Hello
After recent update Sophos Free Linux don't accept more the configuration when I put in " UpdatePeriodMinutes " (#/opt/sophos-av/bin/savconfig UpdatePeriodMinutes 1440 ) 1440 minutes ( 24 hours ).
Now it update every 4 hours.
Any solution ?
Thanks
Hi Henrique,
Please allow me to check on this and update you.
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
DouglasLeeder said:savupdate will run during sav-protect start up script if:
- On-Access is enabled
- Talpa is an enabled on-access method
- SAV doesn't have a Talpa Binary Pack available
savupdate will run 5-10 minutes after savd starts up, unless updating is disabled.
But how disable update after 5-10 minutes boot system without deactivat on-access ?
Perfect
root@debian:/opt/sophos-av/bin# ls
_ savconfig savdctl savdstatus savlog savscan savsetup savupdate
root@debian:/opt/sophos-av/bin# ./savdstatus
Sophos Anti-Virus is active and on-access scanning is running
root@debian:/opt/sophos-av/bin# systemctl status sav-protect -l -n 50 --no-pager
● sav-protect.service - "Sophos Anti-Virus daemon"
Loaded: loaded (/lib/systemd/system/sav-protect.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-06-28 09:59:03 CEST; 28min ago
Docs: man:sav-protect
Process: 2825 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.sh (code=exited, status=0/SUCCESS)
Process: 2706 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
Main PID: 2824 (savd)
Tasks: 24 (limit: 4299)
Memory: 662.9M
CGroup: /system.slice/sav-protect.service
├─2824 savd etc/savd.cfg
├─2910 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.0 --ondemandcontrol=socketpair://45/46 socketpair://43/44 --threads=2
└─3317 savscand --incident=unix://tmp/incident socketpair://49/50 --threads=2
juin 28 09:58:11 debian systemd[1]: Starting "Sophos Anti-Virus daemon"...
juin 28 09:58:20 debian savd[2824]: savd.daemon: SAVD-STARTED
juin 28 09:58:58 debian savd[2824]: savd.daemon: ONACCESS-ENABLED talpa
juin 28 09:59:03 debian systemd[1]: Started "Sophos Anti-Virus daemon".
juin 28 09:59:11 debian savd[2824]: savscand.control.log: EXTRA-SCANNER-STARTED
juin 28 09:59:17 debian savd[2824]: savscand.control.log: EXTRA-SCANNER-STOPPED
juin 28 10:05:51 debian savd[2824]: update.check: SUCCESSFULLY_UPDATED_FROM sdds:SOPHOS
root@debian:/opt/sophos-av/bin# systemctl status sav-update -l -n 50 --no-pager
● sav-update.service - "Sophos Anti-Virus update"
Loaded: loaded (/lib/systemd/system/sav-update.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2018-06-28 10:05:51 CEST; 22min ago
Docs: man:sav-update
Process: 4395 ExecStop=/opt/sophos-av/engine/.sav-update.systemd.stop.sh (code=exited, status=0/SUCCESS)
Process: 4394 ExecStartPost=/opt/sophos-av/engine/.sav-update.systemd.poststart.sh (code=exited, status=0/SUCCESS)
Process: 4361 ExecStart=/opt/sophos-av/engine/.sav-update.systemd.start.sh (code=exited, status=0/SUCCESS)
Process: 4359 ExecStartPre=/opt/sophos-av/engine/.sav-update.systemd.prestart.sh (code=exited, status=0/SUCCESS)
Main PID: 4361 (code=exited, status=0/SUCCESS)
juin 28 10:05:05 debian systemd[1]: Starting "Sophos Anti-Virus update"...
juin 28 10:05:51 debian systemd[1]: Started "Sophos Anti-Virus update".
root@debian:/opt/sophos-av/bin#
I'm afraid the product isn't designed to allow the 5-10 minute update to be disabled, even if on-access is disabled.
Remembering that this update after the boot did not occur before the recent new release of Sophos.
You haven't asked a question.
DouglasLeeder said:You haven't asked a question.
Again ...
The question is ...
How deactivat update on boot ?
Thanks
You can't, as I said before, there's no mechanism to disable it.
