Zoner Antivirus – The Latest Technology

The program core has a modern design, contains a state-of-the-art code emulator, and boasts a unique heuristic analyzer, designed precisely to meet the threats of today.

NAME

zavld.conf - Zoner AntiVirus configuration file for ZAV LD_PRELOAD module

DESCRIPTION

Zavld.conf is the LD_PRELOAD module configuration file for Zoner AntiVirus daemon (ZAVd). Be sure to read zavd.conf(5) for configuration file format, syntax and semantics.

ZAV LD_PRELOAD module provides a process-based on-access protection. It uses a library that is preloaded with target program and then sends filedescriptors to ZAVd for scanning, see libzavld(7) for more information. Only changed files are scanned, read-only access is not scanned.

Unlike ZAV iNotify module (which uses a directory-based on-access protection), files cannot be deleted (physically) by other process before they have been scanned, no traversal of directories is needed, ZAVd can access all files that the target application can and no kernel-side module is used.

NOTE: Due to a bug in the Linux kernel in versions <2.6.22, setuid programs cannot access /proc directory and the module cannot work properly. Either upgrade your kernel or install ZAVd as the target user and do not change the user:group settings.

GLOBAL DEFAULTS

This section defines the default values used for all subsequent ZAVLD_DOMAIN directives. All the ZAVLD_SCAN_ options are optional (when not used, ZAVd defaults apply).
ZAVLD_FILE_TIMEOUT = [time]
The timeout for a single file, including the scanning time and the time spent waiting for a scanner to become available.
ZAVLD_LOG_STATS = [bool]
Log scan statistics (scan time and scanned size).

Following options specify what to do when a certain result is obtained for a file that caused an event. Possible actions:

IGNORE - no action taken
LOG - just log a message with the filename
MOVE - move the file into ZAVLD_DIRECTORY
DELETE - remove the file from the filesystem
LOG_MOVE - both LOG and MOVE
LOG_DELETE - both LOG and DELETE

ZAVLD_SCANERROR = [enum]
ZAVLD_CLEAN = [enum]
ZAVLD_INFECTED = [enum]
ZAVLD_PROBINFECTED = [enum]
ZAVLD_SUSPICIOUS = [enum]
ZAVLD_NONSTANDARD = [enum]
ZAVLD_UNKNOWN = [enum]
ZAVLD_TIMEOUT = [enum]
Following options specify the scanning engine parameters that will override ZAVd's default settings. See zavd.conf in SCANNING SETUP for description.
ZAVLD_SCAN_LEVEL = [enum]
ZAVLD_SCAN_FULL = [bool]
ZAVLD_SCAN_HEURISTICS = [bool]
ZAVLD_SCAN_EMULATION = [bool]
ZAVLD_SCAN_ARCHIVES = [bool]
ZAVLD_SCAN_PACKERS = [bool]
ZAVLD_SCAN_GDL = [bool]
ZAVLD_SCAN_PHISHING = [bool]
ZAVLD_SCAN_DEEP = [bool]
ZAVLD_SCAN_MAX_SIZE = [size]
ZAVLD_SCAN_MAX_FILES = [int]
ZAVLD_SCAN_RECURSION = [int]
ZAVLD_SCAN_TIMEOUT = [time]

DOMAINS

This section defines an independent files and scan specification. Every option given in the global section can be used here too.
ZAVLD_DOMAIN = [string]
The name for current section, internal use only. Each section treats its options (including ZAVLD_INCLUDE and ZAVLD_EXCLUDE) independently.
ZAVLD_INCLUDE = [string]
Scan files matching given string. You can use wildcards * and ?, to escape the special meaning use \.
ZAVLD_EXCLUDE = [string]
Do not scan files matching given string even if it matched any ZAVLD_INCLUDE string.

AUTHOR

Written by Jaromir Smrcek.

BUGS

Report bugs to Jaromir Smrcek <jaromir.smrcek@zoner.com>. Start your 'Subject:' by 'ZAV' and please include the output of 'zavcli -V'.

SEE ALSO

zavd(8), zavd.conf(5), zavcli(1), libzavld(7)

Shield your Android

Current Virus Activity

Heuristics13.0%
I-Worm.Runouce.b7.7%
Dropper.Generic2.ANED7.3%
Trojan.Poison-14625.4%
Trojan.Injector.CK2.5%

Current Version

ZAV Core:
20140818-646
ZAV Database:
20170921-2079045
Zoner Antivirus

Zoner Sandbox

If you suspect that a file might be infected and you thus want to determine what a given program is doing, you can send a file for us to analyze. We will evaluate the given program's behavior and send you back detailed results.