manual way of quarantining a malware / infected file

I have some reservations (ie I'm not certain if it will delete non-malicious files due to
false positive) on a command line AV tool that I'm required to use to scan our UNIX
boxes so governance has instructed that I run the scheduled on-demand scan with
an option to scan in "readonly" mode.

I've seen a case where a jpg file was reported to be an Eicar test virus file so I intend
to review the scan logs weekly & based on human decision & after checking with the
users, manually quarantine files detected as malware/malicious.

Q1:
What's are the safe ways to manually quarantine a suspected file (without deleting
it so that I can recover back in the event users want it)?  Just move the suspected
file to a folder?  Or should I do more like gzip the suspected file so that it could not
be easily accessed/read to minimize the risk as much as possible?

Q2:
My view is besides zipping it up (with a password? & does Solaris zip offers a
password option?), we may need to prefix this zip file with the full folder path
where it was originally located to facilitate "unquarantining".  Any view on this?

Q3:
What's the risk of doing the above manual quarantining as described above?
Manually doing it means there's a time lag/delay.  Perhaps I'll need to amend
/enhance the script that triggers this AV scan to do the quarantining based on
what's reported in the scan log?
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John TsioumprisSoftware & Systems EngineerCommented:
Personally i would also zip the suspected file...Furthermore i would upload it to VirusTotal

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.