This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Linux don't accept the configuration " UpdatePeriodMinutes "

Hello


After recent update Sophos Free Linux don't accept more the configuration when I put in " UpdatePeriodMinutes " (#/opt/sophos-av/bin/savconfig UpdatePeriodMinutes 1440 ) 1440 minutes ( 24 hours ).

Now it update every 4 hours.


Any solution ?


Thanks



This thread was automatically locked due to age.
Parents
  • Hi Henrique,

    Please allow me to check on this and update you.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • DouglasLeeder said:

    savupdate will run during sav-protect start up script if:

    1. On-Access is enabled
    2. Talpa is an enabled on-access method
    3. SAV doesn't have a Talpa Binary Pack available

    savupdate will run 5-10 minutes after savd starts up, unless updating is disabled.

     

     

    But how disable update after 5-10 minutes boot system without deactivat on-access ?

  • Perfect

     

    root@debian:/opt/sophos-av/bin# ls
    _ savconfig savdctl savdstatus savlog savscan savsetup savupdate
    root@debian:/opt/sophos-av/bin# ./savdstatus
    Sophos Anti-Virus is active and on-access scanning is running
    root@debian:/opt/sophos-av/bin# systemctl status sav-protect -l -n 50 --no-pager
    ● sav-protect.service - "Sophos Anti-Virus daemon"
    Loaded: loaded (/lib/systemd/system/sav-protect.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2018-06-28 09:59:03 CEST; 28min ago
    Docs: man:sav-protect
    Process: 2825 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.sh (code=exited, status=0/SUCCESS)
    Process: 2706 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
    Main PID: 2824 (savd)
    Tasks: 24 (limit: 4299)
    Memory: 662.9M
    CGroup: /system.slice/sav-protect.service
    ├─2824 savd etc/savd.cfg
    ├─2910 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.0 --ondemandcontrol=socketpair://45/46 socketpair://43/44 --threads=2
    └─3317 savscand --incident=unix://tmp/incident socketpair://49/50 --threads=2

    juin 28 09:58:11 debian systemd[1]: Starting "Sophos Anti-Virus daemon"...
    juin 28 09:58:20 debian savd[2824]: savd.daemon: SAVD-STARTED
    juin 28 09:58:58 debian savd[2824]: savd.daemon: ONACCESS-ENABLED talpa
    juin 28 09:59:03 debian systemd[1]: Started "Sophos Anti-Virus daemon".
    juin 28 09:59:11 debian savd[2824]: savscand.control.log: EXTRA-SCANNER-STARTED
    juin 28 09:59:17 debian savd[2824]: savscand.control.log: EXTRA-SCANNER-STOPPED
    juin 28 10:05:51 debian savd[2824]: update.check: SUCCESSFULLY_UPDATED_FROM sdds:SOPHOS

     


    root@debian:/opt/sophos-av/bin# systemctl status sav-update -l -n 50 --no-pager
    ● sav-update.service - "Sophos Anti-Virus update"
    Loaded: loaded (/lib/systemd/system/sav-update.service; enabled; vendor preset: enabled)
    Active: inactive (dead) since Thu 2018-06-28 10:05:51 CEST; 22min ago
    Docs: man:sav-update
    Process: 4395 ExecStop=/opt/sophos-av/engine/.sav-update.systemd.stop.sh (code=exited, status=0/SUCCESS)
    Process: 4394 ExecStartPost=/opt/sophos-av/engine/.sav-update.systemd.poststart.sh (code=exited, status=0/SUCCESS)
    Process: 4361 ExecStart=/opt/sophos-av/engine/.sav-update.systemd.start.sh (code=exited, status=0/SUCCESS)
    Process: 4359 ExecStartPre=/opt/sophos-av/engine/.sav-update.systemd.prestart.sh (code=exited, status=0/SUCCESS)
    Main PID: 4361 (code=exited, status=0/SUCCESS)

    juin 28 10:05:05 debian systemd[1]: Starting "Sophos Anti-Virus update"...
    juin 28 10:05:51 debian systemd[1]: Started "Sophos Anti-Virus update".
    root@debian:/opt/sophos-av/bin#

  • I'm afraid the product isn't designed to allow the 5-10 minute update to be disabled, even if on-access is disabled.

  • Remembering that this update after the boot did not occur before the recent new release of Sophos.

  • DouglasLeeder said:

    You haven't asked a question.

     

     

    Again ...

    The question is ...

