Remove QCSA Scan Residues

QCSA generates temporary files in the shared directory while it is scanning the assets. Once the scan is complete, these residue files are no longer usable. These files are stored under <Path to shared directory>/ML-x.x.x-x/tmp. You can use the following command to view the location of the temporary scan files.

Use the following command as an example:

Sample

[root@localhost ~]# ls /usr/qualys/shared/ML*/tmp/
/usr/qualys/shared/ML-12.16.62-1/tmp/:
126-7-40-4.853  test
  
/usr/qualys/shared/ML-12.16.63-1/tmp/:
  
/usr/qualys/shared/ML-12.16.64-1/tmp/:
  
/usr/qualys/shared/ML-12.16.65-1/tmp/:
  
/usr/qualys/shared/ML-12.16.66-1/tmp/:
  
/usr/qualys/shared/ML-12.17.39-1/tmp/:
  
/usr/qualys/shared/ML-12.17.40-1/tmp/:
[root@localhost ~]#

In the above example,/usr/qualys/shared/ is the Docker shared directory.

You can clean residue files using the following steps

  1. Make sure no active scans are running on any Containerized Scanner on the Linux Host.
  2. Confirm on the user portal that no active scans are running.
  3. Stop all Containerized Scanners on the Linux Host.
  4.  Locate the scan residue files using the command: /usr/qualys/shared/ML*/tmp/.
  5. Remove the files when required.
 

  • If insufficient file permissions prevent deletion of these files on the Linux host, delete them from inside the running containerized scanner instead. The files are located at /usr/local/qualys/ML*/tmp within the container.

    To access the container's bash console and navigate to the package directory, you can run the following commands:

    root@localhost:~#
root@localhost:~# docker exec -it Qualys_Container bash
[root@447fb6dafde5 /]#
[root@447fb6dafde5 /]# cd /usr/local/qualys
[root@447fb6dafde5 qualys]#
[root@447fb6dafde5 qualys]# ls -l ML*/tmp
ML-14.7.19-1/tmp:
total 0
 
ML-14.8.11-1/tmp:
total 0
 
ML-14.9.17-1/tmp:
total 0
[root@447fb6dafde5 qualys]#

  • Qualys strongly recommends against running containerized scanner in rootless mode, as it may impact scan performance and the consistency of vulnerability results.

  • The sample commands utilize Docker Engine as the container runtime, but they can also be executed using Podman.

  • A low cgroups PID limit (total number of processes and threads to run inside a container) on linux host, may prevent the QCSA containerized scanner from executing larger scans. Running Containerized scanner with option '--pids-limit -1' this pids limit can be removed or running Containerized scanner with option '-e DISREGARD_PID_LIMIT=yes' will override the pids limit check.

For detailed information on the QCSA command parameters used in examples, refer to Containerized Command Components.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.