Apologies an advance if this isn't the clearest post. I'm just a Linux user, not a sysadmin, so not sure exactly which product we're using or how it was installed, and I don't have access to any of the central settings or dashboard.
We use Docker and have noticed that Docker image builds have slowed down a lot since the antivirus was installed. A build which took 5 minutes previously now takes 25 minutes. Disabling the antivirus with systemctl stop sav-protect allows the build to complete in the shorter time again.
The systemd service that runs the antivirus is named sav-protect and the processes that are busy during the docker build are mtdd and savscand. The slowest part of the build is where Docker copies a load of small files from one intermediate stage of the build to another. I don't know where these files are stored since it's all internal to Docker at that point.
The antivirus is set to run with a niceness of 19 and IT tell me that our Docker data-root (/var/lib/docker) where I would expect these files to be stored is excluded from real-time and scheduled scans.
Can we do anything to prevent the antivirus from interfering with the Docker build? Is there a way to identify which files it's scanning and tell whether the exclusion rules are working correctly? I've looked at a few log files available on the workstation but can't see any record of what is being scanned.
$ savscan --version
SAVScan virus detection utility
Copyright (c) 1989-2020 Sophos Limited. All rights reserved.System time 11:31:51, System date 14 July 2020
Product version : 5.74.0
Engine version : 3.79.0
Virus data version : 5.76
User interface version : 2.03.079
Platform : Linux/AMD64
Released : 23 June 2020
Total viruses (with IDEs) : 51916638
This thread was automatically locked due to age.