Scanning ISO/QCOW2 files with Linux version of Sophos

Hello Anthony Lenzo,

ISO isn't a supported archive format. To scan its contents you have, as you tried, to mount the iso.

I get an error
which error? Could you show the error and also the exact command line you're using?

Christian

Hi Christian 

This is what I been doing 

guestmount -a file.qcow2 -i --ro mnt

Then I ran savscan /mnt

[root@public-cloud-test ~]# savscan /mnt
SAVScan virus detection utility
Version 5.63.0 [Linux/AMD64]
Virus data version 5.69, October 2019
Includes detection for 43354067 viruses, Trojans and worms
Copyright (c) 1989-2019 Sophos Limited. All rights reserved.

System time 01:30:37 PM, System date 12 November 2019

IDE directory is: /opt/sophos-av/lib/sav

Using IDE file dneti-ie.ide
Using IDE file spy-ayj.ide
Using IDE file qbot-fd.ide
Using IDE file bckd-rwg.ide
Using IDE file docd-vvm.ide
Using IDE file ryuk-v.ide
Using IDE file qakbo-dk.ide
Using IDE file trick-sx.ide
Using IDE file rtfd-alm.ide
Using IDE file docd-vwh.ide
Using IDE file drid-acd.ide
Using IDE file keylo-xu.ide
Using IDE file emot-bjo.ide
Using IDE file blada-rx.ide
Using IDE file emot-bfj.ide
Using IDE file hawke-uc.ide
Using IDE file zbot-nhi.ide
Using IDE file msil-miz.ide
Using IDE file emot-bjp.ide
Using IDE file steal-sa.ide
Using IDE file delf-hda.ide
Using IDE file phis-fjh.ide
Using IDE file htmld-kw.ide
Using IDE file nemty-c.ide
Using IDE file delf-hds.ide
Using IDE file phis-fkc.ide
Using IDE file zbot-nid.ide
Using IDE file qakbo-dl.ide
Using IDE file azoru-ck.ide
Using IDE file phorpi-o.ide
Using IDE file docd-uib.ide
Using IDE file netwi-nu.ide
Using IDE file psdl-dw.ide
Using IDE file emot-bib.ide
Using IDE file emot-bkm.ide
Using IDE file emot-bkp.ide
Using IDE file hawke-zf.ide
Using IDE file docd-urj.ide
Using IDE file keylo-xt.ide
Using IDE file offdde-j.ide
Using IDE file emot-blh.ide
Using IDE file emot-bli.ide
Using IDE file phis-gcp.ide
Using IDE file msil-mxy.ide
Using IDE file dneti-jc.ide
Using IDE file msil-mxz.ide
Using IDE file nanoc-pg.ide
Using IDE file azoru-cm.ide
Using IDE file lokib-du.ide
Using IDE file hawke-zi.ide
Using IDE file formb-sj.ide
Using IDE file fare-iyd.ide
Using IDE file emot-blq.ide
Using IDE file azoru-cq.ide
Using IDE file steal-we.ide
Using IDE file teslaa-r.ide
Using IDE file bank-gys.ide
Using IDE file formb-sl.ide
Using IDE file vb-kmp.ide
Using IDE file retefe-p.ide
Using IDE file wont-afq.ide
Using IDE file nemty-d.ide
Using IDE file teslaa-y.ide
Using IDE file emot-bms.ide
Using IDE file veil-aj.ide
Using IDE file emot-bmw.ide
Using IDE file azoru-cw.ide
Using IDE file psagen-l.ide
Using IDE file emot-bna.ide
Using IDE file age-bckl.ide
Using IDE file msil-mzc.ide
Using IDE file dneti-ke.ide
Using IDE file keylo-yg.ide
Using IDE file fare-ipq.ide
Using IDE file tesla-f.ide
Using IDE file steale-k.ide
Using IDE file swror-da.ide
Using IDE file tesla-ad.ide
Using IDE file hawke-zo.ide
Using IDE file emot-bnj.ide
Using IDE file fare-jaj.ide
Using IDE file blada-cr.ide
Using IDE file lokib-da.ide
