Avatar of sunhux
sunhux
 asked on

manual way of quarantining a malware / infected file

I have some reservations (ie I'm not certain if it will delete non-malicious files due to
false positive) on a command line AV tool that I'm required to use to scan our UNIX
boxes so governance has instructed that I run the scheduled on-demand scan with
an option to scan in "readonly" mode.

I've seen a case where a jpg file was reported to be an Eicar test virus file so I intend
to review the scan logs weekly & based on human decision & after checking with the
users, manually quarantine files detected as malware/malicious.

Q1:
What's are the safe ways to manually quarantine a suspected file (without deleting
it so that I can recover back in the event users want it)?  Just move the suspected
file to a folder?  Or should I do more like gzip the suspected file so that it could not
be easily accessed/read to minimize the risk as much as possible?

Q2:
My view is besides zipping it up (with a password? & does Solaris zip offers a
password option?), we may need to prefix this zip file with the full folder path
where it was originally located to facilitate "unquarantining".  Any view on this?

Q3:
What's the risk of doing the above manual quarantining as described above?
Manually doing it means there's a time lag/delay.  Perhaps I'll need to amend
/enhance the script that triggers this AV scan to do the quarantining based on
what's reported in the scan log?
Anti-Virus AppsAnti-SpywareUnix OS

Avatar of undefined
Last Comment
John Tsioumpris

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
John Tsioumpris

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23