Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
This article provides details of the supportability of SAV for Linux in environments where Docker containers are used.
Applies to the following Sophos product(s) and version(s) Central Sophos Anti-Virus for Linux Version 10.5.0Sophos Anti-Virus for Linux
It has been identified that there are situations where the Sophos Anti-Virus for Linux, Talpa module may not have access to filesystems that are mounted within Docker containers. The reason for this is complex, but this means SAV for Linux cannot guarantee on-access scanning within Containers.
In addition to this, Talpa can have an adverse impact on performance and the function of some programs running in overlay file systems in certain circumstances. Because of this, Sophos no longer supports the use of our Talpa module for on-access scanning on Linux systems that contain Docker containers.
SAV for Linux can also be configured to use "fanotify" for on-access scanning, which is a built-in feature in many Linux platforms. "Fanotify" works well for the Host Linux environment and because it has no visibility within the Docker containers, it does not have a negative impact on files and programs running in containers.
Going forward, Sophos advise the use of "fanotify" for on-access protection of the "host" file systems in Linux environments which include Docker containers.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.