Configuring Anti-Virus scan settings for a rule

To configure Anti-Virus scan message processing settings:

  1. Export rule settings to an XML file using the command:

    # /opt/kaspersky/klms/bin/klms-control \

    --get-rule-settings <rule ID> -f <rule settings file name> or

    --get-rule-settings <rule name> -n -f <rule settings file name>

    The <rule name> should be enclosed in double quotes if it contains blanks.

  2. Open the XML file to edit the rule settings.
  3. Specify the preferred action to be taken by the application on infected messages (messages with Infected status and messages with Probably Infected status that contain potentially malicious objects). To do so, in the <avScanSettings> section, specify the value Skip, Cure, DeleteMessage, DeleteAttachment or Reject for the <infectedFirstAction> setting:

    The default action is Cure.

  4. Specify the preferred action to be performed on infected messages (with Infected status) that cannot be disinfected. To do so, in the <avScanSettings> section, specify the value DeleteMessage, DeleteAttachment or Reject for the <infectedSecondAction> setting:

    The default action is DeleteAttachment.

  5. Specify the preferred action to be taken on messages with Corrupted and Encrypted status. To do so, in the <avScanSettings> section, specify the value Skip, DeleteMessage, DeleteAttachment or Reject for the following settings:
    • <corruptedAction>, if the message has the status Corrupted;
    • <encryptedAction>, if the message has the status Encrypted;

    The default action for all statuses is Skip.

  6. If you selected the DeleteMessage or DeleteAttachment actions at the previous steps of the procedure, you can configure the application to move a copy of the message to Backup before deleting the message. To do so, in the <asScanSettings> section, specify the value 1 for the following settings:
    • <backupInfected>, if an infected or probably infected message is detected;
    • <backupCorrupted>, if the message has the status Corrupted;
    • <backupEncrypted>, if the message has the status Encrypted.
  7. The default setting for messages with Corrupted and Encrypted status is 0, do not save a copy of the message in Backup.
  8. If you selected Skip, Cure, or DeleteAttachment, at Steps 3-6 of the sequence, you can edit the text of the tag added to the Subject field of the message. To do so, in the <avScanSettings> section, specify the text of the stamp as the value for the following settings:
    • <infectedMark>, if the message has status as Infected or Probably Infected;
    • <disinfectedMark>, if the message is Disinfected;
    • <corruptedMark>, if the message has the status Corrupted;
    • <encryptedMark>, if the message has the status Encrypted;
  9. Save the changes made.
  10. To import rule settings from an XML file, use the command:

    # /opt/kaspersky/klms/bin/klms-control \

    --set-rule-settings <rule ID> -f <rule settings file name> or

    --set-rule-settings <rule name> -n -f <rule settings file name>

    The <rule name> should be enclosed in double quotes if it contains blanks.

If an attachment contains an archive with objects having different scan statuses, all objects of the message or attachment are subject to the same (most severe) action depending on all scan statuses assigned to objects in the archive.

Page top