On-Premise Endpoint

Sophos Anti-Virus for Linux Basic [Sophos anti-virus for Linux] Can I add excluded files or directories recursively by "**"?

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 6 replies
Subscribers 2 subscribers
Views 2836 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos anti-virus for Linux] Can I add excluded files or directories recursively by "**"?

Kohei Aoki over 3 years ago

Hi.

I'd like to improve my pc's performance by avoid scanned some directories recursively by Sophos anti-virus.

The manual (https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_cg.pdf) doesn't say explicitly that it's possible to add ExcludeFileOnGlob recursively.

Can I exclude directories recursively?

This thread was automatically locked due to age.

Top Replies

Kyle Parrish over 3 years ago +1

I "think" adding a wildcard for a directory would exclude it recursively. You may want to test to verify. If you use ExcludeFileOnGlob to exclude a directory, you must add the * wildcard to the end…

Parents

0 Kohei Aoki over 3 years ago

Kyle Parrish Thank you for your response!

I tried end of the path "*", but I can't tell this works.

I'd like to build some software, so I add the root directory like "/work/poky/*",

builder read and generate files in the directory.

Top command shows savscand's CPU usage is high (over 100%) during building software.

So I guessed ExcludeFileOnGlob doesn't works recursively, is this right?
Cancel
Vote Up 0 Vote Down

Cancel
0 Kyle Parrish over 3 years ago in reply to Kohei Aoki
Hmm. I have not tried this, but how about you use lsof to monitor that directory while a scan is taking place to see if any files are accessed? The command might look something like this:

lsof +D -r 1 '/work/poky/'

lsof = list open files

+D = recursive

-r = repeat ever 1 second
Cancel
Vote Up 0 Vote Down

Cancel
0 Kohei Aoki over 3 years ago in reply to Kyle Parrish

Thank you for advising me!

But lsof command doesn't show savscand open the /work/poky/*...

So I couldn’t know what files savscand opened.

Is there another way to confirm if recursive exclusion is enabled?

BTW, I didn't know the command, but it's very useful!

I'd like to use this on another chance;)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Kohei Aoki over 3 years ago in reply to Kyle Parrish

Thank you for advising me!

But lsof command doesn't show savscand open the /work/poky/*...

So I couldn’t know what files savscand opened.

Is there another way to confirm if recursive exclusion is enabled?

BTW, I didn't know the command, but it's very useful!

I'd like to use this on another chance;)
Cancel
Vote Up 0 Vote Down

Cancel

Children

+1 Kohei Aoki over 3 years ago in reply to Kohei Aoki

I confirmed it!

I used eicar to confirm if recursive exclusion was enabled.

result: ENABLED!

add ExcludeFileOnGlob '/work/poky/*'

then put eicar at /work/poky/build,

It was not detected(of course, at the directory out of the /work/poky , eicar was detected).

Thank you for spending time for me!

I close this as resolved.
Cancel
Vote Up +1 Vote Down

Cancel
0 Kyle Parrish over 3 years ago in reply to Kohei Aoki

Awesome! Good idea using EICAR!
Cancel
Vote Up 0 Vote Down

Cancel