Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 9 subscribers
  • Views 28987 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I get email notifications, or any alerts, from a stand-alone installation on ubuntu 16.04

pastim

Being an optimistic sort I thought I would try again to use the Sophos free edition on linux, now version ubuntu 16.04

It does run, but I need some form of alert system.  email would seem easiest but there seems to be no way to get sophos to send to gmail, since I cannot specify my username & password  or authentication option in the configuration file (savconfig) unless there is a secret way to do this?  I notice there's no GUI any more to help, but I can use the command line tools.

No other pop-up alerts are ever seen as far as I can see, contrary to the configuration guide information.

My configuration is currently:

Email:                                                    -my-email-address-
EmailDemandSummaryIfThreat: true
EmailLanguage: English
EmailNotifier: true
EmailServer: smtp.gmail.com:465
EnableOnStart: true
ExclusionEncodings: UTF-8
EUC-JP
ISO-8859-1
LogMaxSizeMB: 100
NotifyOnUpdate: true
PrimaryUpdateSourcePath: sophos:
PrimaryUpdateUsername:                           - my sophos user name
PrimaryUpdatePassword: ********
UploadSamples: false
SendErrorEmail: true
SendThreatEmail: true
UINotifier: true
UIpopupNotification: true
UIttyNotification: true
UpdatePeriodMinutes: 60
NamedScans Not configured
LiveProtection: enabled
ScanArchives: mixed

In the log I get loads of:

20:02:01 (3878): Examining 2017-02-27.16-58-54.oTuvpE (on 3878)
20:02:01 (3878): Retrying 2017-02-27.16-58-54.oTuvpE (on 3878)
20:02:01 (3878): Emailing -me-email-address- via smtp.gmail.com:465
20:02:11 (3878): SMTPException while attempting to send email: Connection unexpectedly closed

There must be a way to get this tool to tell a user what's going on, but this is around the 3rd time in 3 years I've tried, and still failed.  People trell me I should have a virus checker on linux, but having one that keeps its detections secret is as bad as having no checker at all.

HELP! Please!  I can't believe even a free tool from such a respected company can be so limited.



This thread was automatically locked due to age.
Parents
  • +1

    Hello pastim,

    no other pop-up alerts
    if I go to the EICAR site and download the testfile I get a nice pop-up.     Similar if a run an on-demand scan on the Downloads folder (or open it). You should get UI notifications if you're logged in.

    As to the email notifier: It's kept simple because usually it's only needed if you have one or more unattended Linux boxes in which case you likely have some local SMTP server (e.g. postfix or sendmail) that can optionally be configured to forward the mail to whatever account is desired.

    Christian 

  • 0 in reply to QC

    The EICAR file is useful - thanks.  I wish the installation or config instructions mentioned it.  Not being able to test things make setting up virus checkers rather random.

    Unfortunately the email setup may be simple to such as yourself, but to simple folk like me, real email would be very much simpler.  Postfix etc. require a whole new set of investigations into how to get it all to work, and Sophos don't provide a mention of what might be required, but expect one to know all this stuff.  I'm trying, but it is not simple, and I don't really understand it, whereas sending to a real email server is something many people have had to do to get a normal email client set up.

  • +1 in reply to pastim

    Hello pastim,

    when it comes to Linux I consider myself as simple folk [:)].
    Personally I don't deem email notifications that important for the reasons already mentioned. a whole new set of investigations might not be necessary after reading Configure Postfix to Send Mail Using Gmail ....

    Christian

Reply Children
  • 0 in reply to QC

    Pop-ups aren't helpful on a headless server.  email is therefore essential.

    Since Sophos' own instructions for email basically don't work for what most people imagine would be needed, it would help enormously if they quoted the link you suggest, or at least gave some hints.  I did many internet searches before finding one that helped me a bit, and nothing like as clear as the linode one you quote.  But then I didn't even know I needed postfix until several hours had gone by - I was trying to get gmail to work, not local mail. 

    I mentioned this in a post some time ago but no one gave any help, in fact one said it couldn't be done, which is why I gave up last time.  It would take such little effort on Sophos part to make their linux product more usable by 'simple folk' who have never heard of postfix or imagined they would ever need a local email server.

