This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

savscan -exclude not excluding directories

As the title says, when I try to exclude a directory from savscan it does not exclude it.

I have tried the following commands for a full-system scan, excluding a directory that cannot be accessed:

  • savscan / -exclude /var/lib/lxcfs/cgroup/
  • savscan / -exclude '/var/lib/lxcfs/cgroup/'
  • savscan / -exclude '/var/lib/lxcfs/cgroup/*'
  • savscan / -exclude "/var/lib/lxcfs/cgroup/*"

None of these commands seem to exclude the "var/lib/lxcfs/cgroup/" directory and I still receive multiple errors when it tries to scan it.

Some examples of these errors are:
Could not check /var/lib/lxcfs/cgroup/systemd/user.slice/user-0.slice/session-7389.scope/tasks (virus scan failed)
Could not check /var/lib/lxcfs/cgroup/cpuset/tasks (virus scan failed)

Could not check /var/lib/lxcfs/cgroup/cpuset/lxc/tasks (virus scan failed)
Among many other similar errors from this directory.

From what I have read, the lxcfs directory cannot be scanned by Sophos or accessed by many other processes, even as root, hence why I am trying to exclude it.

Am I doing something wrong or do I need to exclude every single subdirectory?



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Leah96xxx,

    as said (Can't say if it will help though) thought as much.  What I suggested in my last post was not ab exclusion for /var/lib/lxcfs but for the grandparent (/var - that is supposed to work) or parent (/var/lib - should have the same effect but I couldn't test) and -include the paths that are to be scanned. You don't have to specify the list on the command line, you can load it from a file.

    Please note that while savscan has its use the preferred method for protection is on-access scanning. Just curious, what is your use case for savscan?

    Christian