Hi, I performed a full scan of my computer with SAVL last night after a version and definition update. It took 30+ minutes to finish, during which I wasn't connected to the Internet and had nothing else going on on my machine.
I ran my file integrity checker later on to bring my baseline back to where it should be after that day's update install, I'm on a rolling release system after all. It noticed a /usr/var directory which wasn't there in the last check and had only been created while Sophos was scanning the drive owing to a quick look at the stat command.
Since I can reasonably rule everything else out my only guess at this point is that the AV program created this directory by itself. I'll grab inotify-tools or another copy of auditing software from my distribution repo and make another pass tonight to be sure, but my question right at this moment is, why would Sophos create a /usr/var directory while scanning? What purpose does it serve when the /var directory is right there?
This thread was automatically locked due to age.
