F-SECURE LINUX SECURITY Manual page 132

The default primary action is disinfect and the default secondary action is rename.
fsav must have write access to the file to be disinfected. Disinfection is not always
possible and fsav may fail to disinfect a file. Especially, files inside archives cannot be
disinfected.
Infected files are renamed to <original_filename>.virus and clears execut-
able and SUID
<original_filename>.suspected.
<original_filename>.riskware. The user running the scan must have write
access to the directory in order to rename the file.
The delete action removes the infected/suspected/riskware file. The user running the
scan must have write access to the directory in order to delete the file.
By default, actions are confirmed before the execution. For example, for the disinfec-
tion fsav asks the following confirmation:
eicar.com: Disinfect? (Yes, No, yes to All)
where the answer 'Y', 'y', 'Yes' or 'yes' confirms the action.
The answer 'A', 'a', 'All' or 'all' automatically confirms any further disinfections. If other
actions are enabled, they are still confirmed unless they are automatically confirmed
as well.
Any other answer will not confirm the action and the action is not taken. An action not
taken is treated the same way as an action that failed, i.e. if the user does not want to
take the primary action, the secondary action is tried next.
The action confirmation can be disabled with --auto -option.
WARNINGS
bits from the file. Suspected files
Riskware files
CHAPTER G
are renamed to
are renamed to
G - 13