We'd love to hear about it! Click here to go to the product suggestion community
We recently ran into an issue with Talpa after a Linux kernel update. We don't have gcc installed on the servers which had the update, so building the new Talpa modules failed. I've read through the KB article regarding Fanotify and I'm thinking of switching to that for all servers.
According to KB article 118216:
Use of Fanotify with Sophos Anti-Virus for Linux is fully supported for on-access scanning; however please note the following:
If you experience any unexpected behaviour or issues with Fanotify, please contact Sophos support.
Is there any way to tell what behavior might be different with Fanotify? I realize that future kernel updates may change things, but are there any differences using Fanotify other than scanning NFSv4 and CIFS mounts? We have no network mounts so if that's the only difference Fanotify would be fine.
Hi Robert Eves
If your Kernel supports Fanotify, then IMO, it is a good option. However, I should make you aware of this.
In reply to Yashraj:
Thanks, I don't think this will be a big issue going forward. I've seen that Sophos tries to have prebuilt modules within 4 weeks of a new kernel. We also may be implementing containerization soon so I think sticking to Talpa would be best. We can install gcc if we run into a situation where there are no prebuild modules.