F-SECURE ANTI-VIRUS LINUX SERVER SECURITY Administrator's Manual page 117

CHAPTER F 115
ary action is rename.
fsav must have write access to the file to be disinfected. Dis-
infection is not always possible and fsav may fail to disinfect
a file. Especially, files inside archives cannot be disinfected.
Infected files are renamed to
<original_filename>.virus and clears executable and
SUID bits from the file. Suspected files are renamed to
<original_filename>.suspected. Riskware files are
renamed to <original_filename>.riskware. The user
running the scan must have write access to the directory in
order to rename the file.
The delete action removes the infected/suspected/riskware
file. The user running the scan must have write access to the
directory in order to delete the file.
By default, actions are confirmed before the execution. For
example, for the disinfection fsav asks the following confirma-
tion:
eicar.com: Disinfect? (Yes, No, yes to
All)
where the answer 'Y', 'y', 'Yes' or 'yes' confirms the action.
The answer 'A', 'a', 'All' or 'all' automatically confirms any fur-
ther disinfections. If other actions are enabled, they are still
confirmed unless they are automatically confirmed as well.
Any other answer will not confirm the action and the action is
not taken. An action not taken is treated the same way as an