This article describes the on-access scanning options for Sophos Anti-Virus for Linux.
Applies to the following Sophos products and versions Sophos Anti-Virus for Linux
Sophos Anti-Virus for Linux provides several methods of enabling on-access file scanning, using either fanotify or Talpa.
Support for fanotify is included in Sophos Anti-Virus version 9.7.x and higher. Fanotify allows on-access scanning to run on kernels from 2.6.37+ onwards, without needing to compile additional kernel modules. For more information, please see: Sophos Anti-Virus for Linux: Fanotify Overview.
Talpa is an alternative kernel interface to fanotify, provided by Sophos, and can be enabled via two supported methods:
Sophos provides precompiled binary packs for certain kernels (see TalpaBinaryPacks.txt for a full list).
If you are using a distribution or kernel for which Sophos does not provide a precompiled binary pack, you may be able to compile the required binary pack locally. For more information please see: Sophos Anti-Virus for Linux: Locally compiling Talpa Binary Packs for On-Access scanning
The Sophos Anti-Virus for Linux installer will attempt to enable on-access scanning as follows:
Fanotify can be set as the default kernel interface for on-access scanning, in preference to Talpa. For more information, see: Sophos Anti-Virus for Linux: Fanotify Overview
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.