Using IDE file hawke-zy.ide
Using IDE file danab-am.ide
Using IDE file tesla-an.ide
Using IDE file emot-bmc.ide
Using IDE file nanoc-zi.ide
Using IDE file emot-bnv.ide
Using IDE file emot-bob.ide
Using IDE file steale-r.ide
Using IDE file emot-boi.ide
Using IDE file fare-jbe.ide
Using IDE file emot-bok.ide
Using IDE file steale-w.ide
Using IDE file emot-bol.ide
Using IDE file tesla-bi.ide
Using IDE file recam-eg.ide
Using IDE file rtfd-apa.ide
Using IDE file tesla-b.ide
Using IDE file rtfdr-ja.ide
Using IDE file nanoc-yr.ide
Using IDE file dneti-lr.ide
Using IDE file rans-frg.ide
Using IDE file tesla-bl.ide
Using IDE file hawkey-m.ide
Using IDE file tesla-bu.ide
Using IDE file sinow-cl.ide
Using IDE file docd-wbk.ide
Using IDE file fake-hhk.ide
Using IDE file dneti-ly.ide
Using IDE file emot-bpl.ide
Using IDE file emot-bpm.ide
Using IDE file tesla-ct.ide
Using IDE file swror-dd.ide
Using IDE file recam-ek.ide
Using IDE file lokib-ee.ide
Using IDE file nanoc-zx.ide
Using IDE file criakl-i.ide
Using IDE file kelih-br.ide
Using IDE file rans-frj.ide
Using IDE file hawke-aa.ide
Using IDE file rans-frm.ide
Using IDE file scarab-s.ide
Using IDE file tesla-dl.ide
Using IDE file rans-frp.ide
Using IDE file docd-wdq.ide
Using IDE file msil-nan.ide
Using IDE file zbot-ntj.ide
Using IDE file dwnl-yyo.ide
Using IDE file mdro-ixf.ide
Using IDE file zbot-ntk.ide
Using IDE file nano-aae.ide
Using IDE file mdro-ixh.ide
Using IDE file mht-f.ide
Using IDE file msili-dq.ide
Using IDE file rtfd-aqs.ide
Using IDE file remco-nc.ide
Using IDE file tofse-da.ide
Using IDE file steal-ah.ide
Using IDE file zbot-nuh.ide
Using IDE file hawke-am.ide
Using IDE file tesla-i.ide
Using IDE file azoru-cy.ide
Using IDE file emot-bsa.ide
Using IDE file distea-b.ide
Using IDE file zbot-nun.ide
Using IDE file formb-tp.ide
Using IDE file tesla-et.ide
Using IDE file docph-ix.ide
Using IDE file msil-nbp.ide
Using IDE file docd-wdf.ide
Using IDE file blada-eu.ide
Using IDE file rans-frk.ide
Using IDE file tesla-ew.ide
Using IDE file tesla-ex.ide
Using IDE file phis-gjb.ide
Using IDE file msil-nbt.ide
Using IDE file rtfd-ark.ide
Using IDE file nano-aaq.ide
Using IDE file darkc-iu.ide
Using IDE file emot-bsm.ide
Using IDE file blada-fb.ide
Using IDE file rans-frz.ide
Using IDE file tesla-fe.ide
Using IDE file trolde-g.ide
Using IDE file phis-gkb.ide
Using IDE file fake-hhy.ide
Using IDE file emot-bti.ide
Using IDE file drid-acg.ide
Using IDE file dneti-nc.ide
Using IDE file phis-gkg.ide
Using IDE file nano-abg.ide
Using IDE file mdro-ixr.ide
Using IDE file inje-etd.ide
Using IDE file emot-bue.ide
Using IDE file hawke-ax.ide
Using IDE file phis-gkp.ide
Using IDE file zbot-nvv.ide
Using IDE file psdl-ec.ide
Using IDE file hawke-ay.ide
Using IDE file steal-at.ide
Using IDE file emot-buk.ide
Using IDE file tesla-gd.ide
Using IDE file fare-jdk.ide
Using IDE file darkc-iw.ide
Using IDE file trick-ur.ide
Using IDE file mdro-ixu.ide
Using IDE file msili-ed.ide
Using IDE file keylo-ys.ide

0 files scanned in 6 seconds.
No viruses were discovered.
End of Scan.

