Engines

Engine details

Under the Engines menu all the installed engines are listed with their details such as

  • Name of engine

  • Type of engine. Possible types are

    • Archive engine

    • Anti-malware engine

    • Data sanitization engine

    • Filetype detection engine

    • Utility engine

    • Vulnerability detection engine

  • Platform the engine runs on

  • Engine version

  • Version of database the engine is currently using

  • Engine status (Active/Non-Active)

images/download/attachments/23021932/engines.jpg Engines

Engines can be disabled (and re-enabled afterwards) by clicking on the cross button. When an engine is disabled neither the engine nor the corresponding database package is updated and it will be removed from every node. Status of the engine is displayed by green mark sign, red cross sign or grey cross sign meaning the engine is active, not active or disabled accordingly.

Manual updates

To manually trigger update of scan engine and database packages, click on the Update now button.

To provide engine or database packages on your own, select the Upload package option.

images/download/attachments/23021932/image2018-2-1_15-21-38.png

Upload packages


The package should be a ZIP and the descriptor YML file, which can be downloaded with the Update Downloader. Multiple files can be selected.

Engine or database versions that have ever been used on a system won't be accepted as updates.

Configuring engines

Some engines can be configured by using Advanced Engine Configuration. Hover mouse pointer over the line related to the engine to be configured, to let the Edit button to appear (pencil at the end of line) and click on it. The edit page is displayed.

images/download/attachments/23021932/image2018-2-1_15-20-51.png

Put the desired configuration into the text box and click OK.

Available options

Scan engine

Configuration

Note

ClamAV

[engine]
heuristic_scan=1
extract_archive=0
max_file_size=0
max_scan_size=0
enable_pup_scan=0
deep_scan=0

max_file_size: Setting it too high may result in severe damage to the system. Make sure you have enough free memory. Setting to 0 to disable this limit. Default value is 524288000 bytes.

max_scan_size: The maximum amount of data to scan for each container file. Certain files (e.g. documents, archives, etc.) may in turn contain other files inside. This options ensure safe processing of this kind of data..Setting it too high may result in severe damage to the system. Make sure you have enough free memory. Setting to 0 to disable this limit. Default value is 524288000 bytes.

deep_scan:

0 - Do not scan the whole file if it is a big file
1 - Scan full file, it may take significantly higher time

Avira

[engine]
heuristic_scan=1
extract_archive=0
detect_all_types=1

heuristic_scan:

0 - Disable heuristic detection.
1 - Lazy heuristic detection. This is the lowest possible mode, detection is not very good, but the false positives number will be low.
2 - Normal heuristic detection.
3 - High heuristic detection. This is the highest possible mode, but the false positives number will be high.

ESET

[engine]
heuristic_scan=1
extract_archive=0
enable_pup_scan=1

 

Ahnlab

[engine]
extract_archive=0
enable_cloud_scan=0
enable_pup_scan=0

 

BitDefender

[engine]
extract_archive=0

 

CYREN

[engine]
extract_archive=0
enable_pup_scan=0

 

QuickHeal

[engine]
heuristic_scan=0
extract_archive=0
mail_heuristic=0
enable_pup_scan=0

mail_heuristic: set 1 to enable scan mail files

Vir.IT eXplorer

[engine]
extract_archive=0
enable_pup_scan=1

 

TotalDefense

[engine]
heuristic_scan=1
extract_archive=0
enable_cloud_scan=0

 

F-Prot

[engine]
heuristic_scan=3
extract_archive=0

heuristic_scan:

0 - No heuristics.
1 - Minimal heuristics - almost no FP chance.
2 - Standard setting.
3 - Higher detection and more FP.
4 - Even higher detection and even more FP.

Ikarus

[engine]
extract_archive=0

 

K7

[engine]
heuristic_scan=0
extract_archive=0

 

TACHYON

[engine]
heuristic_scan=1
extract_archive=0

 

Emsisoft

[engine]
heuristic_scan=1
extract_archive=0
max_file_size=104857600
enable_bd_module=1

extract_archive will not work if enable_bd_module is disabled

Kaspersky

[engine]
heuristic_scan=1
extract_archive=0

heuristic_scan:

0 - Disable heuristic analysis.
1 - Enable light heuristic analysis.
2 - Enable medium heuristic analysis.
3 - Enable deep heuristic analysis.

VirusBlokAda

No configuration

 

Zillya

[engine]
heuristic_scan=0
extract_archive=0
load_extended_database=1

load_extended_daabase: engine will load a larger database

0 - faster initialization, but lower detection rate
1 - higher detection rate, but initialization takes longer (default)

Antiy

[engine]
extract_archive=0
heuristic_scan=0
enable_high_scan=1

enable_high_scan:

0 - lower memory usage
1 - default; high detection rate, but a bit slower and more resources usage

McAfee

[engine]
heuristic_scan=1
extract_archive=0

 

NanoAV

[engine]
extract_archive=0
heuristic_scan=1

 

NETGATE

No configuration

 

Sophos

[engine]
heuristic_scan=1
extract_archive=0
enable_pup_scan=1

 

Aegislab

[engine]
extract_archive=0
enable_cloud_scan=0

 

ByteHero

[engine]
extract_archive=0

 

Filseclab

[engine]
heuristic_scan=1
extract_archive=0

heuristic_scan:

0 - Disable heuristic analysis.
1 - basic mode (default).
2 - static mode (MVM).
3 - dynamic mode (MVM).
4 - full mode (MVM).
5 - use advanced heuristic.

Lavasoft

[engine]
extract_archive=0

 

MSE

[engine]
extract_archive=0

 

STOPzilla

[engine]
extract_archive=0

 

Symantec

[engine]
server=127.0.0.1:1344
enable_cloud_scan=0
heuristic_scan=1
enable_pup_scan=0

should not change server value, it's the ip and host where Symantec service is running.

Systweak

[engine]
extract_archive=0

 

Huorong

[engine]
extract_archive=0

 

Trend Micro and Trend Micro House Call

No configuration

 

Xvirus

No configuration

 

  • Values in the table are default values

  • If there is no special note, available values are 0 and 1

  • After applying new configuration, need to wait for 30s-60s for engine reloading

  • nProtect was renamed to TACHYON from 6/20/2018