Configuring file server scans (Linux)

This Article Applies to:

  • Avast Business Antivirus

Avast-fss manual page

Avast-fss provides real-time scanning of files written to any of the monitored mountpoints. Avast-fss is based on the fanotify access notification system available on Linux kernels 2.6.37+.

The scan tool is a client that connects to the Avast scan service; it cannot work separately without a running scan service.

The manual scan page format is:

avast-fss [OPTIONS

Options

  • -h: Print short usage info and exit
  • -v: Print the program version and exit
  • -c FILE: Set configuration file path to FILE. The default configuration file is /etc/avast/fss.conf
  • -n: Do not daemonize

Configuration file

The configuration file format is a .ini consisting of KEYWORD = VALUE entries, each on a separate line. Lines beginning with ";" are treated as comments and ignored. Keys may be grouped into arbitrarily named sections, where the section name appears on a line by itself in square brackets.

The configuration consists of two parts - the global configuration options and the monitoring configuration. The sample configuration below shows all available global configuration options and their default values followed by some examples of monitoring (and monitoring exclude) entries.

Global parameters

  • RUN_DIR: Run directory. The PID file is stored here
  • SOCKET: Path to the Avast service UNIX socket
  • LOG_FILE: Path to the virus log file
  • CHEST: Path to the chest directory. The chest directory is where the detected malicious files are moved. If the chest directory is located on a monitored mountpoint, it is automatically added to the excluded paths on startup
  • SCANNERS: Number of parallel running scans. Set this option to the number of CPU cores to get the best performance
  • UNLIMITED_QUEUE: If set to 1, avast-fss disables the limit on the fanotify event queue size

Monitors

  • SCAN: A mountpoint (path) that shall be monitored by avast-fss. If the given path is not a system mountpoint, it is automatically converted to the corresponding mountpoint
  • EXCL: A path to be excluded from monitoring