This knowledge base article provides details of the support coverage of Sophos Anti-Virus for Linux in environments where Docker containers are used.
Applies to the following Sophos product(s) and version(s) Central Sophos Anti-Virus for Linux Version 10.5.0Sophos Anti-Virus for Linux
It has been identified that there are situations where the Sophos Anti-Virus for Linux Talpa module may not have access to file systems that are mounted within Docker containers. The reason for this is complex, but this means SAV for Linux cannot guarantee on-access scanning within Containers.
In addition to this, Talpa can have an adverse impact on performance and the function of some programs running in overlay file systems in certain circumstances. Sophos no longer supports the use of our Talpa module for on-access scanning on Linux systems that contain Docker containers.
SAV for Linux can also be configured to use Fanotify for on-access scanning, which is a built-in feature in many Linux platforms. Fanotify works well for the Host Linux environment and because it has no visibility within the Docker containers, it does not have a negative impact on files and programs running in containers.
Moving forward, Sophos is recommending the use of Fanotify for on-access protection of the host file systems in Linux environments which include Docker containers. Fanotify does not offer on-access scanning within the Docker containers, just the host platform.
The other SAV for Linux scanning features, Scheduled and On-demand scanning, are unaffected by this Support policy change. The scanning of files and directories that are within mounted overlay file systems and used in Docker containers, is still supported.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.