Symantec Agent for Linux is capable of scanning symbolic links (symlinks), but there are certain limitations.

When utilizing the SAV tool to conduct a manual scan on a particular directory containing symlinks, the scan excludes these links. However, if a symbolic link is directly designated as the scan target, the linked directory is scanned.

In AMD logs with trace level enabled, a similar entry can be observed, as shown below:

Date/Time: <trace> [AMDTraversalThread::traverseTree]:422 Ignore symbolic link path: /directory/.../symbolic_link

Symantec Agent for Linux (14.3 RU1 and later)

When using the SAV tool for a manual scan on a specified path, if it's a symbolic link, the Antimalware scanning engine dynamically resolves and follows the link to scan the actual directory/file it points to. However, if the directory path specified for manual scanning contains symbolic links within it, by design the scan engine doesn't traverse those links during the scanning process. This approach helps potentially avoid redundant or unintended scans, thereby maintaining the integrity of the scanning procedure.

To ensure all symbolic links are properly scanned you can use a full system scan. During a full system scan, paths containing symbolic links are thoroughly scanned across the entire system. This ensures that any symbolic links encountered at the root level or within scanned directories are fully assessed for potential security threats.