Configuring Anti-Virus scan settings for a rule
4 July 2024
ID 87300
To configure Anti-Virus scan message processing settings:
- Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name>
or--get-rule-settings <rule name> -n -f <rule settings file name>
The
<rule name>
should be enclosed in double quotes if it contains blanks. - Open the XML file to edit the rule settings.
- Specify the preferred action to be taken by the application on infected messages (messages with Infected status and messages with Probably Infected status that contain potentially malicious objects). To do so, in the
<avScanSettings>
section, specify the valueSkip, Cure, DeleteMessage, DeleteAttachment
orReject
for the<infectedFirstAction>
setting:The default action is
Cure
. - Specify the preferred action to be performed on infected messages (with Infected status) that cannot be disinfected. To do so, in the
<avScanSettings>
section, specify the valueDeleteMessage, DeleteAttachment
orReject
for the<infectedSecondAction>
setting:The default action is
DeleteAttachment
. - Specify the preferred action to be taken on messages with Corrupted and Encrypted status. To do so, in the
<avScanSettings>
section, specify the valueSkip, DeleteMessage, DeleteAttachment
orReject
for the following settings:<corruptedAction>
, if the message has the status Corrupted;<encryptedAction>
, if the message has the status Encrypted;
The default action for all statuses is
Skip
. - If you selected the
DeleteMessage
orDeleteAttachment
actions at the previous steps of the procedure, you can configure the application to move a copy of the message to Backup before deleting the message. To do so, in the<asScanSettings>
section, specify the value1
for the following settings:<backupInfected>
, if an infected or probably infected message is detected;<backupCorrupted>
, if the message has the status Corrupted;<backupEncrypted>
, if the message has the status Encrypted.
- The default setting for messages with Corrupted and Encrypted status is
0
, do not save a copy of the message in Backup. - If you selected
Skip
,Cure
, orDeleteAttachment
,<avScanSettings>
section, specify the text of the stamp as the value for the following settings:<infectedMark>
, if the message has status as Infected or Probably Infected;<disinfectedMark>
, if the message is Disinfected;<corruptedMark>
, if the message has the status Corrupted;<encryptedMark>
, if the message has the status Encrypted;
- Save the changes made.
- To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name>
or--set-rule-settings <rule name> -n -f <rule settings file name>
The
<rule name>
should be enclosed in double quotes if it contains blanks.
If an attachment contains an archive with objects having different scan statuses, all objects of the message or attachment are subject to the same (most severe) action depending on all scan statuses assigned to objects in the archive.