    How deactivat update on boot ?

     

    Thanks

  • You can't, as I said before, there's no mechanism to disable it.

  • DouglasLeeder said:

    You can't, as I said before, there's no mechanism to disable it.

     

    But why, before the update new release, it don't updated on boot ?

    There must be some mean.

Reply Children
  • Maybe change from a simple script

  • I'll not know.

    I am not progammer of the product.

  • Hello every bady !!!

     

    Please, the Sophos free AV update on boot continue ?

     

    I don't have AV instaled now.

     

    Thanks !!!

  • I has solved it !!!

     

    In this forum topic:

    https://www.bleepingcomputer.com/forums/t/578679/sophos-antivirus-for-linux/

     

    - Disable automatic updates from Sophos:

    sudo /opt/sophos-av/bin/savsetup

    enter "1" and press "enter"
    enter "3" and press "enter"

    http://localhost
    full stop

    press "enter"
    type "N" and press "enter"
    type "q" and press "enter"
    (Unlike during the installation process, where you could choose to update from Sophos, your own update server, or
    no server, no server is not listed as an option. You can however choose localhost, which will result in no updates
    being downloaded unless your computer is already an update server.)

     

    Now I am testing . ..

    ----------------------------------------------------

    EDIT

    Warning !!!

    This solution not permite return the before condition.

    Automatic update not work more after this and you need reinstall the AV again.

    by !

  • Your method disables all updating.

     

    As I said before the product updates:

    a) During boot - if on-access enabled, talpa enabled, and no TBP matching the current kernel.

    b) 5-10 minutes after savd starts.

    c) UpdatePeriodMinutes after the last scheduled update.

     

     

    b & c are controlled by the EnableAutoUpdating option.

     

    Machines need to update every ~ 4 hours to get new protection data, otherwise protection is compromised.

     

  •  

     

    Hello !!!

     

    I now configured in the root terminal:

    #/opt/sophos-av/bin/savconfig set EnableAutoUpdating false

     

    After I verified with:

    #/opt/sophos-av/bin/savconfig query EnableAutoUpdating

    And it returned: " false " !!!

     

    Now I manual updated every day with:

    #/opt/sophos-av/bin/savupdate

     

    Thanks Douglas !!!

     

    Happy new year for you and your team from here Brazil !!!

     

    by !!!

  • Hello,

    For me it is as Douglas described

     

    root@debian:~# /opt/sophos-av/bin/savconfig query EnableAutoUpdating
    TRUE
    root@debian:~# /opt/sophos-av/bin/savconfig query UpdatePeriodMinutes
    1440
    root@debian:~# systemctl status sav-protect
    ● sav-protect.service - "Sophos Anti-Virus daemon"
    Loaded: loaded (/lib/systemd/system/sav-protect.service; disabled; vendor preset: enabled)
    Active: active (running) since Tue 2019-01-08 11:25:18 CET; 37min ago
    Docs: man:sav-protect
    Process: 16120 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
    Process: 16141 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.sh (code=exited, status=0/SUCCESS)
    Main PID: 16140 (savd)
    Tasks: 29 (limit: 4297)
    Memory: 520.1M
    CGroup: /system.slice/sav-protect.service
    ├─16140 savd etc/savd.cfg
    └─16633 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.1 --ondemandcontro

    janv. 08 11:25:14 debian savd[16140]: savd.daemon: ONACCESS-ENABLED fanotify
    janv. 08 11:25:18 debian systemd[1]: Started "Sophos Anti-Virus daemon".
    janv. 08 11:32:56 debian savd[16140]: update.updated: UPDATING_FROM_VERSION 9.15.1 3.74.2 5.58
    janv. 08 11:32:56 debian savd[16140]: update.updated: Updating Sophos Anti-Virus....
    Updating SAVScan on-demand scanner
    Updating Virus Engine and Data
    Updating Manifest
    Update completed.
    janv. 08 11:32:56 debian savd[16140]: update.updated: UPDATED_TO_VERSION 9.15.1 3.74.2 5.58
    janv. 08 11:32:56 debian savd[16140]: update.updated: SUCCESSFULLY_UPDATED_FROM sdds:SOPHOS
    janv. 08 11:37:05 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STARTED
    janv. 08 11:37:11 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STOPPED
    janv. 08 11:52:57 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STARTED
    janv. 08 11:53:03 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STOPPED
    root@debian:~#

     

    Only one update after Sophos started.

    Everything goes fine