Technologies

Engine type details

Under the Technologies menu all the installed engines are listed with their details such as

  • Type of engine. Possible types are

    • Anti-malware engine

    • Archive engine

    • Data Loss Prevention engine

    • Data sanitization engine

    • Filetype detection engine

    • Utility engine

    • Vulnerability detection engine

  • Elapsed time since last update

  • Proportion of active and non-active engines of a particular type

  • Engine version

  • Version of database the engine is currently using

  • Engine status (Active/Non-Active)

images/download/attachments/32847353/image_%282%29.png

Engines can be disabled (and re-enabled afterwards) by clicking on the switch at the end of the line that belongs to that particular engine. When an engine is disabled neither the engine nor the corresponding database package is updated and it will be removed from every node.

Manual updates

To manually trigger update of scan engine and database packages, click on the Update now button.

To provide engine or database packages on your own, select the Upload package option.

images/download/attachments/32847353/image2018-2-1_15-21-38.png

Upload packages


The package should be a ZIP and the descriptor YML file, which can be downloaded with the Update Downloader. Multiple files can be selected.

Engine or database versions that have ever been used on a system won't be accepted as updates.

Configuring engines

Some engines can be configured by using Advanced Engine Configuration. Hover mouse pointer over the line related to the engine to be configured, to let the Edit button to appear (pencil at the end of line) and click on it. The edit page is displayed.

images/download/attachments/32847353/image2018-2-1_15-20-51.png

Put the desired configuration into the text box and click OK.

Available options

Scan engine

Configuration

Note

ClamAV

[engine]
heuristic_scan=1
extract_archive=0
max_file_size=0
max_scan_size=0
enable_pup_scan=0
deep_scan=0
enable_pcre=0

max_file_size: Setting it too high may result in severe damage to the system. Make sure you have enough free memory. Setting to 0 to disable this limit.

max_scan_size: The maximum amount of data to scan for each container file. Certain files (e.g. documents, archives, etc.) may contain other files inside. This options ensure safe processing of this kind of data. Setting it too high may result in severe damage to the system. Make sure you have enough free memory. Setting to 0 to disable this limit.

deep_scan:

0 - Do not scan the whole file if it is a big file
1 - Scan full file, it may take significantly higher time

enable_pcre : only available on the Linux version, enable this configuration will increase the detection rate but may affect performance

Avira

[engine]
heuristic_scan=1
extract_archive=0
detect_all_types=1

heuristic_scan:

0 - Disable heuristic detection.
1 - Lazy heuristic detection. This is the lowest possible mode, detection is not very good, but the false positives number will be low.
2 - Normal heuristic detection.
3 - High heuristic detection. This is the highest possible mode, but the false positives number will be high.

ESET

[engine]
heuristic_scan=1
extract_archive=0
enable_pup_scan=1

 

Ahnlab

[engine]
extract_archive=0
enable_cloud_scan=0
enable_pup_scan=0

 

BitDefender

[engine]
extract_archive=0

 

CYREN

[engine]
extract_archive=0
enable_pup_scan=0

 

QuickHeal

[engine]
heuristic_scan=0
extract_archive=0
mail_heuristic=0
enable_pup_scan=0

mail_heuristic: set 1 to enable scan mail files

Vir.IT eXplorer

[engine]
extract_archive=0
enable_pup_scan=1

 

TotalDefense

[engine]
heuristic_scan=1
extract_archive=0
enable_cloud_scan=0

 

F-Prot

[engine]
heuristic_scan=3
extract_archive=0

heuristic_scan:

0 - No heuristics.
1 - Minimal heuristics - almost no FP chance.
2 - Standard setting.
3 - Higher detection and more FP.
4 - Even higher detection and even more FP.

Ikarus

[engine]
extract_archive=0

 

K7

[engine]
heuristic_scan=0
extract_archive=0

 

TACHYON

[engine]
heuristic_scan=1
extract_archive=0

 

Emsisoft

[engine]
heuristic_scan=1
extract_archive=0
max_file_size=104857600
enable_bd_module=1

extract_archive will not work if enable_bd_module is disabled

Kaspersky

[engine]
heuristic_scan=1
extract_archive=0

heuristic_scan:

0 - Disable heuristic analysis.
1 - Enable light heuristic analysis.
2 - Enable medium heuristic analysis.
3 - Enable deep heuristic analysis.

VirusBlokAda

No configuration

 

Zillya

[engine]
heuristic_scan=0
extract_archive=0
load_extended_database=1

load_extended_daabase: engine will load a larger database

0 - faster initialization, but lower detection rate
1 - higher detection rate, but initialization takes longer (default)

Antiy

[engine]
extract_archive=0
heuristic_scan=0
enable_high_scan=1

enable_high_scan:

0 - lower memory usage
1 - default; high detection rate, but a bit slower and more resources usage

McAfee

[engine]
heuristic_scan=1
extract_archive=0

 

NanoAV

[engine]
extract_archive=0
heuristic_scan=1

 

NETGATE

No configuration

 

Sophos

[engine]
heuristic_scan=1
extract_archive=0
enable_pup_scan=1

 

Aegislab

[engine]
extract_archive=0
enable_cloud_scan=0

 

ByteHero

[engine]
extract_archive=0

 

Filseclab

[engine]
heuristic_scan=1
extract_archive=0

heuristic_scan:

0 - Disable heuristic analysis.
1 - basic mode (default).
2 - static mode (MVM).
3 - dynamic mode (MVM).
4 - full mode (MVM).
5 - use advanced heuristic.

Lavasoft

[engine]
extract_archive=0

 

MSE

[engine]
extract_archive=0

 

STOPzilla

[engine]
extract_archive=0

 

Symantec

[engine]
server=127.0.0.1:1344
heuristic_scan=1
enable_pup_scan=0
extract_archive=0

should not change server value, it's the ip and host where Symantec service is running.

Systweak

[engine]
extract_archive=0

 

Huorong

[engine]
extract_archive=0

 

Trend Micro and Trend Micro House Call

No configuration

 

Xvirus

No configuration

 

  • Values in the table are default values

  • If there is no special note, available values are 0 and 1

  • After applying new configuration, need to wait for 30s-60s for engine reloading

  • nProtect was renamed to TACHYON from 6/20/2018