Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
This article describes the on-access scanning options for Sophos Anti-Virus for Linux.
Applies to the following Sophos products and versions Sophos Anti-Virus for Linux
Sophos Anti-Virus for Linux provides several methods of enabling on-access file scanning, using either fanotify or Talpa.
Support for fanotify is included in Sophos Anti-Virus version 9.7.x and higher. Fanotify allows on-access scanning to run on kernels from 2.6.37+ onwards, without needing to compile additional kernel modules. For more information, please see: Sophos Anti-Virus for Linux: Fanotify Overview.
Talpa is an alternative kernel interface to fanotify, provided by Sophos, and can be enabled via two supported methods:
Sophos provides precompiled binary packs for certain kernels (see TalpaBinaryPacks.txt for a full list).
The Sophos Anti-Virus for Linux installer will attempt to enable on-access scanning as follows:
The latest kernel version supported by the local compilation method is the 4.15 kernel and below as of Sophos Anti-Virus for Linux 9.14.2/10.3.4 (Central 64bit) +
The latest kernel version supported by this method in the upcoming 9.14.2/10.3.2 (Central 64 bit) release will be 4.15 and below.
Fanotify can be set as the default kernel interface for on-access scanning, in preference to Talpa. For more information, see: Sophos Anti-Virus for Linux: Fanotify Overview
Note: For locally compiled Talpa Binary Pack support issues, Sophos will try to replicate the issue on supported platforms and commercial Talpa binary packs. There may be issues caused by the locally compiled binary pack. We can't provide a fix for these issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.