Preparing to Scan
As is the case with many capable software products, Powertech Antivirus can occupy excessive system resources if care is not taken during deployment. In this section, you will learn the key concepts needed to plan the most appropriate scanning approach for your environment.
In this section you will learn:
- An overview of Powertech Antivirus' two scanning methods: On-Demand and On-Access.
- How to target potential threats
- Tuning parameters and configuration methods that can be used to limit resource consumption
On-Demand vs. On-Access scanning
Powertech Antivirus' two scanning methods can be used separately or in tandem to address all potential threats on your systems.
Using On-Demand Scanning
On-Demand scanning is run ‘on-demand’, that is, when started manually, or when scheduled.
This can be done in a few ways:
- Invoking the avscan command from the command line on the Unix endpoint.
- Invoking the avscan command in a scheduler (such as cron) on the Unix endpoint.
- Invoking the On-Demand Scan options using the HelpSystems One web browser console.
In order to run an On-Demand scan from the command line or from a scheduler, you must pass the configuration for the scan using the parameters of the command. See avscan command.
In order to run an On-Demand scan from HelpSystems One, you must:
- Open HelpSystems One and create an On-Demand Configuration.
- On the Endpoints page, for an endpoint, check the endpoint and choose Run Scan.
- In the Run Scan page, choose the Configuration and then Save and Run or Run.
Using On-Access Scanning
On-access scanning is ‘real-time’ scanning. Essentially, you set a configuration that includes several directories that you wish to continually scan. You can then decide whether to scan when a file is opened or when a file is opened and closed. This runs continually as a service.
When applications open files that require scanning, there is a delay while the system completes the scan. For most files, the scanning takes only a fraction of a second. However, large files, archive files, and compressed files can take several seconds or minutes. Once a file has been scanned by the on-access service, the scan result is stored in a cache for the file system if the file system cache has been enabled for the service. The cache is consulted the next time the file is accessed, and if it has not been modified, it will not require scanning again and access will be faster. The cache is cleared completely upon on-access service exit, update of virus definitions, or significant changes to service configuration. Individual items in the cache are also subject to size and time-to-live constraints and are configured in the service configuration. Archive scanning takes additional CPU resources and can be disabled. Please note many viruses come in the form of .zip archive files.
On-Access scanning can be configured locally or using HelpSystems One.
Local configuration
Set the [avsvc] stanza in the config.ini file located in /opt/sgav
[avsvc] is only for the on-access scan service. If you change the defaults in here, you must reload or restart the avsvc service depending on which default has been changed.
HelpSystems One configuration
You can create an on-access configuration within HelpSystems One and deploy it to the Unix endpoint. When you change the configuration in HelpSystems One, the config.ini file is overwritten on the target Unix endpoint and the service is reloaded. You can only have one on-access configuration running at any one time.
What should I scan?
HelpSystems can provide guidelines and technical details regarding the operation of Powertech Antivirus, however, every organization's networks are different, and security requirements vary across organizations. It is ultimately the responsibility of the system administrator and/or security officer to understand the details and purpose of the various filesystems to be scanned, and to decide how to employ Powertech Antivirus's capabilities to accommodate the security needs of the organization.