This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Several asophos-av problems

I'm geeting some problems with the free sophos-av for linux on ubuntu 14.04.

First, my syslog is often full of hundreds of these:

[code]

Jun 4 08:54:36 host kernel: [ 82.657004] talpa-vfshook: atomic_open exit 1
Jun 4 08:54:36 host kernel: [ 82.657812] talpa-vfshook: atomic_open exit 1
Jun 4 08:54:36 host kernel: [ 82.659965] talpa-vfshook: atomic_open exit 1
Jun 4 08:54:36 host kernel: [ 82.672363] talpa-vfshook: atomic_open exit 1

....

[/code]

This happens at boot, and sometimes other times as well. (host is my host name)

Secondly, When just copying files from one place to another (in this case from one YSB drive to another), it seems to want to check them.  When the files are large, and/or zips, I get errors or timeouts on the copying process.  I have now disabled the check on archives, but surely such errors should not occur?  There really is no problem with the content of these files.

[code]

Jun 4 08:22:31 host savd: Error detected: 1/0x4021a in /media/xyz/Media Backup/fullbackup/duplicity-full.20150109T082134Z.vol38.difftar.gz
Jun 4 08:22:34 host savd: Error detected: 1/0x4021a in /media/crusty/xyz/ubuntu/duplicity-full.20150109T082134Z.vol38.difftar.gz

[/code]

I have also had to deactivate it several trimes when doing large file movements.

:1020975


This thread was automatically locked due to age.
  • I'm sad to see there's little help around on this forum.  I'd hoped to be able to use the product, but I'm getting too many problems and it's interfering with using my desktop.

    I know it's free, but I was hoping for better from Sophos.

    Does anyone else actually use this successfully?

    :1020982
  • Hello pastim,

    Secondly ... just copying

    w.r.t. scanning the free product is not different from the paid version. Scanning of archives is not recommended for on-access and AFAIK not enabled by default. The scanner doesn't try to find out whether you are just copying (and there'd be some extra cost in doing so) and if instructed to scan inside archives it has to unpack the archive (perhaps several levels) and scan its contents before allowing the access to proceed - and this can cause timeouts.

    1/0x4021a

    means the file is corrupt from the scanner's POV - i.e. either it's indeed corrupt or there are some (non-standard, application-specific, ...) intricacies the unpacking routine can't fathom out.

    Christian

    :1020995
  • With archive checks disabled I'm still getting hundreds of "talpa-vfshook: atomic_open exit 1" errors from time to time.

    The files aren't corrupt.  Maybe your software doesn't recognise them, but they are backup files produced by a very common linux backup tool.

    I get other errors on syslog as well, like:

    [code]

    talpa_syscallhook: module verification failed: signature and/or required key missing - tainting kernel

    [/code]

    and:

    [code]

    talpa-deny: Error occurred while opening /var/lib/dbus/machine-id on behalf of process dconf worker[2124/2125] owned by 1000(1000)/1000(1000) <512>

    [/code]

    Plus many other errors.

    As per my other thread I can get no notifications anywhere, desktop nor email.

    Should I wait for a more stable release?  Is this still beta software?

    :1020996
  • Hello Tim,

    it's not my software, I'm not Sophos :smileyhappy:. It's definitely not beta, but enterprises might have different common tools.

    Anyway, desktop messaging is supposed to work, 14.04 (which kernel?) is supported and tainting kernel as well as many other errors doesn't seem to be right. Did SAV install correctly or were there perhaps warnings and errors?

    [I see there are further posts but anyway ...]

    Christian 

    :1021000
  • Sorry, I'm unfamiliar with some of the terms.  I assumed VIP meant you were in Sophos.  My mistake.

    I'm using 14.04, was on 3.13.53, now on 3.16.  It initallis installed OK, and would do a scan, but I got these and other problems, so I gave up.  I don't think this software is ready for the linux desktop.

    :1021001
  • Hi Pastim, 

    I've been discussing this with our DEV team, these will be non-critical errors. The Talpa-deny message : 


    talpa-deny: Error occurred while opening /var/lib/dbus/machine-id on behalf of process dconf worker[2124/2125] owned by 1000(1000)/1000(1000) <512>.


    will probably be caused by the rights of a file being changed to owner root temporarily. The files have allready been scanned this is really extra debug information
    As mentioned for the notify issue I think in this case we need to get a savdiagnose from the machine. 


    I'll ask them about the archive/large file copy errors. 


    thanks,
    Dominic

    :1021013
  • Hi,

    I'm afraid I've given up on this tool.  Too many problems for me to put the effort into trying to sort it out.

    Sorry to have bothered you all.

    :1021016