fred/freda/frodo are not).
Wildcard handling using the shell is limited to patterns that match a path and filename. For example
sweep /usr -exclude /usr/fred/tomm*
scans all files in the directory /usr and its subdirectories except, for instance, /usr/fred/tommi, /usr/fred/tommy and /user/fred/tommi/harry.
Using --expand-wildcards enables more powerful wildcard handling. Extra features include truncation at the beginning of a word. For example
sweep /usr --expand-wildcards -exclude "*tom"
scans the directory /usr and its subdirectories, but excludes all files or directories whose names contain any number of characters and end in 'tom' (e.g. /usr/tom, /usr/local/fred/tom and /usr/local/fred/tom.tom are excluded; but /usr/local/fred/tom.txt is not).
sweep /usr --expand-wildcards -exclude "?tom"
scans the directory /usr excluding all files or directories whose names contain any single character followed by, and ending with, 'tom' (e.g. /usr/local/atom and /usr/local/fred/ktom are excluded; but /usr/tom and /usr/tomtom are not).
You can use more than one wildcard at a time. For example
sweep /usr --expand-wildcards -exclude "*fr?d*"
scans the directory /usr and excludes all files or directories whose names contain the letters 'fr', followed by any single character, followed by 'd' (for example, /usr/local/fred, /usr/local/afreddy, /usr/local/frodo are excluded; /usr/local/frica is not).
Although excluding certain files from scanning can save time, some time is spent matching the wildcards to names of files, directories or filesystems. Take this into consideration when planning your scan.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.