Announced 30 June 2017 – As part of Sophos’ ongoing product lifecycle review process, we plan to update the platforms that are supported by the Sophos Anti-Virus for Linux and UNIX offerings. The changes are designed to enable Sophos to provide the strongest protection for the most popular platforms, and will affect the following:
The following sections are covered:
- Support for legacy UNIX platforms (HP-UX)
- Support for 32-bit Linux platforms
- Provision of Talpa Binary Packs for on-access scanning
- Sophos Enterprise Console for UNIX
- Related information
- Feedback and contact
Applies to the following Sophos products and versions
Central Managed Threat Response [MTR] for Linux
The number of customers requiring Anti-Virus capabilities for legacy UNIX platforms continues to decline. Sophos plans to support the most popular platforms going forward, and plans to retire support for HP-UX.
- Support for HP-UX will end on 30 June 2020.
- Supported AIX and Solaris platforms will continue to be supported as standalone (unmanaged) SAV for UNIX deployments, in line with the retirement dates published on the Endpoint Security and Control: Retirement calendar for supported platforms and operating systems.
The latest versions of many popular Linux distributions are now only available for 64-bit platforms. After June 30, 2018, with the exception of Red Hat Enterprise Linux 6, Sophos Anti-Virus for Linux will support 64-bit versions of Linux distributions only.
- Please refer to Endpoint Security and Control: Retirement calendar for supported platforms and operating systems for a full list of supported platforms and retirement dates.
Update July 1, 2018: In line with previous communications, Sophos Anti-Virus for Linux now supports 64-bit platforms only, with the exception of Red Hat Enterprise 6.
The Sophos Anti-Virus for Linux agent currently includes a large number of pre-compiled Talpa Binary Packs for on-access scanning, many of which are for very old and deprecated kernel versions. Most customers use newer kernels in order to benefit from kernel enhancements and improved security, therefore Sophos plans to reduce the number of pre-compiled Talpa Binary Packs that are provided with the product.
- When a new kernel version is introduced for a specific Linux distribution, Sophos typically aims to provide a Talpa Binary Pack for the new kernel version within approximately two to four weeks.
- After June 2018, Talpa Binary Packs for kernel versions that are older than 18 months for that Linux distribution will be removed from the agent download. Update: This change is now scheduled for release October 22, 2018.
- Talpa Binary Packs for kernel versions that are older than 18 months for that Linux distribution will be removed from the agent download.
- Sophos will continue to provide Talpa Binary Packs for all kernel versions for supported Red Hat Enterprise Linux 6/7 distributions.
- A definitive list of kernel versions for which Talpa Binary Packs are provided will continue to be published and updated on a regular basis. See TalpaBinaryPacks.txt for the current list. Note: this list is updated automatically when Talpa Binary Packs are added and removed.
- Existing Sophos Anti-Virus for Linux installations will not be affected by this change. Talpa on-access scanning will continue to function without interruption and Sophos will continue to support customers using the product.
- If on-access scanning is required and Sophos does not provide a pre-compiled Talpa Binary Pack for your kernel, the following options are available:
- Use the alternative fanotify kernel interface (see Sophos Anti-Virus for Linux: Fanotify Overview).
- Upgrade to a later kernel version for which a Talpa Binary Pack is provided.
- Compile a binary pack locally (see Sophos Anti-Virus for Linux: Locally compiling Talpa Binary Packs for On-Access scanning and Rolling out a custom TBP to multiple computers with Sophos Anti-Virus for Linux v 9)
Talpa on-access scanning continues to be fully supported on Linux distributions and kernels for which Sophos provides a pre-compiled Talpa Binary Pack, and platforms on which local compilation of Talpa is possible. Customers using kernels for which Sophos does not provide a pre-compiled Talpa Binary Pack, and who cannot compile Talpa locally, can contact Sophos Support to discuss possible alternative approaches to enable on-access scanning.
Sophos will continue to offer and support the standalone version of Sophos Anti-Virus for UNIX, however the ability to manage SAV for UNIX using the Sophos Enterprise Console will be discontinued.
- After December 2019, management of Sophos Anti-Virus for UNIX via the Sophos Enterprise Console will not be supported
- The standalone version of Sophos Anti-Virus for UNIX will continue to be available and supported (see Installing the standalone version of SAV for Linux/UNIX)
- To migrate from a Sophos Enterprise Console managed UNIX server to a standalone implementation see Sophos Anti-virus for UNIX: Migrating a protected UNIX server managed by Sophos Enterprise Console to a Standalone (unmanaged) implementation
If you have questions about these changes, please use the Sophos Server Protection Community Forum. If you have suggestions on how Sophos could improve its offerings for Linux servers, please Suggest an Idea on the Sophos Ideas website.
- Endpoint and Server Protection: Retirement calendar for supported platforms and operating systems
- Sophos Antivirus for Linux: Limited Support for RHEL 6 during Extended Life Phase (Japan only)
- Installing the standalone version of SAV for Linux/UNIX
- Sophos Anti-Virus for Linux: Locally compiling Talpa Binary Packs for On-Access scanning
- Rolling out a custom TBP to multiple computers with Sophos Anti-Virus for Linux
- Fanotify alternative on-access scanning method
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.