Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't get on-access scanning to enable in Sophos AV for Linux

Geoff Jackson

I can't for the life of me install Sophos AV in Linux (Centos 7.7)...

I downloaded the package, extracted it and ran through the install configuration, and it states it was installed successfully.

When I run:

/opt/sophos-av/bin/savdstatus

It returns 'Sophos Anti-Virus is active'.

But if I go to enable on-access scanning:

/opt/sophos-av/bin/savdctl enable

It returns 'Failed to enable on-access scanning.'

 

However, if I run savscan, it is scanning.

 

So it seems to be installed but I can't get on-access scanning to work.

Any ideas?



This thread was automatically locked due to age.
  • 0

    Hello Geoff Jackson,

    the installer should have complained that can't compile Talpa. Please see Sophos Anti-Virus for Linux: Locally compiling Talpa Binary Packs for on-access scanning. The article also mentions the alternative method, Fanotify.

    Christian

  • 0 in reply to QC

    Great, thanks Christian.

    I did see an article about that but it wasn't clear if that was definitely what the issue was (it also wasn't the one that you've linked to).

    So I tried to compile as is and did get the message that it couldn't as kernel headers not found and need to be installed (i.e. as per the top of the article you shared).

    So, this is what I need to do:

    Before running the the installer and to enable it to compile custom kernel modules, the following must be installed:

    • The kernel source matching your running kernel (normally accessible from /lib/modules/`uname -r`/build/)
    • system.map file matching your running kernel (normally located in /boot/System.map-`uname -r`)
    • GCC and configured development tools, e.g. make. (The version of GCC must be the same as the one used to compile your kernel.)
    • Newer distributions may require the following is installed: libelf-dev, libelf-devel or elfutils-libelf-devel. For example CentOS 8 requires elfutils-libelf-devel is installed.

    Most distributions provide a kernel-headers package which must also be installed. These distributions also provide all the required kernel sources to compile.

    Note: For SuSE based distribution you will need the package kernel-syms from the running kernel version.

    But I do not actually know how to do this. Is there any instructions for this do you know? Or do I have to try and figure this out myself?

    (I came across this which I could follow but no idea if any specifics are needed at all).

  • 0 in reply to Geoff Jackson

    Hi  

    Please find this article which has an overview of the Fanotify.

    I have found an interesting project on the google regarding the installation of SAV 9 on CentOS, please refer to this Github project.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Unfiltered HTML