To disable the on-access scanning in Sophos for now with this command:
/opt/sophos-av/bin/savdctl disable
It can later be re-enabled with this command:
/opt/sophos-av/bin/savdctl enable
As for checking for what Sophos has been doing lately, the log files are located in the following path:
/opt/sophos-av/log
As for further documentation, there are man pages for most of the various Sophos binaries that you can find in /opt/sophos-av/bin so you should be able to view the man page for them with “man savdctl” or whichever binary you need to look at.
