This knowledge base article describes the on-access scanning options for Sophos Anti-Virus for Linux.
Applies to the following Sophos products and versions
Not product specific
Sophos Anti-Virus for Linux provides several methods of enabling on-access file scanning, using either Fanotify or Talpa.
The Sophos Anti-Virus for Linux installer will attempt to enable on-access scanning as follows:
The latest kernel version supported by the local compilation method is version 4.15 and earlier, as of Sophos Anti-Virus for Linux 9.14.2/10.3.4 (Central 64-bit).
The latest kernel version supported by this method in the upcoming 9.14.2/10.3.2 (Central 64-bit) release will be 4.15 and earlier.
Fanotify can be set as the default kernel interface for on-access scanning, in preference to Talpa. For more information,take a look at the KBA 118216.
Note: For locally compiled Talpa Binary Pack support issues, Sophos will try to replicate the issue on supported platforms and commercial Talpa binary packs. Sophos can't provide a fix for for issues caused by the locally compiled binary pack.
Note: When a new kernel version is introduced for a specific Linux distribution, Sophos typically aims to provide a Talpa Binary Pack for the new kernel version within approximately two to four weeks
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.