-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathsavacli.conf
95 lines (84 loc) · 2.75 KB
/
savacli.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# This is the savacli configuration file. It is part of the savacli program to
# scan files and directories for malware.
#
# The default location for this file is /etc/savapi/savacli.conf. Consult the
# savacli(5) manpage for a list of all available configuration options.
#
# savacli was developed by sys4 AG <https://sys4.de>
[savacli]
# Provides the Product ID required to run commands within SAVAPI.
# ProductId = 12345
# Sets the socket where savacli should interface with SAVAPI. The socket may be
# either a TCP socket (IPv4/IPv6) or a UNIX domain socket.
# Socket =
# Socket = unix:/var/run/savapi/savapi
# Socket = inet:127.0.0.1@4444
# Socket = inet6:2001:db8::1@4444
Socket = unix:/var/run/savapi/savapi
# Provides the absolute path to a file where log events should be written to.
# An empty parameter will disable logging.
# LogFile =
LogFile = /var/log/savacli.log
# Sets the type of finding that should be reported by savacli. Possible values
# are: +clean+, +infected+, +error+ und +all+. Values must be given in a
# whitespace or comma separated list. If no LogClass has been specified,
# savacli will disable the report.
# LogClasses =
LogClasses = infected error
# Sets if savacli and SAVAPI run on the same host
# Local =
Local = yes
# Sets the report format. Possible values are: +plain+ or +json+.
# ReportFormat =
ReportFormat = plain
# Instructs savacli to output an optional application summary at the begin of
# its output.
# ReportHeader =
ReportHeader = no
# Instructs savacli to output an optional findings summary at the begin of its
# output.
# ReportSummary =
ReportSummary = no
# Provides a whitespace separated list of one or more absolute paths to
# directories that should be excluded from scanning. You can also provide a
# JSON list, which allows all kinds of special characters in file names.
# ExcludeDirectories =
ExcludeDirectories =
/dev
/proc
/sys
/selinux
/etc/selinux
# Provides a whitespace separated list of one or more absolute paths to files
# that should be excluded from scanning. You can also provide a JSON list,
# which allows all kinds of special characters in directory names.
# ExcludeFiles =
ExcludeFiles = [
"/usr/bin/sudoedit",
"/usr/bin/chsh",
"/usr/bin/locate",
"/usr/bin/sudoreplay",
"/usr/bin/chfn",
"/usr/bin/sudo",
"/sbin/augenrules",
"/sbin/autrace",
"/sbin/autrace",
"/sbin/auditd",
"/sbin/audispd",
"/sbin/unix_update",
"/sbin/auditctl",
"/usr/sbin/useradd",
"/usr/sbin/adduser",
"/usr/sbin/groupmems",
"/usr/sbin/userhelper",
"/usr/sbin/groupadd",
"/usr/sbin/groupmod",
"/usr/sbin/userdel",
"/usr/sbin/tzdata-update",
"/usr/sbin/build-locale-archive",
"/usr/sbin/suexec",
"/usr/sbin/usermod",
"/usr/sbin/glibc_post_upgrade.x86_64",
"/usr/sbin/groupdel",
"/path with spaces/and other, symbols"
]