You can find all configuration files in a configuration directory '/etc/zav/' (or '~/.zav/' for generic installation as non-root). The main configuration file is called 'zavd.conf' and it configres the daemon itself as well as enables other security modules. List of available options is available in man zavd.conf along with all needed descriptions.
After a successful install, ZAVd can be started with a provided configuration. The main configuration file (zavd.conf) is only missing an activation key (UPDATE_KEY), which you can get here, to be able to download updates. If you want to change vital options (ZAVD_USER, ZAVD_GROUP, PATH_xxx), make sure that the user exists and that those paths are accessible and PATH_TMP, PATH_LOG and PATH_VAR are writable by such user.
Basic information can be found in man zavnotify.conf. Due to the limitations of iNotify (kernel event watcher system), following setup is recommended:
- do not watch the entire filesystem - there are too many directories to be watched, iNotify has limitations for watched directories (also, there is no real need for watching entire filesystem on UNIX)
- preferably do not watch big directory structures - iNotify limitation (can be set in /proc/sys/fs/inotify/max_user_watches)
- do not watch temporary paths - iNotify cannot block file operations, scanned file can be deleted before scan is complete
- change access rights of watched directories correctly - files stored in watched directories have to be accessible by ZAVd (see ZAVD_USER), running ZAVd as root is possible, but inadvisable.
Basic information can be found in man zavld.conf. ZAV support for LD_PRELOAD is a different approach to on-access scanning. ZAVNotify uses a process-based security instead of file-base one. It is therefore very suitable for webservers and fileservers (apache, ftp, ...).
Current Virus Activity
If you suspect that a file might be infected and you thus want to determine what a given program is doing, you can send a file for us to analyze. We will evaluate the given program's behavior and send you back detailed results.