Zoner Antivirus – The Latest Technology

The program core has a modern design, contains a state-of-the-art code emulator, and boasts a unique heuristic analyzer, designed precisely to meet the threats of today.

NAME

zavnotify.conf - Zoner AntiVirus configuration file for ZAV iNotify module

DESCRIPTION

Zavnotify.conf is the iNotify module configuration file for Zoner AntiVirus daemon (ZAVd). Be sure to read zavd.conf(5) for configuration file format, syntax and semantics. Reading the documentation for iNotify subsystem is optional.

Because of the nature of iNotify event system, all files are checked after a given event (move, close after write, etc.) has occured. Therefore ZAVd cannot block any activity, it can only react to changes on the filesystem. If there are more events coming than the module can handle, a queue overflow will occur.

At the moment, ZAV iNotify module only supports watches based on changes, not reading. Read-based watch would require more sophisticated (and much slower) approach. Instead, scan given directory for any infection and then just watch it for changes and the same security will be provided.

GLOBAL DEFAULTS

This section defines the default values used for all subsequent ZAVNOTIFY_INCLUDE directives. All the ZAVNOTIFY_SCAN_ options are optional (when not used, ZAVd defaults apply).
ZAVNOTIFY_RECURSIVE = [bool]
Watch included directories recursively. Note that every watched directory uses a special descriptor. The number of descriptors per module is limited by '/proc/sys/fs/inotify/max_user_instances' (8192 by default, root can adjust the value).
ZAVNOTIFY_PRESCAN = [bool]
Scan files in watched directory before adding them to active watches. This way you can make sure that watched space is virus-free as the module only scans changes to the filesystem.
ZAVNOTIFY_FILE_TIMEOUT = [time]
The timeout for a single file, including the scanning time and the time spent waiting for a scanner to become available.
ZAVNOTIFY_LOG_STATS = [bool]
Log scan statistics (scan time and scanned size).
Following options specify what to do when a certain result is obtained for a file that caused an event. Possible actions:

IGNORE - no action taken
LOG - just log a message with the filename
MOVE - move the file into ZAVNOTIFY_DIRECTORY
DELETE - remove the file from the fielsystem
LOG_MOVE - both LOG and MOVE
LOG_DELETE - both LOG and DELETE

ZAVNOTIFY_SCANERROR = [enum]
ZAVNOTIFY_CLEAN = [enum]
ZAVNOTIFY_INFECTED = [enum]
ZAVNOTIFY_PROBINFECTED = [enum]
ZAVNOTIFY_SUSPICIOUS = [enum]
ZAVNOTIFY_NONSTANDARD = [enum]
ZAVNOTIFY_UNKNOWN = [enum]
ZAVNOTIFY_TIMEOUT = [enum]
Following options specify the scanning engine parameters that will override ZAVd's default settings. See zavd.conf in SCANNING SETUP for description.
ZAVNOTIFY_SCAN_LEVEL = [enum]
ZAVNOTIFY_SCAN_FULL = [bool]
ZAVNOTIFY_SCAN_HEURISTICS = [bool]
ZAVNOTIFY_SCAN_EMULATION = [bool]
ZAVNOTIFY_SCAN_ARCHIVES = [bool]
ZAVNOTIFY_SCAN_PACKERS = [bool]
ZAVNOTIFY_SCAN_GDL = [bool]
ZAVNOTIFY_SCAN_PHISHING = [bool]
ZAVNOTIFY_SCAN_DEEP = [bool]
ZAVNOTIFY_SCAN_MAX_SIZE = [size]
ZAVNOTIFY_SCAN_MAX_FILES = [int]
ZAVNOTIFY_SCAN_RECURSION = [int]
ZAVNOTIFY_SCAN_TIMEOUT = [time]

INCLUDED DIRECTORIES

This section lists the directories that will be watched for changes. The option is recursive by default, unless ZAVNOTIFY_RECURSE is set to FALSE. You can specify as many directories as you want to, but change the system-wide maximum for watching over than (by default) 8192 directories (including recursion).
ZAVNOTIFY_INCLUDE = [string]

EXCLUDED DIRECTORIES

This section lists the directories that will be omitted when watching a directory for changes recursively. It effectively stops the recursion. But you can still include subdirectories of thusly excluded directory by another ZAVNOTIFY_INCLUDE directive.
ZAVNOTIFY_EXCLUDE = [string]

AUTHOR

Written by Jaromir Smrcek.

BUGS

Report bugs to Jaromir Smrcek <jaromir.smrcek@zoner.com>. Start your 'Subject:' by 'ZAV' and please include the output of 'zavcli -V'.

SEE ALSO

zavd(8), zavd.conf(5), zavcli(1)

Shield your Android

Current Virus Activity

Heuristics13.0%
I-Worm.Runouce.b7.7%
Dropper.Generic2.ANED7.3%
Trojan.Poison-14625.4%
Trojan.Injector.CK2.5%

Current Version

ZAV Core:
20140818-646
ZAV Database:
20171115-2171315
Zoner Antivirus

Zoner Sandbox

If you suspect that a file might be infected and you thus want to determine what a given program is doing, you can send a file for us to analyze. We will evaluate the given program's behavior and send you back detailed results.