Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Subscribers 14 subscribers
  • Views 7186 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Linux Server - can it detect more?

Gunsuka

I have installed Sophos Antivirus for Linux on a Debian machine.

Using it for on demand scanning of email messages, it works when I push EICAR test virus through it.

I have a large collection of virus infected messages, when testing those it only detects about 50% of them.

I have confirmed that the system is running the latest definition files, following these instructions.

One could argue that Sophos does not know about the specific viruses yet, especially if they are new.

HOWEVER, if I test the messages with VirusTotal their system will detect the virus infection and it states that found by Sophos AV.

If I have the latest data files, how can I get my install to operate as well as VirusTotal is performing?

I have confirmed that I have the system set to scan compressed files, what else can I do?



This thread was automatically locked due to age.
Parents
  • 0

    Hi, 

     

    savscan only scans files with an extension that the virus data thinks can be infected, vs. on-access scans which scan all file names.

     

    Archive setting is independent between savscan (on-demand) and on-access scanning.

     

    Please try:

    savscan -archive -all <rest of args>

     

    to ensure that we are scanning the files specified.

    It's also possible that the malware being detected is counted as a PUA or suspicious file - in which case the -pua or -suspicious options might be required.

     

    Thanks,

    Douglas.

  • 0 in reply to DouglasLeeder

    Douglas, thanks for the info.  Very enlightening.

    We are actually using SSSP to access the on-demand scanning.  Where/how do you configure the preferences for that service?

     

    savscan is the command-line on-demand scanner.

  • 0 in reply to Gunsuka

    Hi,

    Sorry, I don't know anything much about the SSSP API or savdi. I think you'll have to contact support and get official help.

    Thanks,

    Douglas.

Reply Children
Unfiltered HTML