Scan compound files

A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.

You can also reduce the compound file scan duration by specifying the following restrictions:

• Restriction on the duration of compound file scan: the application stops scanning a compound file after the specified amount of time.
• Restriction on the maximum size of the compound file to be scanned: the application does not unpack or scan compound files whose size exceeds the specified value.

To configure scanning of compound files, execute the following command:

lightagent scan [--e:a] [--e:b] [--e:<maximum scan time>] [--es:<maximum file size>]

where:

• --e:a – do not scan archives.
• --e:b – do not scan mail databases and email format files.
• --e:<maximum scan time> – do not scan compound files if the scan takes longer than the specified time. Specify the maximum scan duration for a file in seconds.
• --es:<maximum file size> – do not scan compound files if their size exceeds the specified value. Specify the maximum size of a compound object to be scanned, in megabytes.