This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I recently tried to install a new ubuntu kernel (4.10.0-22). It failed, it seems due to Sophos.

I recently tried to install the latest kernel for ubuntu 17.04 - 4.10.0-22.  It kept failing saying an "operation was not permitted".  When I reported this on the ubuntu bug tracker it was suggested I turn off anti-virus and try again. 

I disabled the on-access scan and tried again, and installation worked.

I had no warnings or alerts from sophos.  I checked that the sophos warnings and emails were on and worked (I tested using the test virus file) and that all worked.

So, somehow sophos is preventing a file access.  I am on the latest version, including talpa.

The ubuntu report with full details is at https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1696132 

Regards



This thread was automatically locked due to age.
  • Hello

    I had the same issue.

    Exemple

     

    root@debian:/# apt install linux-image-4.19.0-2-amd64-unsigned
    dpkg: erreur de traitement de l'archive /var/cache/apt/archives/linux-image-4.19.0-2-amd64-unsigned_4.19.16-1_amd64.deb (--unpack) :
    impossible d'ouvrir « /lib/modules/4.19.0-2-amd64/kernel/drivers/net/ethernet/chelsio/libcxgb/libcxgb.ko.dpkg-new »: Opération non permise

     

    Can't open the file, is it because the dpkg-new extension?

    After 

     

    systemctl stop sav-protect.service

     

    Everything is ok

  • Running systemctl like that will disable SAV entirely, so it won't be protecting your system.

     

    The previous person was using fanotify, so you could check if you are using fanotify or talpa, to see if you have the same issue.

     

    Unfortunately fanotify gives less information about why it is blocking access, so unless the SAV log shows why it's blocking access.

  • This problem went away for me quite a while ago.  I've been using talpa for well over a year now with no further problems.  I'm on a much more recent kernel, and get talpa via 

    gist.github.com/.../7892031

  • I am using fanotify as it is easier with Debian kernel

    Once a new kernel is installed I reboot to take it into account, so Sophos is restarted.

    Not a big deal for me

  • Dear all,

    I have the same issue, sophos is blocking upgrades during apt-get upgrade for several packages, often involving the kernel or libreoffice. I always need to manually shut down on-access protection to have these (security) upgrade go through. I am using ubuntu 19.04 and the free version of sophos.

     

    I don't know about fanotify or talpa, I don't know what either is. It seems sophos is using fanotify in my case. Which one should I be using for this to work?

     

    Thanks

    Philippe

  • It appears to be a problem with fanotify. At least people seem to have fewer problems with talpa.

     

    To use Talpa, you need to have kernel headers, gcc and make installed.