This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Antivirus and Time Machine

Does anyone else find that the default "Scan This Mac" option gets stuck unless you exclude your Time Machine backup volume from the scan? I was really disappointed with the speed of the scan until I thought to try this, as I was finding it would get stuck about a third of the way in and stay there for hours until I gave up. The only reason I can think of for this though would be if it's scanning the full contents of every backup, but that would be a staggering number of files to get through (my system has millions of files as it is, totalling around 2.5tb).

I would think that an antivirus product for Mac would be aware of Time Machine's file structure and have methods for accelerating the scan. For example, it's pretty easy to figure out which files have changed between two Time Machine backups by comparing inodes, since Time Machine uses hard-links, so only original files and changed files should need to be scanned. Also, since a Time Machine backup is just a snapshot of the rest of your system, it should be easy enough for Sophos antivirus to determine if the file is identical to one already scanned (or waiting to be scanned) on the main system or not, so that copies don't need to be scanned more than once.

Does Sophos antivirus already account for these things? Otherwise I can't figure out why excluding my Time Machine backup would solve the problem. Should I submit a support ticket somewhere?

:1015215


This thread was automatically locked due to age.
Parents
  • Oh I agree that I should scan my Time Machine volume if I can, the problem is that Sophos Antivirus seems to get stuck while doing it, but I can't figure out why.

    When it generates its count of files to be scanned Sophos doesn't seem to include my Time Machine volume, as the count is about right for my root volume. However, it must be scanning my Time Machine volume as leaving it included is what causes the problem, however without a file count I have no way of knowing how much progress it's making.

    However, I've left the scan running for while over four times the length of time it takes to scan my system with Time Machine excluded, which seems like too long, as scanning the Time Machine volume should take closer to twice as long (since a majority of files are hard-links). I'm not sure if this means that Sophos antivirus is re-scanning file links or not though as I can't tell if it's actually doing anything at all other than the fact that it's still utilising CPU time.

    As I say, there are several fairly easy tricks that should be in use to accelerate scans of a Time Machine volume, which means it shouldn't take much longer than scanning the root volume on which it's based. I don't know if these tricks are being used or not, though I'd normally be inclined to give Sophos the benefit of the doubt and assume it is, but all I know is that including my Time Machine volume causes my on-demand scans to seemingly never end; I say seemingly as I shut my Mac down at night, so I can't just leave the scan running long-term, but the logs don't include an verbose progress that I can see so I really don't know what's going on.

    :1015263
Reply
  • Oh I agree that I should scan my Time Machine volume if I can, the problem is that Sophos Antivirus seems to get stuck while doing it, but I can't figure out why.

    When it generates its count of files to be scanned Sophos doesn't seem to include my Time Machine volume, as the count is about right for my root volume. However, it must be scanning my Time Machine volume as leaving it included is what causes the problem, however without a file count I have no way of knowing how much progress it's making.

    However, I've left the scan running for while over four times the length of time it takes to scan my system with Time Machine excluded, which seems like too long, as scanning the Time Machine volume should take closer to twice as long (since a majority of files are hard-links). I'm not sure if this means that Sophos antivirus is re-scanning file links or not though as I can't tell if it's actually doing anything at all other than the fact that it's still utilising CPU time.

    As I say, there are several fairly easy tricks that should be in use to accelerate scans of a Time Machine volume, which means it shouldn't take much longer than scanning the root volume on which it's based. I don't know if these tricks are being used or not, though I'd normally be inclined to give Sophos the benefit of the doubt and assume it is, but all I know is that including my Time Machine volume causes my on-demand scans to seemingly never end; I say seemingly as I shut my Mac down at night, so I can't just leave the scan running long-term, but the logs don't include an verbose progress that I can see so I really don't know what's going on.

    :1015263
Children
No Data