DouglasLeeder said:You can't, as I said before, there's no mechanism to disable it.
But why, before the update new release, it don't updated on boot ?
There must be some mean.
DouglasLeeder said:You can't, as I said before, there's no mechanism to disable it.
But why, before the update new release, it don't updated on boot ?
There must be some mean.
Maybe change from a simple script
I'll not know.
I am not progammer of the product.
Hello every bady !!!
Please, the Sophos free AV update on boot continue ?
I don't have AV instaled now.
Thanks !!!
I has solved it !!!
In this forum topic:
https://www.bleepingcomputer.com/forums/t/578679/sophos-antivirus-for-linux/
- Disable automatic updates from Sophos:
sudo /opt/sophos-av/bin/savsetupenter "1" and press "enter"
enter "3" and press "enter"http://localhostfull stoppress "enter"
type "N" and press "enter"
type "q" and press "enter"
(Unlike during the installation process, where you could choose to update from Sophos, your own update server, or
no server, no server is not listed as an option. You can however choose localhost, which will result in no updates
being downloaded unless your computer is already an update server.)
Now I am testing . ..
----------------------------------------------------
EDIT
Warning !!!
This solution not permite return the before condition.
Automatic update not work more after this and you need reinstall the AV again.
by !
Your method disables all updating.
As I said before the product updates:
a) During boot - if on-access enabled, talpa enabled, and no TBP matching the current kernel.
b) 5-10 minutes after savd starts.
c) UpdatePeriodMinutes after the last scheduled update.
b & c are controlled by the EnableAutoUpdating option.
Machines need to update every ~ 4 hours to get new protection data, otherwise protection is compromised.
Hello !!!
I now configured in the root terminal:
#/opt/sophos-av/bin/savconfig set EnableAutoUpdating false
After I verified with:
#/opt/sophos-av/bin/savconfig query EnableAutoUpdating
And it returned: " false " !!!
Now I manual updated every day with:
#/opt/sophos-av/bin/savupdate
Thanks Douglas !!!
Happy new year for you and your team from here Brazil !!!
by !!!
Hello,
For me it is as Douglas described
root@debian:~# /opt/sophos-av/bin/savconfig query EnableAutoUpdating
TRUE
root@debian:~# /opt/sophos-av/bin/savconfig query UpdatePeriodMinutes
1440
root@debian:~# systemctl status sav-protect
● sav-protect.service - "Sophos Anti-Virus daemon"
Loaded: loaded (/lib/systemd/system/sav-protect.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2019-01-08 11:25:18 CET; 37min ago
Docs: man:sav-protect
Process: 16120 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
Process: 16141 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.sh (code=exited, status=0/SUCCESS)
Main PID: 16140 (savd)
Tasks: 29 (limit: 4297)
Memory: 520.1M
CGroup: /system.slice/sav-protect.service
├─16140 savd etc/savd.cfg
└─16633 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.1 --ondemandcontro
janv. 08 11:25:14 debian savd[16140]: savd.daemon: ONACCESS-ENABLED fanotify
janv. 08 11:25:18 debian systemd[1]: Started "Sophos Anti-Virus daemon".
janv. 08 11:32:56 debian savd[16140]: update.updated: UPDATING_FROM_VERSION 9.15.1 3.74.2 5.58
janv. 08 11:32:56 debian savd[16140]: update.updated: Updating Sophos Anti-Virus....
Updating SAVScan on-demand scanner
Updating Virus Engine and Data
Updating Manifest
Update completed.
janv. 08 11:32:56 debian savd[16140]: update.updated: UPDATED_TO_VERSION 9.15.1 3.74.2 5.58
janv. 08 11:32:56 debian savd[16140]: update.updated: SUCCESSFULLY_UPDATED_FROM sdds:SOPHOS
janv. 08 11:37:05 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STARTED
janv. 08 11:37:11 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STOPPED
janv. 08 11:52:57 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STARTED
janv. 08 11:53:03 debian savd[16140]: savscand.control.log: EXTRA-SCANNER-STOPPED
root@debian:~#
Only one update after Sophos started.
Everything goes fine
