Veeam backup and replication restore scanned by antivirus software.


We use Veeam Backup and replication for backup and recovery.

We also use Sophos Protection on the server.

When I want to restore a VM, Veeam has the option to scan the VM for malware.

When I check that option I get an error message that there is no antivirus software.

I searched on Google and found this page:

Searched for the .xml file and found but there are only examples but not for Sophos.

In the meantime I have found that Sophos has CLI but the rest of the institutions is still unclear to me.

Is there someone who can help me with this or who uses it himself?


Thanks in advance.

  • Hello Jelle Dop,

    I assume you are referring to SAV32CLI?
    AFAIK it's not intended and supported for automation. I think it'd work, though - as said - it's an unsupported scenario. The exit codes are no longer documented - it shouldn't be too hard to figure them out (there are IIRC just four basic ones), similarly the format of the ThreatExists messages.


  • In reply to QC:

    Hi there,

    Thanks for your answer. I already found SAV32CLI but i need to know if there is something in the register of service line that i need to enter.

  • In reply to Jelle Dop:

    Hello Jelle Dop,

    this is more a Veeam question, viz them meaning of the <AntivirusInfo> tag's attributes.
    I'm Veeam-ignorant but I'd say that these attributes are used to verify the AV is installed and functioning when IsPortableSoftware='false', otherwise it just checks the ExecutableFilePath. You'd probably not need these attributes but they'd be HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SAVService and SAVService respectively.


  • Dear Jelle Dop, 


    Sorry to update this old ticket, but I have the same situation, we have Veeam Backup and Replication and Sophos Endpoint installed on the Mount Server.

    Did you managed to have the Configuration AntivirusInfos.xml supporting Sophos ? 

    Otherwise I will try to open a ticket to Veeam to see if any support will be ginven on that subject.


    Thank You

    Have a nice day.


    Best Regards, Edouard Fazenda.  

  • In reply to Edouard Fazenda:


    Unfortunately, we do not have such an .xml and cannot output it. I assume that the above file is automatically created by Veeam. For further assistance, I would suggest you contact Veeam support. If you want to see this feature in future releases, please raise a feature request at, if there is already one, you can upvote the same. 

  • Hello all,

    I used this configuration for Malware scanning with VEEAM.

    <AntivirusInfo Name='SOPHOS' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles(x86)%\Sophos\Sophos Anti-Virus\SAV32CLI.exe' CommandLineParameters='%Path%' RegPath='' ServiceName='' ThreatExistsRegEx='>>>.+found\s+in\s+file' IsParallelScanAvailable='false'>
    <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
    <ExitCode Type='Error' Description='Antivirus scan was canceled'>1</ExitCode>
    <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
    <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>