Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 3872 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Excluding /Library/Sophos Anti-Virus/ from Time Machine backups

Specimen

Whenever Sophos AV gets updated and that's more than once a day the files in the folder /Library/Sophos Anti-Virus/ are modified, this in turn makes Time Machine backup around 60 MB to 100 MB of virus definitions everytime it runs. This fills my Time Machine disk with useless versions of virus definition files.

So my idea is to exclude the /Library/Sophos Anti-Virus/ folder, but how safe is it? Does Sophos AV automatically recreate it and download the files if the folder is missing? Specifically, if I have to restore my whole system from a time machine backup without the VDL folder, how will Sophos AV handle the situation?

What I would really like to see would be Sophos AV excluding VDL files automatically from backup and have in place a routine that would refetch all needed files that were not backed up. 

[Edited to change /Library/Sophos Anti-Virus/ VDL to /Library/Sophos Anti-Virus/ since not only the VDL dir is updated]

:1003521


This thread was automatically locked due to age.
  • 0

    Hello Specimen,

    Thank you for thinking about this issue!  Most daily updates should be significantly smaller than 100MB (closer to 30MB), but they definitely add up.

    Excluding that folder might not be the best option, but excluding /Library/Sophos Anti-Virus/IDE and /Library/Sophos Anti-Virus/ VDL will exclude your data updates.  These folders do indeed get rebuilt, and are perfectly safe to exclude.  To test, just move those folders to somewhere else on your system and select Update Now from the shield menu to see how it impacts the system.

    :1003543
  • 0

    Hello Agile,

    You're welcome!

    So, I used 'sudo mv' to move IDE and VDL, then I ran the update, and indeed the two dirs were recreated with the same size as the ones I had moved elsewhere (About 5.1 MB for /IDE and 60.7 for /VDL). But the update was extremely quickly and what was downloaded from the server was just two small (incremental updates?) files. So I'm guessing those 65.8 MB must have come from somewhere else? Some cache? If this cache isn't present, after a system restore from Time Machine that didn't backup /IDE and /VDL, in a system, what happens?  

    :1003549
  • 0

    The VDL files are generated by the engine itself, based on the data downloaded and what's in the cache.  If the caches are also purged, it'll just mean more data gets downloaded in the update.  Other than the larger monthly updates and the product version updates, the incremental  downloaded updates should be only a few MB and installed to the IDE folder.

    :1003551