Managing Infected Objects
When a batch virus scan identifies an infected object, it moves it into a quarantine directory.
When a real-time virus scan identifies an infected object, it sets its Scan Status from *REQUIRED to *FAILURE, but does not move it.
To view and manage both types of infected objects, select 31. Work with Infected Files from the Antivirus main menu (STRAV). The Display Infected Files screen appears:
| 7 Files Display Infected Files Sorted by TIME Subset . . Type options, press Enter. 1=Select 2=Restore 4=Delete 5=Display 8=Display attribute Opt Time Detector Object Path 12/09/22 9:32 Real-Time eicar.com2 /home/orenc/test/notexclude/eicar.com2 13/09/22 17:30 Real-Time eicar.com /home/orenc/test/notexclude/eicar.com 19/09/22 9:24 SCANAV eicar.com /home/orenc/test/notexclude/eicar.com 19/09/22 9:25 SCANAV eicar.com2 /home/orenc/test/notexclude/eicar.com2 19/09/22 13:31 Real-Time eicar.com /home/orenc/test/notexclude/eicar.com 19/09/22 13:33 Real-Time eicar.com /home/orenc/test/notexclude/eicar.com 19/09/22 13:35 Real-Time eicar.com /home/orenc/test/notexclude/eicar.com Bottom F3=Exit F5=Refresh F13=Repeat F14=Clear repeat F16=Resequence (by cursor position) |
The body of the screen shows each detected item. If viruses were detected for an item more than once (if, for example, one had been detected then cleared but the file had been defected again), it contains a separate line for each time that viruses were detected for the item.
For each instance, it shows the data and time of the detection, the file name and path name of the file, and whether the virus was detected in real-time or via a scheduled batch scan.
To restore a file that had been quarantined by a batch scan to its original location, enter 2 in the Opt field of its line.
To restore the scan status of a file that had been detected by a real-time scan from *FAILURE to *REQUIRED, enter 2 in the Opt field of its line.
To delete a quarantined file, enter 4 in the Opt field of its line.
To display general information about a file, enter 5 in the Opt field of its line. The standard Work with Object Links screen appears.
To display detailed information about a file, enter 8 in the Opt field of its line. The Display Attributes screen appears, with several pages of information, as shown below:
| Display Attributes Object . . . . . . : /home/orenc/test/notexclude/eicar.com2 Type . . . . . . . . . . . . . . . . . : STMF Owner . . . . . . . . . . . . . . . . : AV System object is on . . . . . . . . . : Local Auxiliary storage pool . . . . . . . . : 1 Object overflowed . . . . . . . . . : No Coded character set ID . . . . . . . . : 1208 Hidden file . . . . . . . . . . . . . : No PC system file . . . . . . . . . . . . : No Read only . . . . . . . . . . . . . . : No Need to archive (PC) . . . . . . . . . : Yes Need to archive (System) . . . . . . . : Yes More... Press Enter to continue. F3=Exit F12=Cancel F22=Display entire field |
| Display Attributes Object . . . . . . : /home/orenc/test/notexclude/eicar.com2 Creation date/time . . . . . . . . . . : 19/09/22 13:35:02 Last access date/time . . . . . . . . : 19/09/22 13:35:02 Data change date/time . . . . . . . . : 19/09/22 13:35:02 Attribute change date/time . . . . . . : 19/09/22 13:35:02 Size of object data in bytes . . . . . : 68 Allocated size of object . . . . . . . : 8192 File format . . . . . . . . . . . . . : *TYPE2 Size of extended attributes . . . . . : 0 Storage freed . . . . . . . . . . . . : No Temporary object . . . . . . . . . . . : No Disk storage option . . . . . . . . . : *NORMAL Main storage option . . . . . . . . . : *NORMAL Auditing value . . . . . . . . . . . . : *NONE More... Press Enter to continue. F3=Exit F12=Cancel F22=Display entire field |
| Display Attributes Object . . . . . . : /home/orenc/test/notexclude/eicar.com2 Authority collection value . . . . . . : *NONE Object domain . . . . . . . . . . . . : *SYSTEM Number of hard links . . . . . . . . . : 1 Set effective user ID . . . . . . . . : No Set effective group ID . . . . . . . . : No Restricted rename and unlink . . . . . : No Last used date . . . . . . . . . . . . : 19/09/22 Days used count . . . . . . . . . . . : 1 Reset date . . . . . . . . . . . . . : More... Press Enter to continue. F3=Exit F12=Cancel F22=Display entire field |
| Display Attributes Object . . . . . . : /home/orenc/test/notexclude/eicar.com2 Allow write during save . . . . . . . : No Can be saved . . . . . . . . . . . . . : Yes System restricts save . . . . . . . : No Digitally signed . . . . . . . . . . . : No File ID . . . . . . . . . . . . . . . : X'0000000000000001A8A8EF990013F5B8' Object is currently journaled . . . . : No Object scanning . . . . . . . . . . . : *YES Scan status . . . . . . . . . . . . : *REQUIRED System use . . . . . . . . . . . . . . : *NONE Bottom Press Enter to continue. F3=Exit F12=Cancel F22=Display entire field |