Kaspersky Security for Virtualization 5.2 Light Agent

Scanning the virtual machine

Protected virtual machines that have the Light Agent for Linux component installed can employ the following tasks that can be managed from the command line:

  • Full scan – thorough scan of the protected virtual machine's operating system, including system memory, startup objects, boot sectors, and all hard drives, removable drives and network drives.
  • Custom scan - a scan of user-selected objects on the protected virtual machine.

You can perform the following actions from the command line, to start and configure scan task settings:

Please note the special considerations when scanning hard links and symbolic links.

In this section:

Full Scan

Custom Scan

Scan compound files

Selecting the action to take on infected files

Using iChecker technology in scans

Configuring advanced settings for scan tasks

Page top
[Topic 132102]

Full Scan

You can start the full scan of all objects of the protected virtual machine's file system, including system memory, startup objects, boot sectors, and all hard drives, removable drives and network drives.

To start a full scan task, execute the following command:

lightagent scan

You can also use a configuration file to run a scan task or start it with advanced settings, allowing to log task-related events to file.

Page top
[Topic 178898]

Custom Scan

You can start a Custom Scan task on a protected virtual machine by specifying the list of files and objects to scan, the file names (or paths to them) or templates of file names (or paths to them).

To start a custom scan task, execute the following command:

lightagent scan [<path to the file or folder>][<path to the file or folder>...][--boot][--memory][--startup][--@:<filelist.lst>]

where:

  • <path to the file or folder> – path to the file or folder that you want to scan for viruses and other malware. You can use masks to specify the path to a file or folder. If you do not specify the paths to files or folders, the application scans all objects of the file system of the protected virtual machine.
  • boot – scan disk boot sectors.
  • memory – scan system memory.
  • startup – scan startup objects.
  • @:<filelist.lst> – scan files from the list. In the text file, specify the files or folders that you want to scan for viruses and other malware by typing them from a new line.

You can also use a configuration file to run a scan task or start it with advanced settings, allowing to log task-related events to file.

Page top
[Topic 178897]

Scan compound files

A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.

You can also reduce the compound file scan duration by specifying the following restrictions:

  • Restriction on the duration of compound file scan: the application stops scanning a compound file after the specified amount of time.
  • Restriction on the maximum size of the compound file to be scanned: the application does not unpack or scan compound files whose size exceeds the specified value.

To configure scanning of compound files, execute the following command:

lightagent scan [--e:a] [--e:b] [--e:<maximum scan time>] [--es:<maximum file size>]

where:

  • --e:a – do not scan archives.
  • --e:b – do not scan mail databases and email format files.
  • --e:<maximum scan time> – do not scan compound files if the scan takes longer than the specified time. Specify the maximum scan duration for a file in seconds.
  • --es:<maximum file size> – do not scan compound files if their size exceeds the specified value. Specify the maximum size of a compound object to be scanned, in megabytes.

Page top
[Topic 132143]

Selecting the action to take on infected files

You can specify the actions that Kaspersky Security will perform when it detects infected files.

To specify actions to take on infected files, execute the following command:

lightagent scan [<path to the file or folder>] [--i<0-4>]

where:

  • <path to the file or folder> – path to the file or folder that you want to scan for viruses and other malware. If you do not specify the paths to files or folders, the application scans all objects of the file system of the protected virtual machine.
  • i0 – on detecting infected files, perform the Inform action. If this parameter is specified, Kaspersky Security informs you about the detection of infected files.
  • i1 – on detecting infected files, perform the Disinfect action. If this parameter is specified, Kaspersky Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application leaves such files unchanged.
  • i2 – on detecting infected files, perform the Disinfect action. Delete if disinfection fails. Skip compound files if they cannot be disinfected or deleted. If this parameter is specified, Kaspersky Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application removes them. If the infected file is part of a compound file and cannot be deleted, the application leaves this file unchanged.
  • i3 – on detecting infected files, perform the Disinfect action. Delete if disinfection fails option is selected by default. If this parameter is specified, Kaspersky Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application removes them. If the infected file is part of a compound file and cannot be deleted, the application deletes the entire compound file. This action is performed by default.
  • i4 – on detecting infected files, perform the Delete action. If this parameter is specified, Kaspersky Security automatically deletes the infected file, having first created a backup copy of the file. If the infected file that is part of a compound file cannot be deleted, the application deletes the entire compound file.
Page top
[Topic 132121]

Using iChecker technology in scans

You can enable usage of iChecker technology during protected virtual machine scanning. iChecker technology increases scanning speed by excluding certain files from scanning. Files are excluded from scanning by using a special algorithm that takes into account the release date of Kaspersky Security databases, the date that the file was last scanned on, and any modifications to the scanning settings. Usage of iChecker technology during protected virtual machine scanning is enabled by default.

To disable usage of iChecker technology, execute the following command:

lightagent scan --iChecker:off

To enable usage of iChecker technology, execute the following command:

lightagent scan --iChecker:on

Page top
[Topic 132162]

Configuring advanced settings for scan tasks

You can use a configuration file to run a scan task or start this task with advanced settings, allowing to log task-related events to file.

To configure advanced scan settings, execute the following command:

lightagent scan [--R[A]:<path to the report file>][--C:<path to the configuration file>]

where:

  • R:<path to the report file> – save only important events that occur during the scan task in the report file. Specify the full path to the file for logging events. The application creates this file and logs events in it.
  • RA:<path to the report file> – save all events that occur during the scan task in the report file. Specify the full path to the file for logging events. The application creates this file and logs events in it.
  • C:<path to the configuration file> – use the settings specified in the configuration file during the scan task. Specify a full path to the configuration file.

    Examples:

    Run a scan task using the settings from the configuration file named config:

    lightagent scan --C:/temp/config

    Example of a configuration file with settings that prescribe a scan of a file named example, while saving information about events that occur during the scan in the file named report.log:

    ./example --RA:/tmp/report.log

Page top

[Topic 178906]