Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

savscan / via socket ?

Hello

I would to scan each file that gets uploaded via my php upload script with Sophos anti-virus tool.

Using savscan each time is very slowwww , because savscan needs to load virus signatures in memory .
Is available a savscan daemon (such as with clamd antivirus) so I can check a file without executing each time savscan ?

 

Thank you!

 

  • Add to Phrasebook
     
    • No word lists for English -> Italian...
       
    • Create a new word list...
  • Copy


This thread was automatically locked due to age.
Parents
  • for example something like clamdscan which permits to scan files using the clamAV daemon.

  • Hi  

    savscan is the only command line manual scan option available in the SAV for Linux and Unix, however, I'll still discuss the query once I have an idea about how Clamdscan works so it'd great if you can explain a bit more about how clamdscan works. 

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Sure

     

    In clamAV antivirus there are two commands

    clamscan /file

    and

    clamdscan /file


    clamscan is exactly the same of savscan .  clamscan and savscan are very slow to run because when you start them they need to load in memory all signature database.
    So clamscan and savscan are not good if you need to execute them very often .

    clamdscan is a clamscan daemon which can be started on request .
    If the service/daemon is started when I scan files using clamdscan the behaviour to scan a file is like with clamscan or savscan,
    BUT the signatures are already in daemon memory, so the scan check returns immediately .






    • Add to Phrasebook
       
      • No word lists for English -> Italian...
         
      • Create a new word list...
    • Copy
  • Hi  

    Thank you for the information.

    There are three types of Scanning available in SAV for Linux.

    1. Scheduled Scan - Simply scheduled for particular date and time.

    2. On-demand Scanning - This can be triggered using savscan command which is manually scanning option for the user which is exactly the right click Scan in Windows.

    3. On-access Scanning - SAV for Linux performs scanning whenever any file is getting a download on the machine, or copied to machine or you modify any file and save it.

    Whenever you are uploading any file to the server which is basically gets copied to the machine from another machine, SAV for Linux will scan that file by default and it is malicious, Sophos will delete it and will not allow it to be copied on the machine.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Whenever you are uploading any file to the server which is basically gets copied to the machine from another machine, SAV for Linux will scan that file by default and it is malicious, Sophos will delete it and will not allow it to be copied on the machine.

    >

    does it includes check for email , archives ... because I need to execute a full scan ? If no, this solution is not good.

     

     

  • Hi  

    Would you please suggest when you say email or archive, you are pointing it towards the .pst file or .ost file of the mailbox?

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • I'm talking about the savscan -f option which scan all kinds of files (email and archive included) .

Reply Children