Which came back to quickly, to scan all those files. 

Next I ran  savscan /mnt/*  

[root@public-cloud-test ~]# savscan /mnt/*
SAVScan virus detection utility
Version 5.63.0 [Linux/AMD64]
Virus data version 5.69, October 2019
Includes detection for 43354067 viruses, Trojans and worms
Copyright (c) 1989-2019 Sophos Limited. All rights reserved.

System time 01:31:06 PM, System date 12 November 2019

IDE directory is: /opt/sophos-av/lib/sav

Using IDE file dneti-ie.ide
Using IDE file spy-ayj.ide
Using IDE file qbot-fd.ide
Using IDE file bckd-rwg.ide
Using IDE file docd-vvm.ide
Using IDE file ryuk-v.ide
Using IDE file qakbo-dk.ide
Using IDE file trick-sx.ide
Using IDE file rtfd-alm.ide
Using IDE file docd-vwh.ide
Using IDE file drid-acd.ide
Using IDE file keylo-xu.ide
Using IDE file emot-bjo.ide
Using IDE file blada-rx.ide
Using IDE file emot-bfj.ide
Using IDE file hawke-uc.ide
Using IDE file zbot-nhi.ide
Using IDE file msil-miz.ide
Using IDE file emot-bjp.ide
Using IDE file steal-sa.ide
Using IDE file delf-hda.ide
Using IDE file phis-fjh.ide
Using IDE file htmld-kw.ide
Using IDE file nemty-c.ide
Using IDE file delf-hds.ide
Using IDE file phis-fkc.ide
Using IDE file zbot-nid.ide
Using IDE file qakbo-dl.ide
Using IDE file azoru-ck.ide
Using IDE file phorpi-o.ide
Using IDE file docd-uib.ide
Using IDE file netwi-nu.ide
Using IDE file psdl-dw.ide
Using IDE file emot-bib.ide
Using IDE file emot-bkm.ide
Using IDE file emot-bkp.ide
Using IDE file hawke-zf.ide
Using IDE file docd-urj.ide
Using IDE file keylo-xt.ide
Using IDE file offdde-j.ide
Using IDE file emot-blh.ide
Using IDE file emot-bli.ide
Using IDE file phis-gcp.ide
Using IDE file msil-mxy.ide
Using IDE file dneti-jc.ide
Using IDE file msil-mxz.ide
Using IDE file nanoc-pg.ide
Using IDE file azoru-cm.ide
Using IDE file lokib-du.ide
Using IDE file hawke-zi.ide
Using IDE file formb-sj.ide
Using IDE file fare-iyd.ide
Using IDE file emot-blq.ide
Using IDE file azoru-cq.ide
Using IDE file steal-we.ide
Using IDE file teslaa-r.ide
Using IDE file bank-gys.ide
Using IDE file formb-sl.ide
Using IDE file vb-kmp.ide
Using IDE file retefe-p.ide
Using IDE file wont-afq.ide
Using IDE file nemty-d.ide
Using IDE file teslaa-y.ide
Using IDE file emot-bms.ide
Using IDE file veil-aj.ide
Using IDE file emot-bmw.ide
Using IDE file azoru-cw.ide
Using IDE file psagen-l.ide
Using IDE file emot-bna.ide
Using IDE file age-bckl.ide
Using IDE file msil-mzc.ide
Using IDE file dneti-ke.ide
Using IDE file keylo-yg.ide
Using IDE file fare-ipq.ide
Using IDE file tesla-f.ide
Using IDE file steale-k.ide
Using IDE file swror-da.ide
Using IDE file tesla-ad.ide
Using IDE file hawke-zo.ide
Using IDE file emot-bnj.ide
Using IDE file fare-jaj.ide
Using IDE file blada-cr.ide
Using IDE file lokib-da.ide
Using IDE file hawke-zy.ide
Using IDE file danab-am.ide
Using IDE file tesla-an.ide
Using IDE file emot-bmc.ide
