logging, in a persistent storage log, a record of all transactions/operations affecting any files, data or directories on the data processing system, said transactions/operations occurring subsequent to the start of a previous scan of the data processing system for malicious software and associated malicious activity, wherein said persistent storage log is a first-in first-out buffer with a pre-established size for holding a preset amount of data;

establishing a threshold amount of data that may be stored between a previous and subsequent scan; and

when said threshold amount is reached prior to an automatic trigger of the subsequent scan, triggering the subsequent scan on the files, data and directories affected by the operations; and

subsequent to the initiation of the current scan, marking a location within the persistent storage log representing a first entry logged within the persistent storage;

performing each subsequent scan on only the files, data and directories affected by those transactions/operations occurring subsequent to the start of the previous scan, said files, data and directories being identified using entries of the transactions/operations recorded within the persistent storage log;

establishing a threshold amount of data to collect in the persistent storage log between sequentially completed scans, said threshold amount being an amount less than a full amount supported by the persistent storage log and less than an amount at which new entries will cause overflow of the persistent storage log before the previously stored entries are retrieved for scanning of corresponding files, data and directories;

enabling only an administrative user with driver level access to access the persistent storage log, such that malicious software that changes a file's timestamp to hide malicious activity is unable to affect the persistent storage log;

performing an initial scan of the entire data processing system to remove any malicious software from the data processing system; and enabling user override of the subsequent scan on only selected components that correspond to entries within the persistent storage log, such that a full scan of the entire data processing system may be completed during the subsequent scan when a full scan option is selected by a user;

wherein the persistent storage log is one of multiple journal logs, including a primary log, of a journal file system (JFS) associated with the operating system (OS) of the data processing system, said persistent storage log being updated via the JFS and being immune from JFS purge operations following completion of a system reset condition, wherein when the primary log is about to be purged, the entries of the primary log are copied to the persistent storage log and remain within the persistent storage log until subjected to a subsequent virus scan;

enabling a purge of specific contents of the persistent storage log following a successful scan operation, wherein the contents that are replayed during the scan operation are purged from the persistent storage log and new contents logged subsequent to a start of the scan operation are maintained in a persistent state until replayed by a subsequent scan operation;

establishing a new persistent log for recording operations that occur from a start of the previous scan; and

deleting a previous persistent log once the entries of the previous persistent log have all been addressed by the previous scan.