We'd love to hear about it! Click here to go to the product suggestion community
With one Sophos command, how to virus scan All?
352 MB (369,423,602 bytes)
Updates February 2020:
Updating from versions - SAV: 9.16.0, Engine: 3.77.1, Data: 5.72
Sophos Anti-Virus is active
sudo /opt/sophos-av/bin/savdstatus -vv
Sophos Anti-Virus is active and on-access scanning is running
The following commands did not scan ALL:
sudo savscan / -all -archive
savscan / -all -archive
sudo savscan / -all
savscan / -all
sudo savscan / -archive
savscan / -archive
Hello Joseph Joseph4
Running savscan / -all on on-demand scanning (versus a scheduled scan) will only scan an internal list of file types to scan.
If you would configure a scheduled scan, it should scan all files, regardless of extension, and will also detect mounted file systems, which you can configure.
Please also have a look at this KB article for more information:
Sophos Anti-Virus for Linux and Unix: Comparison chart of savscan and scheduled scan
More information here too Sophos AV for Linux Config Guide
In reply to DianneY:
Thank you for Links:
https://community.sophos.com/kb/en-us/114372 https://community.sophos.com/kb/en-us/117346https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_cg.pdf but above 3 Links have information that is unclear. Entering in those exact commands gives errors.
Question:With one Sophos command, how to virus scan All?All means:
From your post, my understanding is:
savscan / -all
is On-demand scanning and On-demand scanning is not the command needed to scan All.
From your post, my understanding is:A scheduled scan is what is needed to scan All.
A text file that is a schedule. A text file that a beginner can copy and paste that instructs Sophos to:scan All now orstart scan All in 2 minutes from now,
or 2. Please post a Youtube video Link showing how to make a Sophos scheduled scan.
In reply to Joseph Joseph4:
Hello Joseph Joseph4
One thing I missed was that you have the free edition (sav-linux-free-9.tgz) and this document should provide information for the version you have - https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_fsg.pdf
If our community members would have any input for your inquiry, they are more than welcome to post them.
Hello DianneY On page 6 of PDF suggested in above post:
it says to savscan / this was done, but Question remains.
There are 153 views of this Question and
over 5 days with no post from community members.
Help is still needed as of today Wednesday February 19, 2020.
How to Sophos virus scan All?
Hello Joseph Joseph4,
given that On-Access scanning is running (as your initial post shows) - what would be the purpose of this scan all? What should it detect?
RAM isn't scanned on Linux (again - what do you think it could find?)
Whether a disk is an HDD or an SSD doesn't matter - as does the connection type. A supported mounted filesystem on a device that presents itself as storage is scanned - in case of an android tablet it depends on the tablet what part of its storage it exposes.All DVDs - it's not clear what you mean. You don't have several DVD drives, do you? Or are you talking about ISOs mounted as virtual DVDs, similarily CDs.
Last but not least: A frequent complete scan isn't necessary. If you really insist of scanning a disk or medium you haven't scanned before you'd not want to (re-)scan the whole system, it'll literally take hours if not days. Maybe I misunderstand your question but looking for an ALL command does - IMO - not make much sense.
ChristianP.S.: How long do you use Linux or are you new to it?
In reply to QC:
> Christian replied:> given that On-Access scanning is running (as your initial post shows) -
Correct, On-Access scanning is running, from above post: sudo /opt/sophos-av/bin/savdstatus -vv Sophos Anti-Virus is active and on-access scanning is running
> what would be the purpose of this scan all?Examples: 1. Scan a USB stick. 2. Scan a Tablet. 3. Scan a HDD, like NTFS drive from a Windows computer. 4. Scan DVD disks.> What should it detect?Whatever Sophos does, guessing Sophos detects: Malware, virus, trojan, worms, adware, spyware, backdoor, undesirables.> RAM isn't scanned on Linux That is new information. > (again - what do you think it could find?)Whatever Sophos does, guessing Sophos detects: Malware, virus, trojan, worms, adware, spyware, backdoor, undesirables.> Christian replied:> Whether a disk is an HDD or an SSD doesn't matter -> as does the connection type.> A supported mounted filesystem on a device > that presents itself as storage is scanned - in case of an> android tablet it depends on the tablet > what part of its storage it exposes.
> All DVDs - it's not clear what you mean.
At this moment there is one DVD drive. Many DVD disks.
Scan DVD disk #1 with Sophos, thus DVD disk #1 is confirmed clean, virus free. Insert DVD disk #2, scan, thus DVD disk #2 is confirmed clean, virus free.Etc…
> Christian replied:> Last but not least: > A frequent complete scan isn't necessary.
> If you really insist of scanning a disk or > medium you haven't scanned before > you'd not want to (re-)scan the whole system, > it'll literally take hours if not days.That is Ok. It is Ok to take hours or days for scanning. The target for this Linux (Ubuntu 19.10) computer is to do one thing, scan. Insert (Plug in) a medium (USB stick, tablet, NTFS drive, etc…)Scan medium.Confirm all is clean, virus free (zero viruses discovered) Examples:
> Maybe I misunderstand your question > but looking for an ALL command does - IMO - not make much sense.