Using IDE file nanoc-zi.ide
Using IDE file emot-bnv.ide
Using IDE file emot-bob.ide
Using IDE file steale-r.ide
Using IDE file emot-boi.ide
Using IDE file fare-jbe.ide
Using IDE file emot-bok.ide
Using IDE file steale-w.ide
Using IDE file emot-bol.ide
Using IDE file tesla-bi.ide
Using IDE file recam-eg.ide
Using IDE file rtfd-apa.ide
Using IDE file tesla-b.ide
Using IDE file rtfdr-ja.ide
Using IDE file nanoc-yr.ide
Using IDE file dneti-lr.ide
Using IDE file rans-frg.ide
Using IDE file tesla-bl.ide
Using IDE file hawkey-m.ide
Using IDE file tesla-bu.ide
Using IDE file sinow-cl.ide
Using IDE file docd-wbk.ide
Using IDE file fake-hhk.ide
Using IDE file dneti-ly.ide
Using IDE file emot-bpl.ide
Using IDE file emot-bpm.ide
Using IDE file tesla-ct.ide
Using IDE file swror-dd.ide
Using IDE file recam-ek.ide
Using IDE file lokib-ee.ide
Using IDE file nanoc-zx.ide
Using IDE file criakl-i.ide
Using IDE file kelih-br.ide
Using IDE file rans-frj.ide
Using IDE file hawke-aa.ide
Using IDE file rans-frm.ide
Using IDE file scarab-s.ide
Using IDE file tesla-dl.ide
Using IDE file rans-frp.ide
Using IDE file docd-wdq.ide
Using IDE file msil-nan.ide
Using IDE file zbot-ntj.ide
Using IDE file dwnl-yyo.ide
Using IDE file mdro-ixf.ide
Using IDE file zbot-ntk.ide
Using IDE file nano-aae.ide
Using IDE file mdro-ixh.ide
Using IDE file mht-f.ide
Using IDE file msili-dq.ide
Using IDE file rtfd-aqs.ide
Using IDE file remco-nc.ide
Using IDE file tofse-da.ide
Using IDE file steal-ah.ide
Using IDE file zbot-nuh.ide
Using IDE file hawke-am.ide
Using IDE file tesla-i.ide
Using IDE file azoru-cy.ide
Using IDE file emot-bsa.ide
Using IDE file distea-b.ide
Using IDE file zbot-nun.ide
Using IDE file formb-tp.ide
Using IDE file tesla-et.ide
Using IDE file docph-ix.ide
Using IDE file msil-nbp.ide
Using IDE file docd-wdf.ide
Using IDE file blada-eu.ide
Using IDE file rans-frk.ide
Using IDE file tesla-ew.ide
Using IDE file tesla-ex.ide
Using IDE file phis-gjb.ide
Using IDE file msil-nbt.ide
Using IDE file rtfd-ark.ide
Using IDE file nano-aaq.ide
Using IDE file darkc-iu.ide
Using IDE file emot-bsm.ide
Using IDE file blada-fb.ide
Using IDE file rans-frz.ide
Using IDE file tesla-fe.ide
Using IDE file trolde-g.ide
Using IDE file phis-gkb.ide
Using IDE file fake-hhy.ide
Using IDE file emot-bti.ide
Using IDE file drid-acg.ide
Using IDE file dneti-nc.ide
Using IDE file phis-gkg.ide
Using IDE file nano-abg.ide
Using IDE file mdro-ixr.ide
Using IDE file inje-etd.ide
Using IDE file emot-bue.ide
Using IDE file hawke-ax.ide
Using IDE file phis-gkp.ide
Using IDE file zbot-nvv.ide
Using IDE file psdl-ec.ide
Using IDE file hawke-ay.ide
Using IDE file steal-at.ide
Using IDE file emot-buk.ide
Using IDE file tesla-gd.ide
Using IDE file fare-jdk.ide
Using IDE file darkc-iw.ide
Using IDE file trick-ur.ide
Using IDE file mdro-ixu.ide
Using IDE file msili-ed.ide
Using IDE file keylo-ys.ide

