This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AVL 9.14.0 (on Arch Linux 4.13.12-1-hardened) seems to have created a /usr/var while performing a full scan, why is this? Safe to delete?

Hi, I performed a full scan of my computer with SAVL last night after a version and definition update.  It took 30+ minutes to finish, during which I wasn't connected to the Internet and had nothing else going on on my machine.  

I ran my file integrity checker later on to bring my baseline back to where it should be after that day's update install, I'm on a rolling release system after all.   It noticed a /usr/var directory which wasn't there in the last check and had only been created while Sophos was scanning the drive owing to a quick look at the stat command.  

Since I can reasonably rule everything else out my only guess at this point is that the AV program created this directory by itself.  I'll grab inotify-tools or another copy of auditing software from my distribution repo and make another pass tonight to be sure, but my question right at this moment is, why would Sophos create a /usr/var directory while scanning?  What purpose does it serve when the /var directory is right there?



This thread was automatically locked due to age.
Parents Reply Children
No Data