Configuration on Linux

Armadito AV’s configuration on Linux is stored in two files :

  • /etc/armadito/armadito.conf
  • /etc/armadito/conf.d/on-access-linux.conf

Note

If you have compiled from sources, these configuration files are in your PREFIX directory.

Warning

Configuration presented in this document is used for illustration purposes only.

On-demand scan

You are able to configure how on-demand scan works in /etc/armadito/armadito.conf :

[on-demand]
white-list-dir = "/boot"; "/dev"; "/etc"; "/proc"; "/run"; "/sys"; "/var"
mime-types="*"
modules="clamav"; "moduleH1"
max-size = 10048576
  • white-list-dir : list of directories excluded from on-demand scan.
  • mime-types : MIME types of files scanned during on-demand scan.
  • modules : Modules used by on-demand scan.
  • max-size : Maximum size of scanned files during on-demand scan.

On-access scan

Linux Armadito AV’s on-access scan mainly relies on fanotify API. You can find further information on how it works by reading official man page : fanotify man7.

Configuring on-access scan can be done by modifying /etc/armadito/conf.d/on-access-linux.conf :

[on-access]
enable=1
enable-permission=1
enable-removable-media=1
mount="/home"
directory="/var/tmp"; "/tmp"
white-list-dir = "/bin"; "/boot"; "/dev"; "/etc"; "/lib"; "/lib32"; "/lib64"
mime-types = "application/x-executable"; "application/pdf"; "application/zip"
modules = "clamav"
max-size = 10048576
  • enable : enable (1) or disable (0) on-access scan.
  • enable-permission : enable (1) or disable (0) permission check.
    • If enabled, files detected as malicious will be blocked by Armadito AV.
    • If disabled, files detected as malicious will only be notified.
  • enable-removable-media : enable (1) or disable (0) removable media monitoring.
    • If enabled, removable media mount points will be added on the fly to the monitoring list.
  • mount : list of directories that will be monitored by mount points. I.e. using FAN_MARK_MOUNT.
  • directory : list of directories that will be monitored by recursively marking all subdirectories.
  • white-list-dir : list of directories excluded from on-demand scan.
  • mime-types : MIME types of files scanned during on-demand scan.
  • modules : Modules used by on-demand scan.
  • max-size : Maximum size of scanned files during on-demand scan.

Virus Alerts

When a virus is detected by Armadito AV, an alert report is generated and stored in a defined location. This can be configured by modifying /etc/armadito/armadito.conf :

[alert]
alert-dir = "/var/spool/armadito"
  • alert-dir : directory where scan alerts will be stored.

Quarantine

To isolate infected files, Armadito AV can put detected files in quarantine. /etc/armadito/armadito.conf contains configuration about quarantine :

[quarantine]
enable = 0
quarantine-dir = "/var/lib/armadito/quarantine"
  • enable : enable (1) or disable (0) quarantine.
  • quarantine-dir : directory where will be moved files putted in quarantine.