Could not open /mnt/*

0 files scanned in 6 seconds.
1 error was encountered.
No viruses were discovered.
End of Scan.

Which here I get the error. 

Just want to know what options I need to add so I am sure I scanning all content in /mnt

Also is there a way to install Sophos for Linux bypassing all the questions it asks when installing?  

Hello Anthony Lenzo,

Could not open /mnt/*
is the message you get when the /mnt/ directory is empty. What does ls /mnt/* give?

install [...] bypassing all the questions
Please see the articles about mkinstpkg and the Additional installer options for install.sh and mkinstpkg.

Christian

Hi Christian 

Nope the /mnt directory is full of content 

root@public-cloud-test /]# cd /mnt
[root@public-cloud-test mnt]# ll
total 104
dr-xr-xr-x. 20 root root 4096 Apr 23 2019 .
dr-xr-xr-x. 37 root root 4096 Nov 13 08:53 ..
lrwxrwxrwx. 1 root root 7 Apr 23 2019 bin -> usr/bin
dr-xr-xr-x. 4 root root 4096 Apr 23 2019 boot
drwxr-xr-x. 2 root root 4096 Apr 23 2019 dev
drwxr-xr-x. 116 root root 12288 Apr 23 2019 etc
drwxr-xr-x. 3 root root 4096 Apr 23 2019 export
-rw-r--r--. 1 root root 6 Apr 23 2019 fsckoptions
drwxr-xr-x. 6 root root 4096 Apr 23 2019 home
lrwxrwxrwx. 1 root root 7 Apr 23 2019 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Apr 23 2019 lib64 -> usr/lib64
drwx------. 2 root root 16384 Apr 23 2019 lost+found
drwxr-xr-x. 2 root root 4096 Dec 14 2017 media
drwxr-xr-x. 3 root root 4096 Apr 23 2019 mnt
drwxr-xr-x. 2 root root 4096 Apr 23 2019 nfs_root
drwxr-xr-x. 5 root root 4096 Apr 23 2019 opt
drwxr-xr-x. 2 root root 4096 Apr 23 2019 proc
dr-xr-x---. 5 root root 4096 Apr 23 2019 root
drwxr-xr-x. 2 root root 4096 Apr 23 2019 run
lrwxrwxrwx. 1 root root 8 Apr 23 2019 sbin -> usr/sbin
drwxr-xr-x. 2 root root 4096 Dec 14 2017 srv
drwxr-xr-x. 2 root root 4096 Apr 23 2019 sys
drwxrwxrwt. 12 root root 4096 Apr 23 2019 tmp
drwxr-xr-x. 14 root root 4096 Apr 23 2019 usr
drwxr-xr-x. 24 root root 4096 Apr 23 2019 var

For the scan of /mnt/* 

[root@public-cloud-test /]# savscan /mnt/*
SAVScan virus detection utility
Version 5.63.0 [Linux/AMD64]
Virus data version 5.69, October 2019
Includes detection for 43354186 viruses, Trojans and worms
Copyright (c) 1989-2019 Sophos Limited. All rights reserved.

