This article provides information on the way Sophos Anti-Virus for Linux scans large files shared over NFS. When a Linux server is configured as an NFS server, files added to the share from remote servers will be scanned. The NFS server writes large files by performing lots of small writes, opening and closing the file repeatedly to do so. SAV scans written files after close, so the whole file is scanned repeatedly. For this reason, an analysis of the On-access scan activity will show multiple repeat scans. The larger the file, the longer each scan will take and the more scans will occur. The scanning workload increases exponentially in relation to the size of the file being copied.
The problem appears to be inherent in the operation of NFS in general. Though it is a lot less severe when using NFS v4 rather than NFS v3.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Anti-Virus for Linux Sophos Anti-Virus for Linux 10 Sophos Anti-Virus for Linux 9
If the behavior is seen to cause a performance impact, the workarounds are:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.