Intesting find. I drop a malicious file (executable binary) on to the underlying docker host OS (Linux) and antivirus program detects it without issue. I drop the same file into a docker guest container (CENTOS base) and the AV program cannot detect it, even though I can now see the file from within the underlying host OS (it’s in the docker overlay directory). I copy the file from the docker overlay directory to another folder OUTSIDE of the overlay directory and now the AV detects it. How can this be? The file is the same whether in the overlay directory (within container) or after moved outside of the directory. Confused here.