Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 2322 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos anti-virus for Linux] Can I add excluded files or directories recursively by "**"?

Kohei Aoki

Hi.

I'd like to improve my pc's performance by avoid scanned some directories recursively by Sophos anti-virus.

The manual (https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_cg.pdf) doesn't say explicitly that it's possible to add ExcludeFileOnGlob recursively.

Can I exclude directories recursively?



This thread was automatically locked due to age.
  • 0

    I "think" adding a wildcard for a directory would exclude it recursively. You may want to test to verify.

    If you use ExcludeFileOnGlob to exclude a directory, you must add the * wildcard to the end of the path. For example: /opt/sophos-av/bin/savconfig add ExcludeFileOnGlob '/tmp/report/*'.

  • 0

     Thank you for your response!

    I tried end of the path "*", but I can't tell this works.

    I'd like to build some software, so I add the root directory like "/work/poky/*",

    builder read and generate files in the directory.

    Top command shows savscand's CPU usage is high (over 100%) during building software.

    So I guessed ExcludeFileOnGlob doesn't works recursively, is this right?

  • 0 in reply to Kohei Aoki

    Hmm. I have not tried this, but how about you use lsof to monitor that directory while a scan is taking place to see if any files are accessed? The command might look something like this:

    lsof +D -r 1 '/work/poky/'

    lsof = list open files

    +D = recursive

    -r = repeat ever 1 second

  • 0 in reply to Kyle Parrish

    Thank you for advising me!

    But lsof command doesn't show savscand open the /work/poky/*...

    So I couldn’t know what files savscand  opened.

    Is there another way to confirm if recursive exclusion is enabled?

    BTW, I didn't know the command, but it's very useful!

    I'd like to use this on another chance;)

  • +1 in reply to Kohei Aoki

    I confirmed it!

    I used eicar to confirm if recursive exclusion was enabled.

    result: ENABLED!

    add ExcludeFileOnGlob '/work/poky/*'

    then put eicar at /work/poky/build,

    It was not detected(of course, at the directory out of the /work/poky , eicar was detected).

    Thank you for spending time for me!

    I close this as resolved.

  • 0 in reply to Kohei Aoki

    Awesome! Good idea using EICAR!

Unfiltered HTML