The Talpa on-access scanning component of Sophos Anti-Virus for Linux requires several kernel modules to be installed and loaded.
For ease of installation, Sophos provides pre-compiled Talpa Binary Packs for certain kernel versions (see TalpaBinaryPacks.txt for a full list).
For kernels for which Sophos does not provide a Talpa Binary Pack, or for which fanotify is not supported, the Sophos Anti-Virus installer may be able to compile custom Talpa Binary Packs locally, to match your running kernel. Instructions are provided below.
Note: From Sophos Anti-Virus version 9.7+ you can enable on-access scanning using fanotify on many kernels, without loading/compiling a Talpa kernel module. Please see Sophos Anti-Virus for Linux: Fanotify overview.
Applies to the following Sophos products and versions Sophos Anti-Virus for Linux 9.x Sophos Anti-Virus for Linux 10.x
Before you run the installer, to enable it to compile custom kernel modules, you must have the following installed:
Most distributions provide a kernel-headers package which must also be installed. These distributions also provide all the required kernel sources to compile.
Once the above components are installed, you can run the Sophos Anti-Virus for Linux installer as usual, and custom kernel modules will be built. Alternatively, if Sophos Anti-Virus is already installed you can attempt compilation by running:
If a non-default GCC version was used for kernel compilation, you must use the same version when compiling Talpa.
The recommended way of doing this is to create a file named build.options in <installation directory>/talpa/override/. This file should contain a single line listing options which are directly passed to Talpa's configure script. In this particular case, something like CC=gcc-kernel should be added, where gcc-kernel is a GCC binary used for kernel compilation.
If the installer cannot compile the kernel modules, a log file is created in this location:
If this occurs, please forward the log file to Sophos technical support, along with the following information:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.