Support for Clear Linux and on-access scanning

I managed to install Sophos Anti-Virus for Linux on Clear Linux. It was not able to install Talpa out of the box on which I am not concerned as I prefer using Fanotify but I can not get Sophos to start using Fantofigy and I cannot find the recommended process to tell me if Clear has Fanotify enabled.

grep -ir FANOTIFY /boot/`uname -r`.config won't work as /boot is empty.

From installation:

...

Installing Sophos Anti-Virus....
Selecting appropriate kernel support...
When Sophos Anti-Virus starts, it updates itself to try to find a Sophos kernel interface module update. This might cause a significant delay.
Sophos Anti-Virus starts after installation.

Installation completed.
On-access scanning not available. It was not possible to obtain or build suitable kernel support because kernel headers are not installed.
Failed to update Sophos Anti-Virus
Registering with Sophos Central
Saving Sophos Central credentials
Starting Sophos Central Management Client
Now managed by Sophos Central

Restarted service to use Fanotify

# /opt/sophos-av/bin/savconfig set DisableFanotify false;

# /opt/sophos-av/bin/savconfig set PreferFanotify true

# systemctl restart sav-protect.service

Log entries does not even mention Fanotify:

Fri 11 Oct 2019 01:00:14 PM UTC: savd.daemon Sophos Anti-Virus daemon started.
Fri 11 Oct 2019 01:00:16 PM UTC: talpa.startup Unable to load Talpa modules.
Fri 11 Oct 2019 01:02:25 PM UTC: update.failed Failed to update Sophos Anti-Virus
Fri 11 Oct 2019 01:02:25 PM UTC: update.failed Updating directly from Sophos.
Extra files updating is disabled. You can change updating settings using /opt/sophos-av/bin/savsetup.

Installing Sophos Anti-Virus....
Selecting appropriate kernel support...
When Sophos Anti-Virus starts, it updates itself to try to find a Sophos kernel interface module update. This might cause a significant delay.
Sophos Anti-Virus starts after installation.

Installation completed.
On-access scanning not available. It was not possible to obtain or build suitable kernel support because kernel headers are not installed.
Fri 11 Oct 2019 01:02:51 PM UTC: talpa.startup Unable to load Talpa modules.

# /opt/sophos-av/bin/savdstatus
Sophos Anti-Virus is active but on-access scanning is not running

  • Hi Danie

    Have you reviewed the  following article already? I noticed the commands that you used are mentioned in the article. However, did you restart SAV (/etc/init.d/sav-protect restart) after running the /opt/sophos-av/bin/savconfig set PreferFanotify true statement. 

    Please let us know. 

     

    Regards,

    RodS 

  • In reply to RodS:

    I did. I also tried to compile Talpa but since /boot is empty on Clear I'm not sure how to correct that.

  • In reply to Danie de Jager:

    Hi Danie de Jager,

    One simple way to check if Clear Linux has fanotify is to run "man fanotify".  If it has it, there should be a manual.

    Are you able to show us the error you get when you attempt to locally compile a talpa binary pack?  You can do this by running "/opt/sophos-av/engine/talpa_select select"

    It may also help if you can share us the log in /opt/sophos-av/log/talpaselect.log

  • In reply to MEric:

    Hi,

     

    Good news! I updated Clear Linux and installing Sophos on it now using Fanotify configuration, on-access scanning is working. I don't have need for Talpa in that case.

    # /opt/sophos-av/bin/savdstatus
    Sophos Anti-Virus is active and on-access scanning is running

    Danie