Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 8 subscribers
  • Views 7548 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Signature DB Using Up Increasing Amounts Of Storage

Tony Cooper

Hi,

I have been using Sophos Free for Linux since late 2015. All is ok so far (fingers crossed!) but I was wondering whether it is possible to clear out old/unneeded signature files? As the disk usage for Sophos is steadily increasing. Or does Sophos do this automatically? (it doesn't seem to but on the system I checked the installation is only 6 months old).

Many thanks in advance,

Tony.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Tony,

    the disk usage
    you are referring to /opt/sophos-av/, aren't you?

    old/unneeded signature files
    the signature files are in /opt/sophos-av/lib/sav/. Basically detection data is never removed. Data is first issued in individual IDEs (that contain one or more detection items). Items are revised and eventually included in a library (VDB). This happens monthly, at this time a library is added but the number of IDEs drops and subsequently rises again. Older libraries are usually not modified or even removed and thus the amount of data constantly increases. It's around 150MB now (the cache is significantly larger and all in all it's some 500MB).
    Detection data is not a database of several million individual entries though, thus it's not possible to simply delete all entries more than 7 years old or remove all entries for threats that work only on Windows 9x. In this sense there aren't any old/unneeded signature files that you could or you'd have to delete.

    Christian

Reply
  • 0

    Hello Tony,

    the disk usage
    you are referring to /opt/sophos-av/, aren't you?

    old/unneeded signature files
    the signature files are in /opt/sophos-av/lib/sav/. Basically detection data is never removed. Data is first issued in individual IDEs (that contain one or more detection items). Items are revised and eventually included in a library (VDB). This happens monthly, at this time a library is added but the number of IDEs drops and subsequently rises again. Older libraries are usually not modified or even removed and thus the amount of data constantly increases. It's around 150MB now (the cache is significantly larger and all in all it's some 500MB).
    Detection data is not a database of several million individual entries though, thus it's not possible to simply delete all entries more than 7 years old or remove all entries for threats that work only on Windows 9x. In this sense there aren't any old/unneeded signature files that you could or you'd have to delete.

    Christian

Children
  • 0 in reply to QC

    Hello Christian,

    Many thanks for your reply.

    I understand that virus databases can only really grow but it was the rate at which /opt/sophos_av grew plus the fact that there were many more files than there were 6 months previously.

    So the IDE files in time get subsumed into the libraries and get removed but the VDB files only grow. Can the cache area be cleaned out? Or does Sophos clean itself up as it goes?

    Many thanks once again :-).

    Tony.

  • 0 in reply to Tony Cooper

    Hello Tony,

    the IDE files in time get subsumed into the libraries
    correct. This happens about once a month, resulting in the creation of at least one new vdb file. Please note that usually 100 to 150 IDEs are left as individual files, and the number at the end of a cycle can be as high as 400, sometimes even more.

    the cache area
    shouldn't be touched. The free version by default checks for updates in one hour intervals. On a check the cache is compared to the update location, missing or changed files are downloaded. The cache is maintained though and mirrors the update location, thus its size is more or less constant.

    Christian 

Unfiltered HTML