System time 09:31:45 AM, System date 13 November 2019

IDE directory is: /opt/sophos-av/lib/sav

<list all the ".ide" files program used>

Quick Scanning

Could not open /mnt/bin
Could not open /mnt/boot
Could not open /mnt/dev
Could not open /mnt/etc
Could not open /mnt/export
Could not open /mnt/fsckoptions
Could not open /mnt/home
Could not open /mnt/lib
Could not open /mnt/lib64
Could not open /mnt/lost+found
Could not open /mnt/media
Could not open /mnt/mnt
Could not open /mnt/nfs_root
Could not open /mnt/opt
Could not open /mnt/proc
Could not open /mnt/root
Could not open /mnt/run
Could not open /mnt/sbin
Could not open /mnt/srv
Could not open /mnt/sys
Could not open /mnt/tmp
Could not open /mnt/usr
Could not open /mnt/var

0 files scanned in 12 seconds.
23 errors were encountered.
No viruses were discovered.
End of Scan.
[root@public-cloud-test /]#

When i mount the qcow2 file  i set it to "read-only".  I don't think that make any difference. 

guestmount -a ems.qcow2 -i --ro /mnt

This what happens when I remove the "*"  from the command 

[root@public-cloud-test mnt]# savscan /mnt
SAVScan virus detection utility
Version 5.63.0 [Linux/AMD64]
Virus data version 5.69, October 2019
Includes detection for 43354186 viruses, Trojans and worms
Copyright (c) 1989-2019 Sophos Limited. All rights reserved.

System time 09:35:56 AM, System date 13 November 2019

IDE directory is: /opt/sophos-av/lib/sav

<list all the ".ide" files program used>

Quick Scanning

Could not open /mnt

0 files scanned in 5 seconds.
1 error was encountered.
No viruses were discovered.
End of Scan.
[root@public-cloud-test mnt]# ls -l /mnt
total 96
lrwxrwxrwx. 1 root root 7 Apr 23 2019 bin -> usr/bin
dr-xr-xr-x. 4 root root 4096 Apr 23 2019 boot
drwxr-xr-x. 2 root root 4096 Apr 23 2019 dev
drwxr-xr-x. 116 root root 12288 Apr 23 2019 etc
drwxr-xr-x. 3 root root 4096 Apr 23 2019 export
-rw-r--r--. 1 root root 6 Apr 23 2019 fsckoptions
drwxr-xr-x. 6 root root 4096 Apr 23 2019 home
lrwxrwxrwx. 1 root root 7 Apr 23 2019 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Apr 23 2019 lib64 -> usr/lib64
drwx------. 2 root root 16384 Apr 23 2019 lost+found
drwxr-xr-x. 2 root root 4096 Dec 14 2017 media
drwxr-xr-x. 3 root root 4096 Apr 23 2019 mnt
drwxr-xr-x. 2 root root 4096 Apr 23 2019 nfs_root
drwxr-xr-x. 5 root root 4096 Apr 23 2019 opt
drwxr-xr-x. 2 root root 4096 Apr 23 2019 proc
dr-xr-x---. 5 root root 4096 Apr 23 2019 root
drwxr-xr-x. 2 root root 4096 Apr 23 2019 run
lrwxrwxrwx. 1 root root 8 Apr 23 2019 sbin -> usr/sbin
drwxr-xr-x. 2 root root 4096 Dec 14 2017 srv
drwxr-xr-x. 2 root root 4096 Apr 23 2019 sys
drwxrwxrwt. 12 root root 4096 Apr 23 2019 tmp
drwxr-xr-x. 14 root root 4096 Apr 23 2019 usr
drwxr-xr-x. 24 root root 4096 Apr 23 2019 var

Hello ,

I'm not familiar with guestmount, meanwhile I've found out it uses FUSE.

While I have no idea what the actual cause is it seems that savscan can't "see" the files/directories under /mnt. Please note that when you use savscan /mnt/* the shell expands the *. If you use savscan --expand-wildcards "/mnt/*"  it should give the same result - if not this would support my assumption. Perhaps DouglasLeeder  has some advice.

Christian

Hi,

It looks like access is restricted to root? Can you read any of the files under /mnt?

savscan using sgid permissions, so may not be able to access files that require group access to read.

