This article provides a description of the functional differences between Heartbeat on SAV for Linux compared to Heartbeat on SAV for Windows.
Applies to the following Sophos products and versions Sophos Anti-Virus for Linux applicable version 10.2.0+
All supported Linux distributions (see Platforms supported by Sophos Server Security)
Heartbeat on Windows depends on the MTD packet tracer to do C3 process lookup and indeed Windows heartbeat and MTD are being combined to make sure this is efficient.
SAV Linux uses two separate packet sniffers; a discriminating one in MTD that looks only for outgoing HTTP connections over TCP and drops anything that isn't that as soon as it can, while heartbeat has it's own TCP/UDP packet capture optimised for capture efficiency that grabs all TCP and UDP packets. Therefore SAV for Linux Heartbeat does not require MTD.
As SAV for Linux does not use HIPS this is not necessary.
This is a Windows specific feature that refers to Microsoft's DNS server for Windows, a specific component with a known location supplied by the (single) OS vendor which would not be the case in Linux environments.
There is an additional process heartbeartd controlled by savd. This runs under root.
The log file Heartbeat.log is found in the /opt/sophos-av/log/heartbeat
As well as connectivity and configuration messages this contains heartbeat status messages such as:
Current status is -> health: Good (1) service: Good(1) threat: Good(1)
Current status is -> health: Bad (3) service: Good(1) threat: Bad(3)
Current status is -> health: Bad (3) service: Bad(3) threat: Good(1)
as per the following:
The information reported is to the firewall is in three areas; Health, Service and Threat.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.