The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
As part of the version 9.7 release of Sophos Anti-Virus for Linux and Unix we are adding the capability for the product to ‘phone-home’ some product and platform details. This will allow Sophos to optimize the product and improve our internal testing, with the overall aim being to improve the product and user experience.
The default option on installation is for the product to phone-home. We understand some customers may wish to turn this off, however Sophos would ask you to leave this option on to allow us to improve the product. Phone-home can be turned off at any time by running the following command:
/opt/sophos-av/bin/savconfig set DisableFeedback true
The product will ‘phone home’ once per week on a random interval of 6 days plus a random interval within 2 days, to avoid multiple machines attempting to phone home at the same time. The data sent will be an encrypted file of 1.6 Kb – 2.6 Kb in size to a write only Sophos secure location, and the raw data will be removed within 3 months. Only aggregated reports will persist for longer than that time period.
Which versions of Sophos Anti-virus does this apply to?
This applies to Sophos Anti-Virus for Linux and Unix version 9.7 and above.
What data are Sophos gathering?
Sophos are gathering data on 5 key areas:
Why are Sophos gathering this data?
To better understand how our customers are using the features of the product we deliver.
This data will allow us to improve our testing of the product based on actual customer usage, optimise the product, and look to add new features based on how customers are using the existing feature set.
How is this data being used?
The data will be aggregated into a set of reports which we can use over time to assess the uptake of features, distributions, and new product versions.
Can you use this data to identify people/machines?
No – there is no mechanism in place to allow any trace-back to specific machines or customers. All data is formed into aggregated reports and the raw data is deleted within 3 months of receipt.
Will this data be passed along to other parties?
No! This data is being used for improving the Linux/Unix products internally to Sophos, only the Sophos development team will have access to this data. All data is encrypted before being sent to Sophos, and only the development team can decrypt and use this data.
Full details of the data being collected is shown in the table below:
What logging is generated for this feature?
Phone home logging is stored on the endpoint in: /opt/sophos-av/log/sophossav/savfeedback.log
What information is shown in the logs?
A successful log entry looks like this:
2014-08-19 09:59:22.724819: Preparing feedback data 2014-08-19 09:59:23.430645: Using custom feedback host: localhost:8083 2014-08-19 09:59:23.433375: Sending feedback 2014-08-19 09:59:23.433395: trying with noproxy: proxy (from environment) 2014-08-19 09:59:23.437320: Success
Do the logs reset/rotate?
No, feedback attempts on happen once per week and in each instance contain only 5 lines. It would take many years for the log to become sizable enough to require rotation.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.