Hi Guys 

i am running savscan as "root"  , and I able to list the content in /mnt 

[root@public-cloud-test mnt]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@public-cloud-test mnt]# ls -l /mnt
total 96
lrwxrwxrwx. 1 root root 7 Apr 23 2019 bin -> usr/bin
dr-xr-xr-x. 4 root root 4096 Apr 23 2019 boot
drwxr-xr-x. 2 root root 4096 Apr 23 2019 dev
drwxr-xr-x. 116 root root 12288 Apr 23 2019 etc
drwxr-xr-x. 3 root root 4096 Apr 23 2019 export
-rw-r--r--. 1 root root 6 Apr 23 2019 fsckoptions
drwxr-xr-x. 6 root root 4096 Apr 23 2019 home
lrwxrwxrwx. 1 root root 7 Apr 23 2019 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Apr 23 2019 lib64 -> usr/lib64
drwx------. 2 root root 16384 Apr 23 2019 lost+found
drwxr-xr-x. 2 root root 4096 Dec 14 2017 media
drwxr-xr-x. 3 root root 4096 Apr 23 2019 mnt
drwxr-xr-x. 2 root root 4096 Apr 23 2019 nfs_root
drwxr-xr-x. 5 root root 4096 Apr 23 2019 opt
drwxr-xr-x. 2 root root 4096 Apr 23 2019 proc
dr-xr-x---. 5 root root 4096 Apr 23 2019 root
drwxr-xr-x. 2 root root 4096 Apr 23 2019 run
lrwxrwxrwx. 1 root root 8 Apr 23 2019 sbin -> usr/sbin
drwxr-xr-x. 2 root root 4096 Dec 14 2017 srv
drwxr-xr-x. 2 root root 4096 Apr 23 2019 sys
drwxrwxrwt. 12 root root 4096 Apr 23 2019 tmp
drwxr-xr-x. 14 root root 4096 Apr 23 2019 usr
drwxr-xr-x. 24 root root 4096 Apr 23 2019 var
[root@public-cloud-test mnt]# ls -l /mnt/boot
total 224008
-rw-r--r--. 1 root root 151922 Dec 19 2018 config-3.10.0-957.5.1.el7.x86_64
-rw-r--r--. 1 root root 152185 Dec 19 2018 config-3.10.0-957.5.1.el7.x86_64.debug
drwxr-xr-x. 3 root root 16 Apr 23 2019 efi
drwx------. 5 root root 106 Apr 23 2019 grub2
-rw-------. 1 root root 62984062 Apr 23 2019 initramfs-0-rescue-12345678abcdabcdaaaa230419071057.img
-rw-------. 1 root root 62241614 Apr 23 2019 initramfs-3.10.0-957.5.1.el7.x86_64.debug.img
-rw-------. 1 root root 61522803 Apr 23 2019 initramfs-3.10.0-957.5.1.el7.x86_64.img
-rw-------. 1 root root 13360268 Apr 23 2019 initramfs-3.10.0-957.5.1.el7.x86_64kdump.img
-rw-r--r--. 1 root root 316165 Dec 19 2018 symvers-3.10.0-957.5.1.el7.x86_64.debug.gz
-rw-r--r--. 1 root root 314087 Dec 19 2018 symvers-3.10.0-957.5.1.el7.x86_64.gz
-rw-------. 1 root root 3544044 Dec 19 2018 System.map-3.10.0-957.5.1.el7.x86_64
-rw-------. 1 root root 3710282 Dec 19 2018 System.map-3.10.0-957.5.1.el7.x86_64.debug
-rwxr-xr-x. 1 root root 7205168 Apr 23 2019 vmlinuz-0-rescue-12345678abcdabcdaaaa230419071057
-rwxr-xr-x. 1 root root 6644016 Dec 19 2018 vmlinuz-3.10.0-957.5.1.el7.x86_64
-rwxr-xr-x. 1 root root 7205168 Dec 19 2018 vmlinuz-3.10.0-957.5.1.el7.x86_64.debug
[root@public-cloud-test mnt]# ls -l /mnt/opt
total 12
drwxr-xr-x. 15 502 reseng 4096 Apr 23 2019 oracle
drwxr-xr-x. 3 root root 4096 Apr 23 2019 ORCLfmap
[root@public-cloud-test mnt]# ls -l oracle
ls: cannot access oracle: No such file or directory
[root@public-cloud-test mnt]# ls -l /mnt/opt/oracle
total 52
drwxrwxr-x. 3 502 reseng 4096 Apr 23 2019 admin
drwxr-x---. 3 502 reseng 4096 Apr 23 2019 audit
drwxr-xr-x. 5 502 reseng 4096 Apr 23 2019 backup
drwxr-x---. 4 502 reseng 4096 Apr 23 2019 cfgtoollogs
drwxr-xr-x. 2 502 reseng 4096 Apr 23 2019 checkpoints
drwxrwxr-x. 19 502 reseng 4096 Apr 23 2019 diag
drwxrwxr-x. 3 502 reseng 4096 Apr 23 2019 oradata
drwxrwx---. 5 502 reseng 4096 Apr 23 2019 oraInventory
drwxr-xr-x. 3 502 reseng 4096 Apr 23 2019 orarepl
drwxr-xr-x. 3 502 reseng 4096 Apr 23 2019 orasql
drwxrwxrwx. 2 502 reseng 4096 Apr 23 2019 pm_stats
drwxr-xr-x. 3 502 reseng 4096 Apr 23 2019 product
-rw-r--r--. 1 502 reseng 1261 Apr 23 2019 updateMemorySizing.sh.log
[root@public-cloud-test mnt]#

