This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Antivirus for Linux installation aborted: OSError: [Errno 8] Exec format error

Hi all:

We are experiencing a frustrating problem with installing SAV for Linux v 9.16.0 onto a system running SUSE OpenLeap 15.1 - we have other systems with the same hardware and O/S which we are able to install this on with no issues but this one system is giving me problems.

Install.log in /opt/sophos-av shows the following:

Traceback (most recent call last):
   File "SavForLinux.py", line 27, in main
   File "Controller.py", line 123, in action
   File "Controller.py", line 396, in __install
   File "Controller.py", line 941, in __performActions
   File "ActionList.py", line 165, in doOperation
   File "ActionList.py", line 152, in __doInstall
   File "SXLConfig.py", line 20, in installAction
   File "SXLConfig.py", line 101, in updateAction
   File "SXLConfig.py", line 41, in __generateMachineIdIfRequired
   File "SXLMachineId.py", line 221, in writeMachineIdIfRequired
   File "SXLMachineId.py", line 185, in generateMachineId
   File "SXLMachineId.py", line 170, in _generateMacs
   File "SXLMachineId.py", line 115, in _generateMacsIfconfig
   File "SXLMachineId.py", line 74, in _generateIfconfigLines
   File "SXLMachineId.py", line 40, in popen
   File "/build/input/python/install64/lib/python2.7/subprocess.py", line 394, in __init__
   File "/build/input/python/install64/lib/python2.7/subprocess.py", line 1047, in _execute_child
OSError: [Errno 8] Exec format error

I have tried following up on the error by attempting to ensure that the /tmp directory is not blocked from exec [mount -o remount,exec /tmp] and confirmed this in /proc/mounts, as shown below:

   /tmp xfs rw,nosuid,nodev,exec,relatime,attr2,inode64,noquota 0 0

but this didn't help. I tried moving the TMPDIR using export TMPDIR= to both /var/tmp and /opt/tmp but neither of those worked either.

I confirmed that the installer I have has worked on other systems, which are supposed to be configured identical to this one. Not sure why or where this is breaking.

All help appreciated.

Thanks,

 

Trece Verde

 

 



This thread was automatically locked due to age.
  • Hello trece verde,

    perhaps has an idea what the cause could be and give a hint.

    Christian

  • Hi Trece,

     

    The problem is coming from _generateIfconfigLines:

     

    This tries to run ifconfig, if it finds it in /sbin, /usr/sbin, /bin or /usr/bin

     

    I guess you have an 'ifconfig' file in one of those directories, but it isn't executable. (Or is not a valid executable).

     

    I think you need to find that file, and fix it. I'd be interested to find out what sort of thing the ifconfig you find is.

     

    Thanks,

    Douglas.

     

  • Hi Douglas:

     

    You were correct - ifconfig was the culprit. We have a bit of an oddball environment with some seemingly random hardening applied to it (or in the case of this specific system, not completely).

     

    The fix for it was to run 

    rm -f /etc/SUSE-release /sbin/uname /sbin/ifconfig prior to the TMPDIR= statement.

     

    After doing this, we were able to install Sophos AV properly.

     

    Many thanks - you've saved us several million brain cells!

     

    Trece

  • I'm not sure what sort of hardening requires removing those files.

     

    uname and ifconfig don't have any raised privileges, so any attacker can just reproduce them.