This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Antivirus Free for Linux Ubuntu 18.04 error on full scan

Greetings everyone! I am here to report an issue with Sophos Antivirus Free version 9 running under Ubuntu 18.04. The Sophos AV is fully updated and as far as I know no problems with install. The issue seems to be when I choose to do a Full system scan it errors out at some point and I have to abort the scan in terminal. When doing a quick scan it seems to complete with no problems. Not sure if I should let the Full scan continue? Also is there a way to report or check the install to make sure everything is fine?? Any help feedback is appreciated!! Thanks in advance.



This thread was automatically locked due to age.
Parents
  • Hi Anthony, 

    What is the error message you see? Did you try reinstalling the AV?

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hello Haridoss,

     

    Thanks for your reply! I did not try to reinstall the product yet, however I think that may be some of the issue here. I downloaded the Sophos Antivirus Free for Linux version 9 product quite some time ago. I kept the installation package in backup for future use. I will try to download the Sophos product again here and reinstall it with the new installation if you think this may be the problem. I will post back with results.

    Also the error message for scanning does not show in terminal, or anywhere. I did notice a error file scan message on system reboot in Ubuntu 18.04, but the screen was to quick for me to see any relevant error messages or file in question. Which is why I was wondering if when there is an error is it logged by the Sophos product? If that is the case where do I find it so I can report it here? It would be much easier if the product would automatically send bug reports to Sophos similar to how Ubuntu and others have implemented this feature. If it does I am not aware of it and please disregard the prior statement.

     

    Kind regards and looking forward to future correspondence.

     

    OK, So I downloaded the product again straight from the Sophos website, added my credentials and so forth. Uninstalled the old Sophos AV 9 completely and reinstalled it from the new tarball package. Now as soon as install completed I immediately got an error scanning file "Sophos AV alert ;

    /sys/fs/cgroup/freezer/snap.gnome-system-monitor/tasks (namespace)

    Access to the file has been denied."

     

    Last edit;

    On install I got the usual this kernel is not supported so the talpa was compiled locally. Then the product usually automatically updates after install and it did not. I noticed that when I made sure it was updated and noticed it was not. Received the same message in regards to kernel support. Rebooted the system after updates applied just to be sure, then ran a quick scan which completed with the usual "could not open file" errors even though I run the scan as Sudo. Then proceeded to run the Full scan which again stopped at some point. I rooted around in the system process' and noticed these two entries;

    savscand-incident=unix://tmp/incident-namedscan=unix://root@ tmp/namedscanprocessor.0-ondemandcontrol=socketrepair://42/43-threads=5

    savscand-incident=unix://tmp/incident socketrepair://51/52-threads=5

    Process also was reportedly in a "sleeping state". For more information I will supply it just tell me what you need. Thanks.

Reply
  • Hello Haridoss,

     

    Thanks for your reply! I did not try to reinstall the product yet, however I think that may be some of the issue here. I downloaded the Sophos Antivirus Free for Linux version 9 product quite some time ago. I kept the installation package in backup for future use. I will try to download the Sophos product again here and reinstall it with the new installation if you think this may be the problem. I will post back with results.

    Also the error message for scanning does not show in terminal, or anywhere. I did notice a error file scan message on system reboot in Ubuntu 18.04, but the screen was to quick for me to see any relevant error messages or file in question. Which is why I was wondering if when there is an error is it logged by the Sophos product? If that is the case where do I find it so I can report it here? It would be much easier if the product would automatically send bug reports to Sophos similar to how Ubuntu and others have implemented this feature. If it does I am not aware of it and please disregard the prior statement.

     

    Kind regards and looking forward to future correspondence.

     

    OK, So I downloaded the product again straight from the Sophos website, added my credentials and so forth. Uninstalled the old Sophos AV 9 completely and reinstalled it from the new tarball package. Now as soon as install completed I immediately got an error scanning file "Sophos AV alert ;

    /sys/fs/cgroup/freezer/snap.gnome-system-monitor/tasks (namespace)

    Access to the file has been denied."

     

    Last edit;

    On install I got the usual this kernel is not supported so the talpa was compiled locally. Then the product usually automatically updates after install and it did not. I noticed that when I made sure it was updated and noticed it was not. Received the same message in regards to kernel support. Rebooted the system after updates applied just to be sure, then ran a quick scan which completed with the usual "could not open file" errors even though I run the scan as Sudo. Then proceeded to run the Full scan which again stopped at some point. I rooted around in the system process' and noticed these two entries;

    savscand-incident=unix://tmp/incident-namedscan=unix://root@ tmp/namedscanprocessor.0-ondemandcontrol=socketrepair://42/43-threads=5

    savscand-incident=unix://tmp/incident socketrepair://51/52-threads=5

    Process also was reportedly in a "sleeping state". For more information I will supply it just tell me what you need. Thanks.

Children
  • I think you are referring to the command-line savscan/sweep options for full/quick scanning.

     

    Assuming this is the case, you never need to do 'full' scan. The 'full' scan looks for virus fragments and is vastly slower than just looking for actual infected files. The options you may want are: -all to scan all files regardless of extension, and -archive to scan inside archives. Both will slow down your scan, but will reach more files. If the command-line scan gets stuck, you can use -ns to see the files it's scanning, and work out where it's getting stuck.

     

    The savscand processes are for on-access scanning and for scheduled scans.