Configure the anti-malware quarantine settings.
sentinel --task=antimalware:quarantineOption |
Value | Default | Description |
|---|---|---|---|
--quarantine_hits |
<1|0> | 0 | When enabled the file will be moved to quarantine and an alert will be sent otherwise just send out an alert. |
--quarantine_clean |
<1|0> | 0 | Try to clean string based malware injections. NOTE: quarantine hits must be enabled. |
--quarantine_suspend_user |
<1|0> | 0 | The default suspend action for users wih hits. When enabled a users shell access will be disabled via the command: /usr/sbin/usermod -s /bin/false user |
--quarantine_suspend_user_minuid |
<digit> | 10000 | The minimum userid value that can be suspended. |
--quarantine_on_error |
<1|0> | 1 | When using an external scan engine, such as ClamAV, should files be quarantined if an error from the scanner engine is received? This is defaulted to 1, always quarantine, as ClamAV generates an error exit code for trivial errors such as file not found. As such, a large percentage of scans will have ClamAV exiting with error code 2. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// enable the quarantine
sentinel --task=antimalware:quarantine --quarantine_hits=1 --restart=yes
// reset quarantine_hits back to its default value
sentinel --task=antimalware:quarantine --default_option=quarantine_hits --restart=yes
// reset all settings to their default values
sentinel --task=antimalware:quarantine --default=yes --restart=yes