This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

talpa-deny errors preventing backups on ubuntu 20.04

I run sophos free SAV: 9.16.2, Engine: 3.79.0, Data: 5.77 , with talpa . Sophos Anti-Virus is active and on-access scanning is running

I use 7z to backup my files on ubuntu 20.04. Some of these files are from wine, and get talpa-deny errors in the system log, causing the backup to report timeouts, lock up and then have to be stopped.  However, I don't get virus alerts for these talpa-deny events.

An example from the syslog (my directory being replaced by .....) is:

kernel: [ 5994.994356] talpa-deny: Timeout occurred while opening ......../.wine/drive_c/windows/syswow64/mmdevldr.vxd on behalf of process 7z[7429/7429] owned by 1000(1000)/1000(1000) <62>

How can I
a) detect this better than just getting a syslog error
b) prevent it from happening



This thread was automatically locked due to age.
Parents
  • Hi  

    Free SAV for Linux and its support has been retired (For more info please see: https://support.sophos.com/support/s/article/KB-000034795?language=en_US). I would request you to kindly upgrade to the standalone Linux/Unix endpoint or Central/Enterprise Console managed endpoint.

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • That's an unexpected blow.

    I've had a look at your home page and can't find the product you mention by that name.  I assume you mean Intercept X.

    Is there no product that I can install on a linux laptop, one desktop and one server?  I'm not averse to paying a bit, but certainly don't want to start adding extra boxes to my network, not least because my laptop isn't always at home.  Could you please advise whether Sophos still provide products for this type of use or not.  

  • Hi  

    Unfortunately, the free version of Sophos Antivirus for Linux has been discontinued. You can install the standalone version of the Sophos Anti-Virus as mentioned in this article

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Thanks, but I'm afraid this is as clear as mud to me.  The 'free' version is, as far as I can tell, the same as the standalone version, just without support, and always has been.  The SAV software is, according to the article you referred me to, reaching EOL in 2023.  Before then I assume I will still get updates in the normal way.  Is that not right?

    There are other threads on this topic, such as https://community.sophos.com/products/free-antivirus-tools-for-desktops/f/sophos-free-tools/121788/sav-for-linux-free-edition-is-discontinued

    I would ask SOPHOS to come out and be really clear what they intend to sell and support for standalone use on Linux.

    There is a free Windows/MAC version, and a free Android version.  I don't see any reference to EOL for them.  What's with linux?

    If SOPHOS really don't want to work with non-business standalone users maybe they should just say so clearly so we can all go off and find some other free or paid version.

  • Hello Shweta and pastim,

    unfortunately this article, while correct at the time of writing, is improper and at least the Overview part should be rewritten.

    It mentions and links to the Free Tools page but the SAV for Linux section has since been removed.

    It's not stated that the stand-alone installer is only available with one of the on-premise managed product licenses. Furthermore it should note that this applies only to existing licenses as these products are no longer on sale.

    @pastim:
    You probably know I'm not Sophos so this is my guess only. As to a Linux Home version like the ones for Windows and macOS. For one thing SAV for Linux lacks a GUI and doesn't have the look and feel of a typical "home" product. A quite different aspect is that there is no real desktop/server distinction on Linux. AFAIK Central (the business product line) considers any Linux endpoint to be a server - with the associated license fees.
    Perhaps insufficient ROI is expected from developing a home/desktop desktop branch that is given away for free or licensed at "home" rates.

    Last but not least the talpa-deny. You enquired about it already four years ago, didn't you? Guess the scanner doesn't report these errors as they are something that "shouldn't happen" and apparently they affect both the scanner and the process accessing the file.
    You could perhaps exclude the path(s) from on-access scanning while the backup is running.

    Christian

  • Christian, 

    Thanks very much.  From what you say I gather there will be no stand alone Sophos for Linux at all (paid or free) once EOL is reached in 2023, so I'll need to look fo something else in the next couple of years.  No rush.

    I have completely forgotten reporting on talpa-deny in the past - my memory is pretty bad at the best of times.  I'll see what I can do to exclude the directories from access scanning during backups.


  • I'm not wholly rejecting Christian's answer to my question.  However, un-alerted talpa-deny errors seem to me to be bugs, and so a report of this nature should really stand until the bug is fixed.

    However, since there's never been any support for the free version, and presumably even less now it's unavailable, that isn't going to help me much.

    So the technique to avoid the issue will have to suffice.  Thanks.

    I wonder how answers get marked as 'the answer'.  By computer?  By moderator?  I might have thought someone would expect the originator of the thread to be responsible for doing that. Naive of me.

  • Hi  

    I can understand your situation and I have marked QC's answer as a verified answer. I'll reach out to the concerned team to get the KB article updated with more information. I thank you for your cooperation and understanding. 

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply Children
No Data