sophos.conf - Contains the most commonly used Sophos Anti-Virus options
/opt/pmx/etc/virus.d/sophos.conf
Note: Only the options that are most commonly used are listed in the default
sophos.conf. The options described below that are not included in
sophos.conf function according to their default values. To change the
setting, edit sophos.conf, and add the desired option and setting.
- <backend Sophos>
-
- enabled
-
Enable or disable the Sophos virus back end.
Values: yes | no
Default: yes
- daemon
-
Specify whether the anti-virus engine should be run as a daemon or loaded by
the PureMessage engine. If daemon mode is enabled, configure the daemon's
operating parameters in the the virus.conf manpage configuration file.
Values: yes | no
Default: no
- fullsweep
-
If this option is set to 'off', a 'quick scan' is performed. Quick scans
determine the parts of the message that are capable of carrying
a virus, and analyze the sections of those parts that carry the payload
(for example, the VBA project area within a Word document). In addition to
simple pattern matching, the quick scan employs advanced detection methods
to identify viruses. However, under certain circumstances (such as new virus
types that do not match existing virus characteristics), viruses can be
missed.
If 'fullsweep' is set to 'on', the scanner performs the same scan as a
quick scan, but also analyzes every byte of the message, looking for patterns
that match the virus definition files.
While disabling 'fullsweep' can provide slightly better message-processing
throughput, email messages are generally small enough that the advantage is
minimal. Regardless of the setting, virus scanning stops when the engine
encounters a virus.
Values: on | off
Default: on
- emulation
-
Specifies whether the Sophos engine should use internal emulation to
search intelligently for viruses. If disabled, the engine finds only
exact matches for viruses.
Values: on | off
Default: on
- scan_macros
-
Specifies whether to scan intelligently for macro viruses. If disabled,
the engine finds only exact matches for macro viruses.
Values: on | off
Default: on
- unzipexe
-
Specifies whether to scan for viruses inside PKLite, LZEXE and Diet
archives.
Values: on | off
Default: on
- scan_templates
-
Specifies whether to scan within documents marked as templates.
Values: on | off
Default: on
- scan_pe
-
Specifies whether to scan inside Microsoft's Portable Executable (PE)
file format.
Values: on | off
Default: on
- scan_xls
-
Specifies whether to scan inside Microsoft Excel spreadsheet documents.
Values: on | off
Default: on
- scan_ppt
-
Specifies whether to scan inside Microsoft PowerPoint documents.
Values: on | off
Default: on
- maxrecurse
-
Specifies the maximum level of recursion inside the virus scanning
engine. Each time the engine descends into a compressed archive, the
level is incremented. Lowering this value too much means archives
contained within archives may not be scanned. Raising it too high may
slow down processing.
Values: positive integers
Default: 16
- ungzip
-
- unarj
-
- uncmz
-
- unrar
-
- untar
-
- unuue
-
- unzip
-
Decompression options: These options determine what type of archives
and compression formats the engine will scan inside.
Values: on | off
Default: on
- GrpArchiveUnpack
-
Enables unpacking and scanning for all supported archive types.
Values: on | off
Default: on
- EnableAutoStop
-
Stops the scanner when a potential resource (e.g. disk or memory) consumption
condition is detected (possibly a Denial of Service attack). This option
uses a set of heuristic tests, so it is possible to get the occasional false
positive.
Default: off
- </backend>
-
Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and
PureMessage are trademarks of Sophos Plc and Sophos Group.