Scanning for Viruses

Once a static virus file is started, it may become a malicious process and become a security risk of servers. Therefore, scanning static virus files is important in server security protection. HSS virus scan function can scan virus files on servers and provides the following virus scan methods:

Quick Scan: Quick virus scanning tasks can save time and costs. This function scans and removes preset key system files and directories.
Full-disk Scan: A time-consuming full-disk virus scanning can be implemented on servers.
Custom Scan: You can customize virus scanning tasks as required.

Constraints

A virus scan uses a lot of memory, CPU, and I/O resources. Perform this operation during off-peak hours. For details about the resource usage, see How Many CPU and Memory Resources Are Occupied by the Agent When It Performs Scans?
The HSS professional edition only supports quick scan and removal.
A full-disk scan does not check network directories.

Quick Scan

Log in to the management console.
In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
Choose Server Protection > Virus Scan. The Virus Scan page is displayed.
Click Quick Scan. The dialog box is displayed.
Set parameters related to the quick scan task as prompted.
- Task Name: You can customize a task name.
- Select Server: Select the server for which you want to perform quick scan.
  
  A server being scanned cannot be selected for another scan task.
- Handling Policy: Select the handling mode for the detected virus files.
  - Automatic Handling: Virus files that have been further confirmed are automatically isolated. Suspicious files are labeled with suspicious and need to be handled after manual confirmation.
  - Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.
Click Scan and start the scanning task.

Full-disk Scan

Log in to the management console.
In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
Choose Server Protection > Virus Scan.
Click Full-disk Scan. The dialog box is displayed.
Set parameters related to the full-disk scan task as prompted.
- Task Name: You can customize a task name.
- Select Server: Select the server for which you want to perform full-disk scan.
  
  A server being scanned cannot be selected for another scan task.
- Handling Policy: Select the handling mode for the detected virus files.
  - Automatic Handling: Virus files that have been further confirmed are automatically isolated. Suspicious files are labeled with suspicious and need to be handled after manual confirmation.
  - Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.
Click Scan and start the scanning task.

Custom Scan

Log in to the management console.
In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
Choose Server Protection > Virus Scan.
Click Custom Scan.

Set the parameters of the customized antivirus policy as prompted. For more information, see Table 1.

**Table 1** Custom antivirus policy parameters
Parameter	Description
Task Name	Name of a custom antivirus task.
Startup Type	Scan task execution type. Scan Now: Start a scan immediately. Scan Later: Start a scan at the specified time. You can set the start time to a time within one month. Periodic Start: Start a scan periodically based on your settings.
Start	If Startup Type is set to Scan Later, configure this parameter to set the start time of the scan.
Schedule	If Startup Type is set to Periodic Start, configure this parameter to set the scan period.
File Type	Type of the file to be scanned. Currently, the following types of files can be scanned: Executable: executable files and dynamic link libraries (DLLs), such as .exe, .dll, and .so files. Compressed: such as .zip, .rar, and .tar Script: such as .bat, .py, and .ps1 Document: such as TXT, DOC, and PDF Image: such as BMP, JPG, and GIF Audio & Video: such as MP3, MP4, and FLV files
(Optional) Directory Settings	Directory where virus-infected files need to be scanned. If this parameter is not set, full scan is performed by default. Full scan does not cover network directories.
(Optional) Exclude Specified Directories	Directories that do not require virus scan.
Select Server	Servers to be scanned. Servers using any of the following policies cannot be selected: Policy whose Startup Type is Scan Now: A scan is in progress. Policy whose Startup Type is Scan Later: A custom scan policy using the same startup time as the current policy is in effect. Policy whose Startup Type is Periodic Start: A custom periodic scan has been scheduled.
Handling Policy	Select the processing mode for the detected virus files. Automatic Handling: Virus files that have been further confirmed are automatically isolated. Suspicious files are labeled with suspicious and need to be handled after manual confirmation. Manual Handling: Alarms are generated only for detected infected files. You need to manually confirm the files before handling them.

Click Scan and start the scanning task.

Viewing Scan Task Status

Viewing task status
1. On the Virus Scan page, click the Scan tasks to view the execution status of virus scan tasks.
  - To view information about specific scan tasks, configure search criteria in the search box above the scan task list.
  - To stop an ongoing scan task, click Cancel in the Operation column of the task.
  - To retry a failed scan task, click Scan Again in the Operation column of the task.
  Figure 1 Viewing scan tasks
2. Click to view the scan status and number of scanned files of each server.
  - To stop scanning a server, click Cancel in the Operation column of the server.
  - To retry a failed scan on a server, click Scan Again in the Operation column of target server.
Viewing and handling viruses
After a virus scan task is complete, you can manually handle the detected virus files based on service requirements. For details, see Viewing and Handling Viruses.