Sophos Anti-Virus for Linux: System requirements

This article lists the system requirements of the Sophos Anti-Virus for Linux for Sophos Central, Sophos Enterprise Console and the standalone versions.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Sophos Anti-Virus for Linux 10

Sophos Anti-Virus for Linux 10 offers additional capabilities which include Malicious Traffic Detection and Sophos Security Heartbeat™ (applies to Central Server Protection Advanced licenses only).

Here is the list of its minimum system requirements:

Sophos Anti-Virus for Linux 9

Sophos Anti-Virus for Linux 9 is the only version available for the standalone and Enterprise Console-managed versions.

Here is the list of its minimum system requirements:

  • Supported Distributions (latest minor point or LTS version):
    • Amazon Linux, Amazon Linux 2
    • CentOS 6/7
    • Debian 8/9
    • Novel Open Enterprise Server 2015 SP1
    • Oracle Linux 6/7
    • Red Hat Enterprise 6/7
      • Red Hat Enterprise Linux 6 32-bit version supported until Nov 30th 2020
    • SUSE 11/12/15
    • Ubuntu 14.04/16.04/18.04
  • System type:x86_64
  • Free disk space: 1 GB
  • Free Memory: 1 GB
  • Stack sizes: Non-default stack sizes are not supported.
  • Language version: English and Japanese (EUC and UTF-8). Shift JIS and JIS are not supported.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable for us to ensure that we continually strive to give our customers the best information possible.

Related:

Sophos XG Firewall: How to disable the HTTP TRACE/TRACK function when using the WAF module of the XG.

This article describes the steps to disable “HTTP TRACE/TRACK” when using the WAF module.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Firewall XG Software

Run the following commands from the Advance Console section of the Sophos XG Firewall device to update the configuration of the WAF module to disable HTTP TRACE/TRACK:

psql -U nobody -d corporate -c "update tblwafadvanceconfig set trace_enabled=0"

opcode waf_reconfig -t json -b '{"Entity": "waf_advanced_config", "Event": "UPDATE"}' -ds nosync

The second command will force a reload of the WAF configuration which will cause clients to disconnect from the web services.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

​Sophos Central Firewall Manager is slow and unresponsive at times

Sophos Central Firewall Manager is slow and unresponsive at times

Applies to the following Sophos product(s) and version(s)

Sophos Central Firewall Manager

Some users may experience timeouts, general slowness and pages that load with no data.

Problem has now been resolved.

Please log a support case and reference this article.

This article will be updated as and when the status changes.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Sophos Anti-Virus for Linux : Communication with Central Update Server uses HTTPS by default

This article is to advise that Central managed Sophos Anti-Virus (SAV) for Linux will use TLS secure protocol HTTPS to communicate with the configured Update Servers.

The following sections are covered:

Applies to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Linux 9.14.2

Sophos Linux Security 10.4.0

  • Linux (supported Linux platforms)

From version 10.4 and Central managed 9.14.2 of SAV for Linux, SAV will use the secure TLS HTTPS protocol for communicating with the configured Update Server. If an HTTPS connection cannot be established after a 10 minute timeout, it switches back to an HTTP connection automatically.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Can my UNIX or Linux computer become infected with a virus?

This article provides an overview whether UNIX or Linux computer become infected with a virus.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Sophos Anti-Virus for Unix

Few viruses are currently known for UNIX or Linux. However, virus checking is necessary for these reasons:

  • UNIX or Linux computers acting as servers for other operating system client workstations can become carriers for other virus types, e.g. Windows macro viruses.
  • UNIX and Linux computers are often used as mail servers, and can check email for worms and infected attachments before they reach the desktop.
  • If your UNIX or Linux computer is running a PC emulator (a ‘soft PC’), applications running under that emulator are vulnerable to viruses, particularly macro viruses.

