I installed the free version of Sophos Antivirus 9.12.1 for Linux on a 64 laptop with Linux Mint 17.3. With "on-acces scanning" the automatic deletion did not work.
This is how I installed and configured it:
I downloaded and extracted sav-linux-free-9.tgz and executed ./sophos-av/install.sh --live-protection=true as a root.
After the installation I restarted my laptop.
Then I executed:
- sudo /opt/sophos-av/bin/savdctl enable
- sudo /etc/init.d/sav-protect start (The result was: No TBP available, running savupdate:)
- sudo /opt/sophos-av/bin/savconfig set DisableFanotify false (Since Talpa is not suppurted in Linux Mint 17 (see www.sophos.com/.../118624.aspx Talpa) you have to use Fanotify).
- /opt/sophos-av/bin/savdstatus (The result was: Sophos Anti-Virus is active)
- sudo /opt/sophos-av/bin/savconfig query EnableOnStart (The result was: true)
- sudo /opt/sophos-av/bin/savconfig query LiveProtection (The result was: enabled)
- sudo /opt/sophos-av/bin/savconfig add AutomaticAction delete (To be sure a virus would be automatically deleted as described in 17.5.2 of the Sophos Anti-Virus for Linux configuration guide.)
- sudo /opt/sophos-av/bin/savconfig set ScanArchives enabled (to enable archive scanning, like zip, arj and others)
- sudo /opt/sophos-av/bin/savconfig set DisableFeedback true (to disable automatic feedback, (for privacy and speed))
I restarted my computer, just to be sure all settings were applied.
Again I did:
- /opt/sophos-av/bin/savdstatus (The result was: Sophos Anti-Virus is active)
- sudo /opt/sophos-av/bin/savconfig query EnableOnStart (The result was: true)
- sudo /opt/sophos-av/bin/savconfig query LiveProtection (The result was: enabled)
Just to be sure evereything was still okay.
Then I downloaded the eicar antivirus test file at: www.eicar.org/85-0-Download.html and expected that de file would by automatically deleted since I had executed
sudo /opt/sophos-av/bin/savconfig add AutomaticAction delete
but the result was this message:
"Thread "Eicar-AV-Test" detected in files
/run/shm/.org.chromium.Chromium.jqD997 deleted (2)
/home/henk/Downloads/.org.chromium.Chromium.olzLYX
The files are still infected
Some allerts were triggered multple times."
The last line of the message was probably the result of the fact that I repeated the download several times.
When I checked the /run/shm directory there was no eicar file, but when I checked my download directory, there was a file eicar.com.
Did I do something wrong when I installed and configured Sophos is there a bug or did I misunderstand something?
This thread was automatically locked due to age.