Background information, experience:Scan times:
sudo savscan /homeScanned 5,200 files in 1 minute sudo savscan /Scanned 65,000 files in 18 minutes sudo savscan / -all -archiveScanned 352,000 files in 70 minutes Now insert HDD with NTFS format from a Windows computer with 100,000 filesBased on above experience of Scanned 352,000 files in 70 minutes The expectation is Sophos to show, all clean, virus free (zero viruses discovered) Scanned 452,000 files in 170 minutes (or however long it takes)> Christian> P.S.: How long do you use Linux or are you new to it?New to it, using Linux (Ubuntu 19.10) less than 6 months. For now, using Windows more than Linux. Learning Linux.
Said differently, 2 Questions:
2.What is the Sophos command to scan All newly inserted mediums? --
Hi Joseph Joseph4
Linux OS and SAV for Linux are quite different from Windows and Behaviour of SAV on windows. Even on windows when you insert a new USB drive or a DVD drive, SAV does on-access scanning without notifying you and will not give you the pop-up that device is free from virus or etc., it will try to automatically clean the threat if it is detected and will mention that in Sophos client logs for windows.
Everything is same for SAV for Linux, it will just give you the pop-up when it'll detect the threat while scanning the newly inserted device through on-access scanning. Please refer the section 7 of this document.
Basically, every new device will be scanned through SAV for Linux whenever they are inserted but will not give you pop-up about they are virus-free unless that device has any malicious software or file.
2. What is the Sophos command to scan All newly inserted mediums? - All the mediums will be scanned through the on-access scan whenever they are inserted. There is no single command to access them at one go.
In reply to Jasmin:
so you want to use your Linux as kind of sheep-dip?
First of all, to avoid any misinterpretation of Jasmin's statement when you insert a new USB drive or a DVD drive, SAV does on-access scanning. On-Access does not scan the device or medium (i.e. "all" the files on it) in response to an insertion, it scans the files the OS or a registered application (e.g. media player) accesses upon insertion. In other words this doesn't trigger a scan job that reliably scans or a defined subset of the files and consequently as there is no start of a job there's also no end.
More important: Mounting another OS's storage to scan for threats is like analysing CCTV recordings instead of watching the live stream. You'll gather some evidence, you might identify some trespassers but you wouldn't be able to prevent or stop some misdeed. Furthermore, if you don't connect the device/storage directly but through the OS (e.g. Smartphones or Cameras) what you can then scan might be neither everything nor the actual contents.
Last but not least: With What should it detect? I meant what kind of and how many threats and infected items do you expect to find? Especially on CDs and DVDs - while not unheard of these are nowadays seldom carriers.
Hello Jasmin, thanks for the Link but difficulties … On Thursday-20-February-2020, the Link: https://community.sophos.com/kb/en-us/114372 Above web page says: For full details on how to configure/import/update a scheduled scan, please review the User Manual: http://www.sophos.com/support/docs/ Sorry! We can't find the page you requested. We may have moved it or removed it from the site. Link is broken: http://www.sophos.com/support/docs/ Can Link be fixed? Looking for particulars to: - configure a scheduled scan - import a scheduled scan - update a scheduled scan --
I just provided you with the below two links in my reply and the KB article don't have any information written like "For full details on how to configure/import/update a scheduled scan" and also no link to the user manual in the KB itself.
I have provided the user manual link separately from the KB - https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_fsg.pdf
I hope this and QC 's answer will help you to understand the scan better.
the KB article don't have any informationI beg to differ . Indeed inSophos Anti-Virus v9.x For Unix/Linux: Scheduled scan options there's this sentence:
For full details on how to configure/import/update a scheduled scan, please review the User Manual: www.sophos.com/.../
For full details on how to configure/import/update a scheduled scan, please review the User Manual: www.sophos.com/.../
> Jasmin > I have provided the user manual link separately from the KB - > https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_fsg.pdf > I hope this and QC 's answer will help you to understand the scan better.
(2019/01/23) = date in above PDF with title: Sophos Anti-Virus for Linux free edition product version: 9 Hello Jasmin, above PDF helped a little bit, example: Section 5.1 How to check if on-access scanning is active? /opt/sophos-av/bin/savdstatus Sophos Anti-Virus is active Section 6 Scan the computer now savscan / scans the Operating System drive, Ubuntu 19.10 SSD sata 2.0 port But: savscan / did not scan the Windows NTFS HDD, plugged into SATA 2.0 port savscan / did not scan the Windows USB Stick, plugged into USB 2.0 port Note: df Terminal Command shows NTFS HDD and USB Stick.
