search cancel

/var/log/messages shows "rtvscand: Scan could not open file" entries for excluded files and folders

book

Article ID: 163972

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

/var/log/messages shows "rtvscand: Scan could not open file" entries for excluded files and folders, giving the impression that rtvscand is actually attempting to scan these files.

​Jun  8 00:55:37 rhel65 rtvscand: Scan could not open file /sys/module/mbcache/sections/.text [00000003]
Jun  8 00:55:37 rhel65 rtvscand: Scan could not open file /sys/module/mbcache/sections/.exit.text [00000003]
Jun  8 00:55:37 rhel65 rtvscand: Scan could not open file /sys/module/mbcache/sections/.altinstr_replacement [00000003]
Jun  8 00:55:37 rhel65 rtvscand: Scan could not open file /sys/module/mbcache/sections/.init.text [00000003]

Environment

Symantec Endpoint Protection for Linux 12.1 (all versions)

Cause

The logging was misleading, in that the messages were generated for special types of files that were enumerated but not actually scanned.

Resolution

Starting Symantec Endpoint Protection for Linux 14, the less than explanatory "rtvscand: Scan could not open file " entries for excluded files and folders that were logged in /var/log/messages were replaced by more explanatory messages referencing the file by their type: block-special, character-special, FIFO, and socket fd.