Okay, not sure if this is expected behavior for either Firejail or Sophos or not.
I am using Arch Linux with the linux-hardened-apparmor kernel, (currently 4.15-9,) along with firejail-apparmor from the AUR, (both of which I maintain.)
After installing Sophos for Linux yesterday afternoon, everything seems to work as expected, including on-access scanning with fanotify. Moving on to the next step, I'm now writing some shells, (bash,) to simplify using the antivirus-scanner. One feaure is a RMB context menu for Thunar to scan any file on demand.
When I run an instance of Thunar without the firejail-apparmor sandbox, my context menu bash works as intended. However, if the instance of Thunar is run inside an apparmor-enabled sandbox, the on-demand-scan fails to detect any of the eicar test viruses.
To clarify:
- While inside the sandbox, the bash is being called, it's just reporting: "No virus detected"
- Without the sandbox, the bash works as expected and detects all the available eicar test viruses
- Both with and without the sandbox the on-access scan detects the eicar.com virus, but not the other test samples
For reference, the bash called to initiate the on-demand scan is:
#!/bin/bash
# Usage: add "ThunarAvScan %f" to Thunars RMB context menu
NotifyIcon="/home/stupidme/Pictures/LauncherIcons/Sophos.png"
notify-send -u NORMAL -t 10000 "Patience, running Sophos 'savscan' on $1" --icon="$NotifyIcon"
AvTestResult=$(savscan -f -all -archive -loopback -pua -suspicious $1 | grep ">>> Virus ")
if [[ "$AvTestResult" == "" ]] ; then
notify-send -u NORMAL -t 10000 "No viruses were discovered" --icon="$NotifyIcon"
else
notify-send -u NORMAL -t 10000 "$AvTestResult" --icon="$NotifyIcon"
fi
Edit: Added Linux tag
This thread was automatically locked due to age.