"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The on-access scanning component of Sophos Anti-Virus for Linux requires several kernel modules to be installed and loaded.
Sophos provides precompiled binary packs for specific kernel versions. For full details on platforms and kernel, please read the following knowledgebase article: Sophos Anti-Virus for Linux system requirements
However, if either of the below applies, the Sophos Anti-Virus installer will need to compile custom binary packs to match your running kernel.
Note: With the release of Sophos Anti-Virus version 9.x it is possible to enable on-access scanning on later kernels without loading/compiling a Talpa kernel module. Please see this article for more details: Sophos Anti-Virus for Linux: Fanotify overview
Before you run the installer, to enable it to compile custom kernel modules, you must have the following installed:
Some distributions (such as Debian) provide a kernel-headers package which must also be installed. These distributions also provide all the required kernel sources to compile.
Once the above components are installed, you can run the Sophos Anti-Virus for Linux installer as usual, and custom kernel modules will be built. Alternatively, If Sophos Anti-Virus is already installed you can attempt compilation by running:
If a non-default GCC version was used for kernel compilation, you must use the same version when compiling Talpa.
The recommended way of doing this is to create a file named build.options in <installation directory>/talpa/override/. This file should contain a single line listing options which are directly passed to Talpa's configure script. In this particular case, something like 'CC=gcc-kernel' should be added, where 'gcc-kernel' is a GCC binary used for kernel compilation.
If the installer cannot compile the kernel modules, a log file is created in this location:
If this occurs, please forward the log file to Sophos technical support, along with the following information:
Jeder hier hinterlassene Kommentar wird von einem Mitarbeiter gelesen, wir antworten jedoch nicht auf spezifische technische Fragen. Wenn Sie technischen Support benötigen, posten Sie bitte eine Frage in unserer Community. Alternativ können Sie für lizenzierte Produkte auch ein Support-Ticket öffnen.