One more thing 

I try mounting the qcow2 file with Read/Write option. I still get the same error.   Here the info about guestmount   (http://ask.xmodulo.com/mount-qcow2-disk-image-linux.html)

[root@public-cloud-test /]# umount /mnt

[root@public-cloud-test /]# guestmount -a ems.qcow2 -i --rw /mnt

[root@public-cloud-test /]# savscan /mnt
SAVScan virus detection utility
Version 5.63.0 [Linux/AMD64]
Virus data version 5.69, October 2019
Includes detection for 43354291 viruses, Trojans and worms
Copyright (c) 1989-2019 Sophos Limited. All rights reserved.

System time 09:22:21 AM, System date 14 November 2019

IDE directory is: /opt/sophos-av/lib/sav

<list all the ".ide" files program used>

Quick Scanning

Could not open /mnt

0 files scanned in 6 seconds.
1 error was encountered.
No viruses were discovered.
End of Scan.
[root@public-cloud-test /]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@public-cloud-test /]# hostinfo
UNAME: Linux public-cloud-test.novalocal 3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
DISTRO: Red Hat Enterprise Linux Server release 7.6 (Maipo)
CPU: 4 cores, Intel Xeon E312xx (Sandy Bridge, IBRS update)
MEM: 8.01 GB (Swap: 0.00 GB)
[root@public-cloud-test ~]#

The problem may be that fuse is blocking root from accessing the files.

I don't know guestmount so I don't know the access permissions. Unfortunately the sgid on sweep, and suid on savscan makes debugging this sort of problem quite difficult.

sweep is clearly having problems reading both the directories and the files.

Can you read the files normally?

Hello 

I figure out a solution to my problem.

1. Ensure KVM is running on the VM/Server  apparently guestmount requires this.

2. Edit the /etc/fuse.conf file 

[root@public-cloud-test etc]# cat fuse.conf
# mount_max = 1000
user_allow_other  <-- Uncomment out this line 

3. Run guestmount command to mount the qcow2 file   

guestmount  -o allow_other -a  "<qcow2 file> -i  -ro  <mount location>   (Note you can also use --rw  for read/write )

4. Then I scan the mount qcow2 file 

 Example savscan  /mnt 

5 Finally unmount the qcow2 file 

guestumount <mount location>