PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
This article describes the on-access scanning options for Sophos Anti-Virus for Linux.
Applies to the following Sophos products and versions Sophos Anti-Virus for Linux
Sophos Anti-Virus for Linux provides several methods of enabling on-access file scanning, using either fanotify or Talpa.
Support for fanotify is included in Sophos Anti-Virus version 9.7.x and higher. Fanotify allows on-access scanning to run on kernels from 2.6.37+ onwards, without needing to compile additional kernel modules. For more information, please see: Sophos Anti-Virus for Linux: Fanotify Overview.
Talpa is an alternative kernel interface to fanotify, provided by Sophos, and can be enabled via two supported methods:
Sophos provides precompiled binary packs for certain kernels (see TalpaBinaryPacks.txt for a full list).
The Sophos Anti-Virus for Linux installer will attempt to enable on-access scanning as follows:
The latest kernel version supported by the local compilation method is the 4.8 kernel and below as of Sophos Anti-Virus for Linux 9.13.1/10.1.1 (Central 64bit) +
The latest kernel version supported by this method in the upcoming 9.14.0/10.3.0 (Central 64 bit)
release will be 4.12 and below.
Fanotify can be set as the default kernel interface for on-access scanning, in preference to Talpa. For more information, see: Sophos Anti-Virus for Linux: Fanotify Overview
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.