Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 17726 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

free linux AV noob Qs

KrisMarkley

Spent life on windows. One month old on Ubuntu Unity.

Second install of Sophos free for Linux. (I got confused)

Below is end of install.  does that mean anything to me?

NOTE: You are running Sophos Anti-Virus on a kernel for which Sophos does not
provide binary kernel modules. Therefore the kernel modules have been locally
compiled. Please see KBA14377 for supported platforms and kernels.
kris@kris-Z87N-WIFI:~/Downloads/SOPHOS AV/sophos-av$


Then ran savscan on Downloads with no problem.

I tested the first install yesterday on EICAR and worked fine.(FireFox)

Ran  sudo /opt/sophos-av/bin/savupdate  with no problem.  I assume that updates the AV database...?  How often do I need to run that?

Where do I find a list of the commands for this program?

EDIT:   www.sophos.com/.../sophos-anti-virus-for-linux.aspx

Thanks!



This thread was automatically locked due to age.
Parents
  • 0
    1) Each build of the Linux kernel requires a custom compiled set of kernel modules for the on-access anti-virus to intercept file operations. Sophos ships pre-compiled kernel modules for kernels on some supported platforms, and otherwise attempts to compile locally if on a different kernel. You are on a system running a kernel that Sophos doesn't ship pre-compiled binary modules for, so it has compiled locally. This is very common and nothing to worry about, but means you need to keep the compile environment installed when you update your kernel.

    2) savupdate is run automatically once an hour to update Sophos Anti-virus for Linux, so you don't need to run it yourself.
Reply
  • 0
    1) Each build of the Linux kernel requires a custom compiled set of kernel modules for the on-access anti-virus to intercept file operations. Sophos ships pre-compiled kernel modules for kernels on some supported platforms, and otherwise attempts to compile locally if on a different kernel. You are on a system running a kernel that Sophos doesn't ship pre-compiled binary modules for, so it has compiled locally. This is very common and nothing to worry about, but means you need to keep the compile environment installed when you update your kernel.

    2) savupdate is run automatically once an hour to update Sophos Anti-virus for Linux, so you don't need to run it yourself.
Children
  • 0 in reply to DouglasLeeder

    [ubuntu 16.04, Sophos 9.14 free]

     

    Hi,

    does 1) mean, that I have to recompile the Sophos kernel modules after a kernel update? If so, how do I do this?

     

    Kind regards

    Ulrich

  • 0 in reply to Ulrich Agricola

    Hi Ulrich,

     

    No Sophos Anti-Virus will compile Talpa automatically, when it starts up on a system with a new kernel. It just means that you need to keep a suitable compile environment installed on the machine.

     

    Thanks,

    Douglas.

  • 0 in reply to DouglasLeeder

    ok, thank you for the quick answer!

    I just wondered, because I get an error when using Sophos with Ilias LMS. Scan-command is set to 'savscav –all –nc –archive', clean-command is set to 'savscan –all –nc –remove –archive'.

    When uploading an uninfected file to Ilias, I get something like:

    "Unknown Error
    xyz.jpg"

    Using eicar-virus signature:

    "In der hochzuladenden Datei wurde ein Virus gefunden!<br />Could not open –all<br /> Could not open –nc<br /> Could not open –remove<br /> Could not open –archive<br /> >>> Virus 'EICAR-AV-Test' found in file /tmp/phpv6ubrv [3]<br />Der Virus konnte nicht aus der Datei entfernt werden.
    eicar.txt "

    When I disable Sohops in Ilias setup, all works well - without virus protection, of course. It already had worked, and there have been kernel updates since. So I thought, it might be due to kernel updates ...

    Regards
    Ulrich

  • 0 in reply to Ulrich Agricola

    No, I suspect you are using the wrong '-' - '–' not '-'

    Try it on the command-line, and make sure you are actually passing command line options, not files called –nc

  • 0 in reply to DouglasLeeder

    Got it!

    Sorry, I did not recognize those mdashes! Using the correct "-" solves the problem.

    Many thanks!

    Uli

Unfiltered HTML