Enable fanotify in PCLinuxOS

I have checked with fanotify-example and fanotify itself is working but SAV for Linux is not using it. How do I get SAV to use it?

Hello JamesSellars,

have you seen Sophos Anti-Virus for Linux v9: Fanotify Overview - or more important, did you use the savconfig command?

Christian

Yes, and it still will not enable on-access scanning. And when I run the savstatus command, it gives the following error message:

Sophos Anti-Virus is active but on-access scanning is not running

Need another solution.

fanotify is split into two parts: monitor only, and monitor and block.

The demo program only uses the monitor part, SAV uses monitor and block mode.

It's possible the kernel has been compiled with only part of the fanotify functionality.

The kernel configuration options are:

CONFIG_FANOTIFY=y

CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

You can check against your kernel with:

grep FANOTIFY /boot/config-$(config -r)

If your kernel doesn't support FANOTIFY_ACCESS_PERMISSIONS you'll need to get Talpa locally compiling.

You'll need to install gcc, make and linux-headers.

Thanks.

I had a look at the kernel options and;

CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set

I tried to build talpa and it failed to build, I have copied the output of build.log below:

[root@localhost talpa-1.21.5]# cat build.log
In file included from include/linux/notifier.h:13:0,
from include/linux/memory_hotplug.h:6,
from include/linux/mmzone.h:737,
from include/linux/gfp.h:5,
from include/linux/slab.h:14,
from /opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c:23:
/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c: In function ‘unlink’:
/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c:624:31: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_lock_nested(&parenti->i_mutex, I_MUTEX_PARENT);
^
include/linux/mutex.h:161:55: note: in definition of macro ‘mutex_lock_nested’
# define mutex_lock_nested(lock, subclass) mutex_lock(lock)
^
/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.c:643:26: error: ‘struct inode’ has no member named ‘i_mutex’
mutex_unlock(&parenti->i_mutex);
^
make[4]: *** [/opt/sophos-av/talpa/build/talpa-1.21.5/src/components/services/linux_filesystem_impl/linux_file.o] Error 1
make[3]: *** [_module_/opt/sophos-av/talpa/build/talpa-1.21.5] Error 2
make[2]: *** [talpa_core.ko] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

How do I fix this? Or can I fix this??

PS. Some of the symbols in the copy & paste got messed up, I am using Windows to post reply. As I have not got a landline internet connection at home and have had to use the PC at the library.

Thanks for your reply.

Looks like you are using a 4.7 or 4.8 kernel, which Talpa 1.21 doesn't support.

You can download the talpa source from github and that has been updated to support more recent kernels.

We have a script to automatically download the source and deploy it:

https://gist.github.com/paperclip/7892031

Please try that.

I have got talpa to compile and on-access scanning is now working! Thanks for your help!