  • 0 in reply to pastim

    Hello pastim,

    ah, a headless server. Servers are not for simple folk [;)].
    It isn't such little effort - either you have dependencies or you package the required libraries in your distribution (that you have to maintain in response to CVEs). Maybe (please excuse the summoning if it's inappropriate) has and can give an authoritative answer.
    Arguably information sent to a free mail account is not sensitive and thus you might as well use unencrypted transmission. The requirement for authentication and consequently a secured channel doesn't arise from privacy or confidentiality considerations but the fight against SPAM. Admittedly times have changed, I've never been a Linux guy (actually I grew up with dinosaurs mainframes) but a local mail relay/server has always been something "natural" with headless systems.
    Links and useful pages/sites come and go, some distros have postfix, sendmail or some other SMTP already on-board. Any specific recommendation could incite a storm.

    I might have missed your post (or didn't have time then). one said - could have been me (sometimes I just give technical answers, sorry). If you take the postfix path please tell about your results.

    Christian

  • 0 in reply to QC

    X popups are rather temperamental, since they depend on the original processes environment, and various X libraries being present.

    Console popups should work for any command-line program which has a controlling terminal.

     

    Re: Email

    You can configure the from address using  EmailSender option, and the reply-to with EmailReplyTo which might make gmail happier, however if gmail won't accept unauthenticated/non-SSL SMTP then I'm afraid you'll need to relay through a proper SMTP server.

  • 0 in reply to QC

    I, like many simple folk, have a headless music server as well as a desktop PC.  I can get screen access to the headless server if I need to, but won't regularly do so.  On screen messages are therefore of no use.  If I could have found a way to send to my gmail account I would be able to see if issues occurred.

    On my desktop I managed, after many hours work, to configure a local mail account for purely local mail events using information from https://gist.github.com/raelgc/6031274 .  Not very satisfactory but better than nothing.

    I'll have to address how to get the headless server scan notifications later.

    Sophos don't have to tell people which tools to use, except maybe a few 'examples', but at least give some guidance as to the configuration possibilities.  

    So, for instance, I now believe:

    - you cannot send emails direct to many external secure email servers such as gmail, yahoo etc....

    - you can install a local email server, such as postfix etc....., and configure Sophos to send emails to a local email address (eg fred@localhost) for display on a local email client (such as Thunderbird, etc....)

    - you can also get a local email server to forward Sophos emails to an external email server such as gmail, yahoo etc...

    I haven't worked out exactly how to do the last one but you previous link may explain how.

     

    I wasn't accusing anyone of missing my previous post (and I don't know who you are) but just commenting that it can be really hard for some of us without a few clues.

    I grew up with Atlas and early minicomputers.... SPC 16/50 anyone? 

  • 0 in reply to DouglasLeeder

    gmail is not at all happy, and for good reasons I guess.

    The existence of a 'proper SMTP server' eluded me entirely until I started this thread.  I had foolishly assumed that Sophos would work with just about the most common email system there is.

    But I am now getting there.....

  • 0 in reply to pastim

    I'm afraid email notifications from the endpoint aren't really a priority - any endpoints managed by SophosCentral have alert emails send by SophosCentral instead, and local emailing disabled.

  • 0 in reply to DouglasLeeder

    But those of us using the stand-alone free product could still do with a bit of help, otherwise we either tend to give up or complain and tell others how **** something is.  It would not take someone more than a day to beef up the configuration instructions somewhat to give some of us a few helpful hints as to what is and what is not possible.

  • +1 in reply to pastim

    Well I've come to solutions that work. Thanks to both of you.  I'm using postfix.

    I can now either send emails to a local email client (user@localhost) or to my gmail account, just by setting the savconfig Email parameter to one or the other.  The EmailServer is set to localhost.

    I followed these instructions for the local variant: https://gist.github.com/raelgc/6031274 . I added a local account to Thunderbird and set its smtp server to be for that account as well, just for local mail, so I could test it by manually sending an email from thunderbird to itself.  All my other mail still goes via gmail smtp.  

    I the followed these instructions to get the local mail server to send to my external gmail server: https://www.linode.com/docs/email/postfix/configure-postfix-to-send-mail-using-gmail-and-google-apps-on-debian-or-ubuntu . Since postfix was already installed I reconfigured it for the Inernet using: dpkg-reconfigure postfix .

    In both cases, the test text from http://www.eicar.org/86-0-Intended-use.html was an essential tool to see what worked and what didn't.

    I can now move on from my desktop to my headless system and use gmail for alerts, even if away and listening to music steaming remotely from home.

    I'll mark this answered.  If anyone else is trying to do this and struggling, feel free to ask and I'll try to answer from an ubuntu 16.04/10 perspective.

Unfiltered HTML