Endpoint Protection

Hi all,

I need to start a manual scan with a bash script and evaluate the result to perform distinct actions if it returns 0 or 1 (infected or not infected).

However, sav doesn't return any status code or message, even without "--quiet" option or when a wrong file name is passed.

Is there any config option do enable command line results?

Regards,

Daniel 

What version/OS?

Hi,

To initiate a manual scan of the home directory from /opt/Symantec/symantec_antivirus, here's the correct command line: 
sudo ./sav manualscan -s /home

How to test if SAVFL is Scanning what I want it to Scan? 

Download the eicar test file!  Though it is completely harmless, SAVFL will detect this file and create an entry in the logs (and display a pop-up, for users who have installed SAVFL's GUI).

disable autoprotect
download the eicar.com file into the desired directory
then re-enable autoprotect or initiate a scan.
Try to copy that eicar file and SAVFL should either detect it or (if there is an exclusion created successfully) not

Refer these articles: https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

Now the enterprise version of Symantec Endpoint Protection now includes the Symantec Endpoint Protection client for Linux. The Symantec Endpoint Protection client for Linux replaces the Symantec AntiVirus client for Linux and supports a greater range of distributions and kernels. Added distributions include Red Hat Enterprise Linux Server (RHEL) 6.5 and CentOS 6.5

SEP for Linux clients can now be managed by an RU5 SEPM, or later. Configuration enhancements have been made to the SEPM to allow policy creation for managed Linux clients. This includes AV policy settings, centralized exceptions, and LiveUpdate settings. The SEPM also features enhanced reporting for Linux clients, including the SEP client version, host OS details, and hardware details.

Can refer this article: https://www-secure.symantec.com/connect/articles/how-install-symantec-endpoint-protection-1215-ru5-linux-operating-system

Hello,

Red Hat Enterprise Linux Server release 6.5 (Santiago)

Sep for Linux: 12.1.5 (12.1 RU5) build 5337 (12.1.5337.5000).

Regards,

Daniel
 

Hi,

By default, the managed Linux client scans all files and folders daily at 12:30 A.M. However, you can launch a manual scan using the command-line interface:

sav manualscan -s pathname

Note: The command to launch a manual scan requires superuser privileges.

Attachment(s)

LinuxClient_Guide_SEP12.1.5_0.pdf   456 KB 1 version

Hi,

SAVFL is fully operational. Te problem is that i need to call sav from a script and sav doesn't return the scan result. The script will take decisions based on sav result.

when i mannually call sav, i've got no answers about the result. I had to search in  the log files, but the ,og record don't show the file name. I'll use SAVFL in a file server, and multiple uploads from multiple users may happen. So, i need to scan each file upload and warn the user if the file ins infected.

I've tried with:

# /opt/sep/symantec_antivirus/sav manualscan -s file.zip

From log files i've got: 

2C0911122D33,3,2,1,jatai,root,,,,,,,16777216,"Scan started on selected drives and folders and all extensions.",1413582356,,0,,,,,0,,,,,,,,,,,,,,,,a6:b3:77:79:0a:22,12.1.5337.5000,,,,,,,,,,,,,,,,0,,,,
2C0911122D34,2,2,1,jatai,root,,,,,,,16777216,"Scan Complete:  Threats: 0   Scanned: 1   Files/Folders/Drives Omitted: 0",1413582356,,0,0:0:1:0,,,,0,,,,,,,,,,,,,,,,a6:b3:77:79:0a:22,12.1.5337.5000,,,,,,,,,,,,,,,,0,,,,

# /opt/sep/symantec_antivirus/sav info -s
General Status: Done
Manual Scan: Done

#/opt/sep/symantec_antivirus/sav info -d
16-10-2014 rev. 3

#/opt/sep/symantec_antivirus/sav info -p
12.1.5 (12.1 RU5) build 5337 (12.1.5337.5000)

Best Regards,

Daniel

Hi Daniel

did you get an answer ?

Best Regards