This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Linux: Options for excluding files from scanning

When using sophos for Linux on-access scanning, I run into delays when I access some shared folders from my Windows VM, presumably because the VM is doing some simple scan of the folder which then triggers the on-access scanning. This is particularly noticeable and annoying for folders with may items or large items like a downloads folder that may contain many >200MB files. Please can someone let me know if there's an obvious solution to this, such as:

  • Is there a way to configure a max file size for Linux on-access scanning?
  • Is there a way to exclude certain processes from the Linux on-access scanning? (e.g. the VMware process or possibly makes sense for a backup rsync process too)


This thread was automatically locked due to age.
Parents
  • Hi  

    There is nothing like to configure a max file size for Linux on-access scanning but I can find the similar issue described in this article and you can go with the steps mentioned in it.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Thanks for this. Unfortunately the solutions there are to exclude the folders from scanning or configure samba instead of NFS; exclusion isn't really possible since it defeats the point of having the on-access scanning, particularly for a downloads folder which might be considered one of the more at-risk locations, and the samba/NFS solution isn't applicable to the issues I'm encountering with the VM.

  • Hi  

    I'd like to know more details about the environment you have. Please provide the below details:

    1. The operating system of the machine where Sophos AV for Linux is implemented.

    2. Whether share is hosted on SAV for Linux's system and how it is causing the issue for you when you access the share from a Windows machine.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Jasmin said:
    1. The operating system of the machine where Sophos AV for Linux is implemented.

    Linux Mint 19.3 (based on Ubuntu 18.04)

    Jasmin said:
    2. Whether share is hosted on SAV for Linux's system and how it is causing the issue for you when you access the share from a Windows machine.

    It is shared via VMware shared folders that allows the Windows VM to see folders on the Linux system - it does this by creating a pseudo Windows share. The issue arises from accessing the folder on the Windows VM (not opening any files), there is a significant hang and delay in the VM caused by SAV scanning (checked via top on the Linux system). Note that there isn't a noticeable delay on opening other folders so I assume it's because this folder has several large (> 200MB) files that are being scanned.

Reply
  • Jasmin said:
    1. The operating system of the machine where Sophos AV for Linux is implemented.

    Linux Mint 19.3 (based on Ubuntu 18.04)

    Jasmin said:
    2. Whether share is hosted on SAV for Linux's system and how it is causing the issue for you when you access the share from a Windows machine.

    It is shared via VMware shared folders that allows the Windows VM to see folders on the Linux system - it does this by creating a pseudo Windows share. The issue arises from accessing the folder on the Windows VM (not opening any files), there is a significant hang and delay in the VM caused by SAV scanning (checked via top on the Linux system). Note that there isn't a noticeable delay on opening other folders so I assume it's because this folder has several large (> 200MB) files that are being scanned.

Children