savscan / did not scan the Android 6 Tablet, plugged into USB 2.0 port Note: df Terminal Command does not show Android 6 Tablet But, Ubuntu 19.10 Explorer sees Android 6 Tablet as mpt://Android_Android_/14faf1ce/ Side Question: How to Mount Android 6 Tablet? So df Terminal Command shows Tablet. So Sophos can then scan Tablet. Ctrl+Alt+T run Terminal df (df = abbreviation for disk free) Question clarified: What is the Sophos command to scan all devices the df Terminal Command can see? (NTFS drive, USB Stick) This command does not scan (NTFS drive, USB Stick) savscan / --
Experiments done: In Windows know your drive particulars. USB Stick (flash drive, thumb drive, pen drive, jump drive) at Windows J:\ drive, do NBRT = record Drive Label, use Label with no space in name because saves using quotes "" later . Ctrl-A = Select All files / Shift-F10 / Properties 57 files 12 folders 01.73 GB (01,858,326,243 bytes) Size used 29.20 GB (31,360,319,488 bytes) Capacity Eject (unMount) USB Stick from Windows Insert USB Stick into Linux Ubuntu 19.10 Ctrl+Alt+T run Terminal df (df = abbreviation for disk free) In df output Look for: /media/username/device-label Example: /media/user1/NBRT/ Recall NBRT = Drive Label from Windows Here are some Sophos commands. Change commands below to match your situation.
Scan one file: sudo savscan /media/user1/NBRT/temp/test.txt Scan media players: sudo savscan /media/user1/NBRT/temp/GOM.EXE sudo savscan /media/user1/NBRT/temp/vlc.exe sudo savscan /media/user1/NBRT/temp/ -all sudo savscan /media/user1/NBRT/temp/*.* sudo savscan /media/user1/NBRT/ -all sudo savscan /media/user1/NBRT/*.* sudo savscan /media/user1/NBRT/-all -f Full Scanning sudo savscan /media/user1/NBRT/ -all -archive Quick Scanning sudo savscan /media/user1/NBRT/ -all -archive -f Full Scanning sudo savscan /media/user1/NBRT/ -mbr 2 master boot records scanned. Quick Scanning sudo savscan /media/user1/NBRT/ -bs 3 boot sectors scanned. Quick Scanning sudo savscan /media/user1/NBRT/ -all -archive -f -bs -mbr sudo savscan /media/user1/NBRT/ -dn -bs -mbr -vv -all -archive -f -pua -eec –suspicious above commands work for USB Stick because df shows the way /media/user1/NBRT/ Question clarified: What is the Sophos command to scan all devices the df Terminal Command can see? (NTFS drive, USB Stick) --
> Christian > so you want to use your Linux as kind of sheep-dip? Yes. I was unfamiliar with term "sheep-dip". This clarifies "sheep-dip": In data security, a sheep dip is the process of using a dedicated computer to test files on removable media for viruses before they are allowed to be used with other computers. https://en.wikipedia.org/wiki/Sheep_dip_(computing) Isolated from other computers. Not connected to office network. For clarity, beyond "sheep-dip", using Linux Sophos to: 1. Test files before they are allowed to be used with other computers. 2. Sophos finds "Could not check" (corrupt files). 3. Sophos finds "Password protected files". 4. Sophos finds "virus scan failed" files. 5. Sophos detects number of "encrypted files were not checked". 6. Sophos finds PUAs (Potentially Unwanted Applications) 7. Sophos finds virus. Then manual deletion. Then Long term Off-Line file storage. From above seven (7) points, characterizing Linux Sophos and other Linux Anti-Virus programs as a: - Sheep-dipper and - Error detector and - Encryption detector and - Virus detector then Scrubber (Cleanser), before storing files.
Update 10-March-2020: With ubuntu 19.10, Format/Erase a drive Fresh install of ubuntu 19.10 to above Formatted/Erased drive Fresh install of Sopho & update definitions, March 2020 No usb stick plugged-in & No other drive attached 1. Timed scans: 8 (eight) seconds scan of ubuntu1910 partition with Display Name, boot sector, master boot record, verbose archive types, full: sudo savscan -dn -bs -mbr -vv -f * 3 (three) minute scan of ubuntu1910 partition: savscan / or sudo savscan / -dn -bs -mbr -vv 11 (eleven) minute scan of ubuntu1910 partition: savscan / -dn -bs -mbr -vv -all or sudo savscan / -dn -bs -mbr -vv -all 19 (nineteen) minute scan of ubuntu1910 partition: sudo savscan / -dn -bs -mbr -vv -all -archive -pua -eec -suspicious 24 (twenty-four) minute scan of ubuntu1910 partition: savscan / -dn -bs -mbr -vv -all -f 34 (thirty-four) minute scan of ubuntu1910 partition: savscan / -dn -bs -mbr -vv -all -archive –f 2. Attach HDD (hard disk drive sata 2 NTFS Windows files) to be scanned and No HDD automatic detection by ubuntu1910 No HDD automatic mount Must do a manual HDD mount. Used ubuntu1910 GUI (graphical user interface) to mount HDD: Bottom Left corner button = ShowApplications / DISKS / AdditionalPartitionOptions / EditMountOptions / UserSessionDefaults = Off / Terminal Command: df Examples of HDD display in df /media/username/device-label /media/user1/s_931GBmbrN /mnt/E6849A098499DBFC 3. Plug-in Tablet android 6 to usb 2.0 port to be scanned and No Tablet automatic detection by ubuntu1910 No Tablet automatic mount No easy manual Tablet mounting in ubuntu1910 No scanning (savscan /) for Tablet Suggestion was to find android 6 anti-virus app to scan Tablet. --