User manual

ManualsBrandsAVIRA ManualsComputer equipmentANTIVIR SERVER UNIX

Avira GmbH Avira AntiVir Server/ Professional (UNIX) 19

Alert

Conditions

Alert Actions Based on Configurable Conditions:

You can set actions based on the reported alert condition (eg. for encrypted files or

archives that are tagged as suspicious).

Based on the specific action, the alert is treated as follows:

• ignore - the alert is ignored.

• warn - the condition is logged as a warning; access is not blocked by the guard.

• block - access is blocked.

• alert - access is blocked; the alert action is performed (highest priority).

Each of the following conditions can be set to: ignore, warn, block or alert.

Default settings:

• ArchiveMaxSizeAction block

• ArchiveMaxRecursionAction block

• ArchiveMaxRatioAction block

• ArchiveMaxCountAction block

• ScanIncompleteAction warn

• ArchiveEncryptedAction warn

• ArchiveMultiVolumeAction warn

• ArchiveUnsupportedAction warn

• ArchiveHeaderMalformedAction warn

• ArchiveBombAction block

• TaggedSuspiciousAction warn

• ArchiveProcErrorAction warn

AccessMask

Access mask (only for dazuko2):

This option sets the access type of AntiVir Guard, when scanning files for viruses or

unwanted programs:

• 1: Scanning a file when opened

• 2: Scanning a file when closed

• 4: Scanning a file when executed

For setting more access types at the same time, you have to add the above values. For

example, to scan files when opened and when closed, the value has to be 3 (default).

AccessMask 3

IncludePath

Scanned directories (only for dazuko2):

AntiVir Guard scans the files in the specified directories, including their subdirectories.

Usually, the most vulnerable file system is /home since the data of different users is

located there:

IncludePath /home

Specific alert actions are only available for scan result flags that are

supported by Savapi.

In case multiple alert flags trigger simultaneously, the action with the

highest escalation level takes precedence.

Please note that AntiVir Guard is able to react to these situations and

to scan files, only if the kernel module supports these events. Not

every operating system supports all events in every kernel version.

Moreover, some kernel modules offer the possibility to activate or

deactivate certain events. Independent from the use of the other

events, we recommend that you always keep the option Scanning

files when opened activated.