Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 2212 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Questions] regarding Linux sophos-av on cloud environment

j b2

Hello,

I'm currently evaluating sophos-av linux 9 on a cloud environment.
I have few question related to automation and I hope I am on the right place to ask.
I searched the general documentation without success.

Does savupdate perform sophos engine update (for talpa ....) ?
Does savupdate requires a server reboot ?
Is there a way to bootstrap av on cloud VM's first boot (on isolated network) ?
How to create a full local mirror for savupdate ?
What is your global feeling regarding fanotify vs talpa ? I'm a bit worried about to maintain a kernel module on constantly moving servers (wild update/upgrade)

Thank you in advance for your help.



This thread was automatically locked due to age.
Parents
  • 0

    1. savupdate updates the entire SAV installation; including Talpa, engine, and data.

    2. savupdate can update Talpa. There is a very rare edge case where updating Talpa can require a reboot, but I've never seen it actually happen: If another kernel module has hooked the filesystem the same way that Talpa does it can prevent the old version of Talpa from unloading, and thus require a reboot.

    3. The best way is to setup a golden image, with SAV installed and deregistered.

    4. SAV can update from Windows Update Caches, which store all the update files.

    5. Talpa can scan some files in namespaces, and has timeouts, which allows overloaded machines to recover. Talpa may require kernel build environment when the kernel is updated.

Reply
  • 0

    1. savupdate updates the entire SAV installation; including Talpa, engine, and data.

    2. savupdate can update Talpa. There is a very rare edge case where updating Talpa can require a reboot, but I've never seen it actually happen: If another kernel module has hooked the filesystem the same way that Talpa does it can prevent the old version of Talpa from unloading, and thus require a reboot.

    3. The best way is to setup a golden image, with SAV installed and deregistered.

    4. SAV can update from Windows Update Caches, which store all the update files.

    5. Talpa can scan some files in namespaces, and has timeouts, which allows overloaded machines to recover. Talpa may require kernel build environment when the kernel is updated.

Children
No Data
Unfiltered HTML