Server Protection agent
Sophos Protection for Linux has an agent called Server Protection, which you can use to run on-demand scans on your Linux devices. Server Protection is an antivirus scanner (
avscanner). Server Protection doesn't support detecting and removing Potentially Unwanted Applications (PUAs).
The Server Protection installation directory ($PLUGIN_INST) is
Before you start using Server Protection, you need to check that
/usr/local/bin/ is in your path.
avscanner is a full file scanner and you can find it in
You can scan a file, archive, or directory.
You can add options when you run a scan from the command line.
To do this, enter
avscanner PATH \[OPTION\].
\[OPTION\] is one of the command-line options shown in the following table.
| ||Print this help message|
| ||Scan inside archives|
| ||Follow symlinks when scanning|
| ||Exclude these locations from being scanned|
| ||Write to log file|
| ||Set the log level. |
This sets the log level for avscanner only. It doesn't change the log level for the other Sophos Protection for Linux components.
You can use wildcards. If you use wildcards, you need to know the following:
- The shell expands wildcards before
avscannersees the options.
- If you use escaped or quoted wildcards,
avscanneruses them. They work in the same way as wildcards do for scheduled scan exclusions. See Linux scanning exclusions.
If you try to run an on-demand scan while one is already running, a refusal to scan message appears in the log file. You can find this in
/opt/sophos-sspl/plugins/av/log/av.log. See “Log files”.
Here are some example commands.
| ||Scan the root directory (recursively including dot files or directories) including the contents of any archive files.|
| ||Scan the root directory and follow any symlinks.|
| ||Scan the |
| ||Scan the |
| ||Scan the file |
| ||Scan the root directory with log level set to info.|
You can find the log files in
To change the log level, do as follows:
/opt/sophos-spl/base/etc/logger.confand set the level.
- Restart the plugin by entering
systemctl restart sophos-spl.
You can also override the log level on the command line when you run a scan.