Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 10 subscribers
  • Views 4146 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Linux: Options for excluding files from scanning

neilc222

When using sophos for Linux on-access scanning, I run into delays when I access some shared folders from my Windows VM, presumably because the VM is doing some simple scan of the folder which then triggers the on-access scanning. This is particularly noticeable and annoying for folders with may items or large items like a downloads folder that may contain many >200MB files. Please can someone let me know if there's an obvious solution to this, such as:

  • Is there a way to configure a max file size for Linux on-access scanning?
  • Is there a way to exclude certain processes from the Linux on-access scanning? (e.g. the VMware process or possibly makes sense for a backup rsync process too)


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Jasmin

    Thanks for this. Unfortunately the solutions there are to exclude the folders from scanning or configure samba instead of NFS; exclusion isn't really possible since it defeats the point of having the on-access scanning, particularly for a downloads folder which might be considered one of the more at-risk locations, and the samba/NFS solution isn't applicable to the issues I'm encountering with the VM.

  • 0 in reply to neilc222

    Hi  

    I'd like to know more details about the environment you have. Please provide the below details:

    1. The operating system of the machine where Sophos AV for Linux is implemented.

    2. Whether share is hosted on SAV for Linux's system and how it is causing the issue for you when you access the share from a Windows machine.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Jasmin

    Jasmin said:
    1. The operating system of the machine where Sophos AV for Linux is implemented.

    Linux Mint 19.3 (based on Ubuntu 18.04)

    Jasmin said:
    2. Whether share is hosted on SAV for Linux's system and how it is causing the issue for you when you access the share from a Windows machine.

    It is shared via VMware shared folders that allows the Windows VM to see folders on the Linux system - it does this by creating a pseudo Windows share. The issue arises from accessing the folder on the Windows VM (not opening any files), there is a significant hang and delay in the VM caused by SAV scanning (checked via top on the Linux system). Note that there isn't a noticeable delay on opening other folders so I assume it's because this folder has several large (> 200MB) files that are being scanned.

  • 0 in reply to neilc222

    Hi  

    AFAIK, Mint OS is not described in the supported Operating System list. Unfortunately, when OS is not supported, the product can throw an irrelative or different error or behaves differently than what it should. Though I will take the advice from my team regarding this issue.

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Yes, I realise it's not specifically in that list but as far as SAV is concerned, it should be behaving the same as if it were running on Ubuntu 18.04. Getting hung up on that is a red herring - the real issue here is the interop between VMware (shared folders) accessed from Windows and SAV for Linux when a folder happens to contain (many) large installer files.

  • 0 in reply to neilc222

    Hi  

    We understand your concern but the reason behind it is not in the supported list, might be it is not behaving as expected.

    We might not be able to help as it is not listed in the supported OS list for Linux.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to neilc222

    Hello neilc222,

    supported Linux distribution or not, could tell whether VMware shared folders have been tested and if with what result.

    Christian

  • +1 in reply to QC

    We don't test VMware shared folders. 

    Since the product is primarily aimed at servers, which are less likely to have shared folders in that way, I'm not sure it would gain any priority with product management.

  • 0 in reply to DouglasLeeder

    Thanks for the info. I guess I'll just have to live with it or try some other Linux AV (not that there are that many options!). It would be really useful to have options for customising the large file size (to skip scanning) and being able to ignore a certain process like vmware when it accesses files (i.e. don't on-access scan).

    Many thanks

Unfiltered HTML