Mac Terminal Update and Running Options

---

kmazzone wrote:

I'm trying to schedule some scripted actions on my Mac through Terminal. I've searched the KB but cannot find these two options:

1) I'd like to verify the Sophos is running. I can probably look at the process names for the real-time scanner.

2) I'd like to see the current definition version and date. If they aren't current, I'd like to force an auto-update.

I need to do all of these from Terminal. I don't trust my kids not to turn-off Sophos AV.

Thanks!

---

Interesting questions. Firstly I'd suggest you might want to consider our "business" product as it has a tamper protection feature: having a local administrator's account password isn't good enough to change settings, you need a special password set by the management console. Ok, enough sales talk.

To ensure the on-access scanner is running you should check that Intercheck is running (its the name of the on-access scanning process), and that it appears to be functional. I'd suggest reading the log file (/Library/Logs/Sophos Anti-Virus.log) to ensure that the most recent messages indicate that its running. You'll see a log line "On-access scanner started at <date>" that you can parse for to ensure its recent. You should not see a line "On-access scanner stopped at <date>".

That same log file will contain information about recent updates. There will be a line "Software is up-to-date at <date>" that is similar to the on-access scanner. This date should not be more than 24 hours old.

If you want to see the actual version of the product have a look in the file /Library/Sophos Anti-Virus/product-info.plist. This file is updated whenever we release a new version of the software (but not when we just update the protection data).

You can invoke an update attempt using /usr/bin/SophosUpdate. Note that we'll be moving that tool to /usr/local/bin/SophosUpdate in a future release. You can probably guess why, if you've been following any of the El Capitan threads.