ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

The local scaninput file is growing larger every day and is occupying significant disk space on a Linux server

book

Article ID: 240772

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

A Linux server running the DCS 6.9.1 has disk space being occupied by the following file which has grown very large.

/opt/Symantec/sdcssagent/AMD/system/scaninput

The question was ask as to if this file can be deleted manually.

Cause

The scaninput file contains the record of folders and files that have been scanned. It is supposed to be maintained by the system so as to clean up when the process is flagged as successfully completed. However, in this case the scan configuration was unrestricted so that the AMD process was scanning every folder. It was also scanning NFS mounted drives-- each being multiple terabytes in size. As such the scanning process was never actually completed with the scanning of all drives and folders before the next scheduled iteration was set to run.

Environment

Release : 6.9.1

Component : AMD

Resolution

The only valid solution was to reconfigure the scan settings to focus on specific folders where local and web application processes were creating, modifying and maintaining files subject to potentially becoming infected.

Although not recommended as a common practice, if the file need be eliminated to free up disk space it can be manually deleted after stopping the services.

1. Stop the agent services:

service sisidsagent stop
service sisipsutil stop
service sisamddaemon stop

2. Delete the scaninput file

3. Start the services again:

service sisidsagent start
service sisipsutil start
service sisamddaemon start