NAME

sophos.conf - Contains the most commonly used Sophos Anti-Virus options


SYNOPSIS

/opt/pmx/etc/virus.d/sophos.conf


DESCRIPTION

Note: Only the options that are most commonly used are listed in the default sophos.conf. The options described below that are not included in sophos.conf function according to their default values. To change the setting, edit sophos.conf, and add the desired option and setting.

<backend Sophos>
enabled
Enable or disable the Sophos virus back end.

Values: yes | no

Default: yes

daemon
Specify whether the anti-virus engine should be run as a daemon or loaded by the PureMessage engine. If daemon mode is enabled, configure the daemon's operating parameters in the the virus.conf manpage configuration file.

Values: yes | no

Default: no

fullsweep
If this option is set to 'off', a 'quick scan' is performed. Quick scans determine the parts of the message that are capable of carrying a virus, and analyze the sections of those parts that carry the payload (for example, the VBA project area within a Word document). In addition to simple pattern matching, the quick scan employs advanced detection methods to identify viruses. However, under certain circumstances (such as new virus types that do not match existing virus characteristics), viruses can be missed.

If 'fullsweep' is set to 'on', the scanner performs the same scan as a quick scan, but also analyzes every byte of the message, looking for patterns that match the virus definition files.

While disabling 'fullsweep' can provide slightly better message-processing throughput, email messages are generally small enough that the advantage is minimal. Regardless of the setting, virus scanning stops when the engine encounters a virus.

Values: on | off

Default: on

emulation
Specifies whether the Sophos engine should use internal emulation to search intelligently for viruses. If disabled, the engine finds only exact matches for viruses.

Values: on | off

Default: on

scan_macros
Specifies whether to scan intelligently for macro viruses. If disabled, the engine finds only exact matches for macro viruses.

Values: on | off

Default: on

unzipexe
Specifies whether to scan for viruses inside PKLite, LZEXE and Diet archives.

Values: on | off

Default: on

scan_templates
Specifies whether to scan within documents marked as templates.

Values: on | off

Default: on

scan_pe
Specifies whether to scan inside Microsoft's Portable Executable (PE) file format.

Values: on | off

Default: on

scan_xls
Specifies whether to scan inside Microsoft Excel spreadsheet documents.

Values: on | off

Default: on

scan_ppt
Specifies whether to scan inside Microsoft PowerPoint documents.

Values: on | off

Default: on

maxrecurse
Specifies the maximum level of recursion inside the virus scanning engine. Each time the engine descends into a compressed archive, the level is incremented. Lowering this value too much means archives contained within archives may not be scanned. Raising it too high may slow down processing.

Values: positive integers

Default: 16

ungzip
unarj
uncmz
unrar
untar
unuue
unzip
Decompression options: These options determine what type of archives and compression formats the engine will scan inside.

Values: on | off

Default: on

GrpArchiveUnpack
Enables unpacking and scanning for all supported archive types.

Values: on | off

Default: on

EnableAutoStop
Stops the scanner when a potential resource (e.g. disk or memory) consumption condition is detected (possibly a Denial of Service attack). This option uses a set of heuristic tests, so it is possible to get the occasional false positive.

Default: off

</backend>


COPYRIGHT

Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.