Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 9 subscribers
  • Views 10159 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus for Linux & disturbs mounting containter with VeraCrypt

Moerkey

Hey,

after entering the password while mounting an encrypted container with VeraCrypt the process hangs. It works fine when I disable sav-protect.
I don´t see anything in the logs of sophos-av.
I tried already to ignore on access scanning on the mount point.
Maybe I have to ignore the device to mount too?!

I have to manually kill all veracrypt processes. My current workaround is to disable sav-protect before mounting devices. I reenable it after I umount the devices.


xUbuntu 14.04
Linux host 3.13.0-153-generic #203-Ubuntu SMP Thu Jun 14 08:52:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
ii  veracrypt                                                   1.22-0vanir1~14.04.0                                                        amd64        Cross-platform on-the-fly encryption

ps aux | grep sav
root     26737  0.0  0.0 502692  6432 ?        Ssl  08:48   0:00 savd etc/savd.cfg
root     26798  1.3  1.7 839188 282700 ?       Sl   08:48   0:12 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.0 --ondemandcontrol=socketpair://45/46 socketpair://43/44 --threads=5
root     26845  1.2  1.7 757024 282536 ?       Sl   08:49   0:12 savscand --incident=unix://tmp/incident socketpair://52/53 --threads=5

Cheers



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to DouglasLeeder

    I switched to fanotify and it works BUT which limitations do you speak of?

    These?

    • NFSv4 access is blocked when scanning with fanotify (except in RHEL 7.2 +) – This is a filesystem issue.
      • Workaround - Use Talpa with NFSv4 instead of fanotify, or switch to NFSv3
      • It may also be possible to exclude nfs4 filesystems with: /opt/sophos-av/bin/savconfig add ExcludeFilesystems nfs4
    • 30s delay of file create and Operation not permitted errors with fanotify and cifs – This is a known kernel issue.
      • Workaround – Disable CIFS oplocks, exclude the CIFS share from on-access scanning, or use Talpa instead of fanotify
  • 0 in reply to Moerkey

    I missed to add the info.


    There are some audit rules active and VeraCrypt uses fuse.

Unfiltered HTML