By default, Sophos Anti-Virus for UNIX/Linux and Sophos Anti-Virus for Linux scan for UNIX/Linux, DOS, Macintosh and all types of Windows viruses.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Sophos Anti-Virus for Linux/Unix: Central configuration of the Remote Management System

This article describes how to apply Central Installation Directory (CID) based Remote Management System (RMS) configuration, which is useful in several circumstances:

  • Changing the ParentAddress / ParentRouterAddress after a server migration
  • Changing ParentRouterAddress to use a message relay
  • Changing the ParentAddress / ParentRouterAddress when the server IP address is behind a NAT firewall

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Sophos Anti-Virus for Unix

The method will depend on whether endpoint installations have already been deployed or not:

  • Option 1 – Pre-Installation (mrinit.conf)

    Before installation, edit the mrinit.conf file in the root of the CID. Eg:

    SophosUpdateCIDsS000savlinuxmrinit.conf

    If using this method, you must uninstall Sophos Anti-Virus from any endpoint that has already used the existing mrinit.conf, and re-install afterwards.

  • Option 2 – Post-Installation (mrinit.custom)

    To centrally edit RMS information on existing endpoints, you can create a mrinit.custom which will be selected in preference to mrinit.conf.

    Make a copy of mrinit.conf and edit the required values (eg. ParentAddress, ParentRouterAddress). Save the new file as mrinit.custom in the root of the CID. Eg:

    SophosUpdateCIDsS000savlinuxmrinit.custom

    Endpoints will automatically select mrinit.custom when they next perform an update from the CID.

If you are familiar with ConfigCID.exe it should be noted that this is not required/will not work in the scenario above.;

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Advisory – Sophos UTM: RED-W wireless becomes inactive after updating to 9.6

Some customers are reporting RED-W wireless issues and high CPU usage after updating to UTM v9.6 GA.

Applies to the following Sophos product(s) and version(s)

Sophos UTM 9.6 GA

  • Large amounts of traffic is sent between the RED interface and AP, potentially causing high CPU usage
  • Wireless from the RED device becomes inactive, however the RED tunnel stays up and online

Development is currently investigating.

Verify the issue is occurring by navigating to the wireless log (or /var/log/wireless.log) and look for the following error:

utm awed[5262]: [MASTER] new connection from x.x.x.x:54756

utm awed[23301]: [AXXXXXXXXXXX] RED15w from x.x.x.x:54756 identified as AXXXXXXXXXXX

utm awed[23301]: [AXXXXXXXXXXX] (Re-)loaded identity and/or configuration

utm awed[23301]: [AXXXXXXXXXXX] Corrupt payload. Device may have wrong key. MD5 of the key is yyyyyyyyyyyyyyyyyy. Delete device to re-register it.

Rejoin the AP by:

  • Navigating to Wireless Protection > Access Points
  • Delete the now inactive access point, then re-accept the RED AP to regenerate the MD5 key.

Wireless should now be connected and CPU usage should return to normal levels.

This article will be updated when new information becomes available

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Sophos Anti-Virus for Linux: How to roll out a custom TBP to multiple computers

Sophos does not provide TBPs (Talpa Binary Packs) for all Linux kernels. This article describes how to install the necessary prerequisites and create TBPs for other kernels, without the need to install additional tools on each computer.

Note: This procedure is only necessary if you are using Talpa as the on-access scanning method. An alternative method (Fanotify) is available for customers running 2.6.38+.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Sophos Anti-Virus for Unix

Before starting, make sure that all requirements mentioned in as stated in Sophos Anti-Virus for Linux: Using a custom built or unsupported kernel are met.

Step one: Install Sophos Anti-Virus on your Primary client.

If it is already installed you do not need to re-install.

Step two: Run the command /opt/sophos-av/engine/talpa_select select

This builds a custom TBP which should be located in /opt/sophos-av/talpa/compiled. It will be called something like talpa-binpack-centos_2.6.18-164.11.1.el5.tar.gz

Step three: Add the custom TBP.

