When using SELinux or other security architectures (such as AppArmour), the following error may be encountered during on-access scanning:
Error occurred while scanning <FILE>: 0x3c: Unable to write to talpa socket (Close). (The operation was denied.)
First seen in SAV for Linux v7
Operating systems Linux
Security architectures like SELinux can restrict the permissions of some processes when accessing a file. Sophos Anti-Virus always attempts to access files in the same context as the calling process, which can prevent scanning of the file with SELinux enabled. For example, if the calling process is only allowed write access to a file, then Sophos Anti-Virus will be restricted to write access only. When read access is unavailable the file is not scannable.
Exclude the file from on-access scanning. For managed installations this can be done via the Enterprise Console 'Anti-Virus & HIPS' policy. For unmanaged installations run the following command:
/opt/sophos-av/bin/savconfig add ExcludeFilePaths <FILE>
Alternatively, modify the SELinux configuration to allow the calling process read access to the file.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.