The Talpa on-access scanning component of Sophos anti-virus for Linux requires several kernel modules to be installed and loaded.
For ease of installation, Sophos provides pre-compiled Talpa Binary Packs for certain kernel versions.
For kernels for which Sophos does not provide a Talpa Binary Pack, or for which Fanotify is not supported, the Sophos anti-virus installer may be able to compile custom Talpa Binary Packs locally to match your running kernel. Instructions are provided below.
Note: From Sophos anti-virus version 9.7 or later, you can enable on-access scanning using Fanotify on many kernels without loading or compiling a Talpa kernel module. Please see the knowledge base article Sophos Anti-Virus for Linux: Fanotify overview.
Applies to the following Sophos products and versions Sophos Anti-Virus for Linux 10 Sophos Anti-Virus for Linux 9
Before running the the installer and to enable it to compile custom kernel modules, the following must be installed:
Most distributions provide a kernel-headers package which must also be installed. These distributions also provide all the required kernel sources to compile.
Note: For SuSE based distribution you will need the package kernel-syms from the running kernel version.
Once the above components have been installed, you can run the Sophos anti-virus for Linux installer as usual, and custom kernel modules will be built. Alternatively, if Sophos anti-virus is already installed, you can attempt compilation by running the command /opt/sophos-av/engine/talpa_select select
If a non-default GCC version was used for kernel compilation, you must use the same version when compiling Talpa.
The recommended way of doing this is to create a file named build.options in <installation directory>/talpa/override/. This file should contain a single line listing options which are directly passed to the configure script of the Talpa. In this particular case, something like CC=gcc-kernel should be added, where gcc-kernel is a GCC binary used for kernel compilation.
If the installer cannot compile the kernel modules, a log file is created in the path /opt/sophos-av/log/talpaselect.log
If this occurs, please forward the log file to Sophos Technical Support along with the following information:
Note: For locally compiled Talpa Binary Pack support issues, Sophos will try to replicate the issue on supported platforms and commercial Talpa binary packs. There may be issues caused by the locally compiled binary pack. Please be advised that we can't provide a fix for these issues.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.