Add the custom TBP that you have just created to one of the following:

To a Unix/Linux-mounted CID:

  1. Mount your CID from the Primary client. For the purposes of this example, let’s assume you use SUM and have mounted the CID to /opt/SUM
    • Example 1: Set up a SAMBA server on your Unix/Linux Machine. Configure SUM to use it as a custom CID location (Refer to SUM manual for further details).
    • Example 2: Use smbmount to mount the default CID location on a SUM machine to your Unix/Linux machine. Make sure it is mounted writeable.
  2. Use the addextra command to add TBPs to the CID. For example:

    /opt/sophos-av/update/addextra /opt/sophos-av/talpa/compiled/talpa-binpack-centos_2.6.18-164.11.1.el5.tar.gz /opt/SUM/CIDs/S000/savlinux/ --signing-key=/root/certificates/extrafiles-signing.key --signing-certificate=/root/certificates/extrafiles-signing.crt



    For further information, you may see
    How to generate the signing certificates for use with addextra. This command will add the TBP to /opt/SUM/CIDs/S000/savlinux/talpa-custom.

  3. Point the secondary clients to this CID as their update location.

To the Primary Client’s local cache directory:

  1. Use the addextra command to add TBPs to the local cache directory:

    /opt/sophos-av/update/addextra /opt/sophos-av/talpa/compiled/talpa-binpack-centos_2.6.18-164.11.1.el5.tar.gz /opt/sophos-av/update/cache/Primary/ --signing-key=/root/certificates/extrafiles-signing.key --signing-certificate=/root/certificates/extrafiles-signing.crt



    For further information, you may see
    How to generate the signing certificates for use with addextra. This command will add the TBP to /opt/SUM/CIDs/S000/savlinux/talpa-custom.

    This command will add the TBP to the local cache directory /opt/sophos-av/update/cache/Primary/talpa-custom

  2. Use rsync or cp to create a local copy of /opt/sophos-av/update/cache/Primary at an alternative location on the Primary client’s hard disk. This can be automated via script.

  3. Use a third-party means (for example, NFS, SAMBA, or HTTP) to share this copy of the local cache and point the secondary clients to it as their update location

  4. By default, a client (whether primary or secondary) will only download the TBPs it needs to activate its own on-access scanning. This is done to save bandwidth and disk space. Therefore, you may want the primary client to download and store TBPs for all supported kernels automatically. See the article: Hosting Talpa Binary Packs for all kernels/distributions.
  • If the secondary clients fail to use the TBP provided by the above method, check the following:
    • Ensure the Secondary client’s local cache directory contains the TBP:

      ls /opt/sophos-av/talpa/custom
    • Ensure the Secondary client is using the same kernel as the Primary client. Compare the output of ls /opt/sophos-av/talpa/custom with the output of /opt/sophos-av/engine/talpa-select requiredpackname.

      If a different kernel is being used you must create another TBP for this Secondary client. You can use the above procedure to add this to your CID to provide a TBP for other computers with the same kernel.

  • If it still fails please contact Sophos Technical Support.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

PureMessage for Microsoft Exchange: Error 0x80070005 displayed when opening a PureMessage remote console

A user who is not a member of the Active Directory group Sophos PureMessage Administrators will encounter an error when opening a remote console of the PureMessage.

Error retrieving data from the server. Ensure server / database is started and try again

System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Applies to the following Sophos products and versions

PureMessage for Microsoft Exchange 3.1.4

PureMessage for Microsoft Exchange 4.0.4

What to do

In Active Directory, go to the Users folder and add the user in the group Sophos PureMessage Administrators.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable for us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Information on Sophos SAVDI release 2.6.0

This article provides an overview of the main new features introduced with SAVDI 2.6.0.

Applies to the following Sophos product(s) and version(s)

SAV Dynamic Interface 2.6.0

SAV Dynamic Interface

SAVDI – SAV Dynamic Interface 2.6.0 – new features

  • Add TFT capability to SAVDI
  • SAVDI Stack Cookie implementation support
  • Remove libssp dependency from Linux builds

For more information please have a look at the Release Notes which are packaged with the product.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts