Configuring Anti-Virus scan settings for a rule

Support

Support for business applications

Kaspersky Security 8.0 for Linux Mail Server

Managing the application through the command line interface using the klms-control utility

Anti-Virus protection

Configuring Anti-Virus scan settings for a rule

August 21, 2023

ID 87300

To configure Anti-Virus scan message processing settings:

Export rule settings to an ХML file using the following command:
# /opt/kaspersky/klms/bin/klms-control \

--get-rule-settings <rule ID> -f <rule settings file name> or

--get-rule-settings <rule name> -n -f <rule settings file name>

The <rule name> should be enclosed in double quotes if it contains blanks.
Open the rule settings ХML file for editing.
Specify the preferred action to be taken by the application on infected messages (messages with Infected status and messages with Probably Infected status that contain potentially malicious objects). To do so, in the <avScanSettings> section, specify the value Skip, Cure, DeleteMessage, DeleteAttachment or Reject for the <infectedFirstAction> setting:
The default action is Cure.
Specify the preferred action to be performed on infected messages (with Infected status) that cannot be disinfected. To do so, in the <avScanSettings> section, specify the value DeleteMessage, DeleteAttachment or Reject for the <infectedSecondAction> setting:
The default action is DeleteAttachment.
Specify the preferred action to be taken on messages with Corrupted and Encrypted status. To do so, in the <avScanSettings> section, specify the value Skip, DeleteMessage, DeleteAttachment or Reject for the following settings:
- <corruptedAction>, if the message has the status Corrupted;
- <encryptedAction>, if the message has the status Encrypted;
The default action for all statuses is Skip.
If you selected the DeleteMessage or DeleteAttachment actions at the previous steps of the procedure, you can configure the application to move a copy of the message to Backup before deleting the message. To do so, in the <asScanSettings> section, specify the value 1 for the following settings:
- <backupInfected>, if an infected or probably infected message is detected;
- <backupCorrupted>, if the message has the status Corrupted;
- <backupEncrypted>, if the message has the status Encrypted.
The default setting for messages with Corrupted and Encrypted status is 0, do not save a copy of the message in Backup.
If you selected Skip, Cure, or DeleteAttachment, at Steps 3–6 of the sequence, you can edit the text of the tag added to the Subject field of the message. To do so, in the <avScanSettings> section, specify the text of the stamp as the value for the following settings:
- <infectedMark>, if the message has status as Infected or Probably Infected;
- <disinfectedMark>, if the message is Disinfected;
- <corruptedMark>, if the message has the status Corrupted;
- <encryptedMark>, if the message has the status Encrypted;
Save the changes made.
To import rule settings from an ХML file, use the following command:
# /opt/kaspersky/klms/bin/klms-control \

--set-rule-settings <rule ID> -f <rule settings file name> or

--set-rule-settings <rule name> -n -f <rule settings file name>

The <rule name> should be enclosed in double quotes if it contains blanks.

If an attachment contains an archive with objects having different scan statuses, all objects of the message or attachment are subject to the same (most severe) action depending on all scan statuses assigned to objects in the archive.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.