Sophos Anti-Virus for Linux: System requirements

This knowledge base article lists the system requirements of the Sophos Anti-Virus for Linux for Sophos Central, Sophos Enterprise Console and the standalone versions.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Sophos Anti-Virus for Linux 10

Sophos Anti-Virus for Linux 10 offers additional capabilities which include Malicious Traffic Detection and Sophos Security Heartbeat™ (applies to Central Server Protection license).

Here is the list of its minimum system requirements:

Sophos Anti-Virus for Linux 9

Sophos Anti-Virus for Linux 9 is the only version available for the standalone and Enterprise Console-managed versions.

Here is the list of its minimum system requirements:

  • Supported Distributions (latest minor point or LTS version):
    • Amazon Linux, Amazon Linux 2
    • CentOS 6/7
    • Debian 9, 10
    • Oracle Linux 6/7
    • Red Hat Enterprise 6/7/8
      • Red Hat Enterprise Linux 6 32-bit version supported until Nov 30th 2020
    • SUSE 12/15
    • Ubuntu 16/18 LTS
  • System type:x86_64
  • Free disk space: 1 GB
  • Free Memory: 1 GB
  • Stack sizes: Non-default stack sizes are not supported.
  • Language version: English and Japanese (EUC and UTF-8). Shift JIS and JIS are not supported.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable for us to ensure that we continually strive to give our customers the best information possible.

Related:

Sophos Antivirus for Linux: Limited Support for RHEL 6 during Extended Life Phase (Japan only)

Sophos plans to provide Limited Support for Sophos Antivirus for RHEL 6 during Red Hat’s Extended Life Phase (ELP), until June 30, 2024, on the following basis:

  • Limited Support for Sophos Antivirus for RHEL 6 is provided on the assumption that the customer subscribes to Red Hat’s Extended Life-cycle Support (ELS) Add-On to receive critical security fixes for the operating system through the Extended Life Phase (ELP)
  • Limited Support is subject to a valid subscription to a current Sophos Server Protection license and receipt by Sophos of a support extension fee.
  • Limited Support means that Sophos will continue to test and release new versions of the Virus Engine or Virus Data Library as part of the release calendar. Only critical product issues will be addressed, which may include hot fixes, vulnerabilities or improvements to protection, at Sophos’ discretion.
  • Limited Support will be provided for 64-bit platforms and the last minor point release of RHEL 6. Sophos will endeavor to provide support for other minor releases on a ‘commercially reasonable efforts’ basis, as follows:
    • Support for product configuration and usage questions will be provided by Sophos Technical Support.
    • Technical product issues will be investigated using Sophos’ existing maintenance process, on the basis that the issue can be replicated on the last minor release
    • If a reported product issue cannot be replicated on the last minor release, Sophos advises that such issues would fall outside the scope of support.
  • Limited Support for Sophos Antivirus on RHEL 6 does not include CentOS and Oracle Linux derivatives. See Retirement calendar for supported platforms and operating systems.
  • Sophos currently plans to provide Limited Support for Sophos Antivirus on RHEL 6 through Red Hat’s published Extended Life Phase (June 30, 2024). Sophos reserves the right to suspend, reduce or terminate Limited Support before this date for reasons including but not limited to changes in demand, security, and technology. For example, if Sophos discovers an issue that requires the third-party operating system provider to provide a fix and the third party does not provide such fix, or if Sophos determines that a product code change would be required to address an issue for the RHEL 6 operating system.

Limited Support Terms

RHEL 6 Limited Support. AVAILABLE IN JAPAN ONLY. Subject to receipt by Sophos of a support extension Fee (either directly or via an authorized reseller as applicable), Sophos agrees that it will continue to provide Limited Support on a technically and commercially reasonable endeavours basis for a version of Sophos Anti-Virus for Red Hat Enterprise Linux (RHEL) version 6 on 64 bit platforms, beyond the published end of support date until the earlier of (i) the expiry of the support extension period stated in the relevant Schedule, or (ii) 30 June 2024. RHEL 6 Limited Support comprises regular updates to security data and periodic updates to the product engine only. Sophos reserves the right to suspend, reduce or terminate RHEL 6 Limited Support prior to such date for reasons including but not limited to changes in demand, security and technology, and if and to the extent that Sophos determines that a code change would be required to the Sophos Anti-Virus Product to address an issue for the RHEL 6 operating system.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

Sophos Anti-Virus for Linux: Additional steps required for SAV on Red Hat Enterprise Linux 8

This article provides the additional steps required to install and run Sophos Anti-Virus for Linux on Red Hat Enterprise Linux 8. For both Central and SEC managed environments

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Operating systems

Red Hat Enterprise Linux 8

With the release of Red Hat Enterprise Linux 8, a number of new and tighter security features have been introduced and these have meant some additional steps are required to install and run SAV for Linux.

  1. Set a variable to refer to the SAV install point.

    # INST=/opt/sophos-av

  2. Create a context to label all files in $INST/talpa with the ‘is-kernel-module’ label.



    # semanage fcontext -a -t modules_object_t "$INST/talpa(/.*)?

  3. Set the SELinux Boolean to allow all root processes to load kernel modules. [see note 1]

    # semanage boolean --modify --on domain_kernel_load_modules

  4. Install libnsl for UNC updating to work on SEC managed environments. [see note 2]

    # yum install -y libnsl

  5. Install SAV without starting savd.

    # ./install.sh $INST --autostart=False

  6. Apply the correct labels to $INST/talpa. [see note 3]

    # restorecon -R -v $INST/talpa

  7. Start savd.

# systemctl restart sav-protect

Additional Notes:

  • SAV for Linux requires the ability to load modules to kernel. This is disabled by default in SELinux. The SELinux Boolean option will allow all root processes to load kernel modules. By default SELinux on Red Hat Enterprise Linux 8 prevents daemons from loading kernel modules.

  • The libnsl step is only needed where SAV version 9 is updating via UNC cifs/windows share location.

  • The restorecon command is for restoring SELinux Context of the directory and will need to be done every time SAV is re-installed.
  • If on-access is required with Talpa the for on-access scanning, the following packagers are required

# yum install kernel-devel

# yum group install “development Tools”

# yum install elfutils-libelf-deveplease

Please see compiling Talpa for further details

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable for us to ensure that we continually strive to give our customers the best information possible.

Related:

Sophos Anti-Virus for Linux: Support for minor releases of RHEL, CentOS and Oracle Linux

This article describes the Sophos Anti-Virus for Linux support for minor releases of different Linux distributions.

Sophos uses commercially reasonable efforts, as described below, to support Sophos Antivirus for Linux on all minor point releases of Red Hat Enterprise Linux (RHEL) while the corresponding major version is supported. This includes the CentOS and Oracle Linux derivatives of RHEL.

Sophos will test and support Sophos Antivirus on the current active minor release of RHEL, CentOS, and Oracle Linux. When a new minor version is released by the operating system vendor, the previous minor version typically stops receiving important security updates. Sophos, therefore, recommends customers upgrade to the current active minor release as early as practicable.

To assist customers who are unable to upgrade their systems in line with RHEL minor releases, Sophos uses commercially reasonable efforts to support Sophos Antivirus on non-current minor releases of RHEL, CentOS, and Oracle Linux, on the following basis:

  • Support for configuration and usage questions for Sophos Antivirus for Linux will be provided by Sophos Technical Support
  • Technical product issues will be investigated using Sophos’ existing maintenance process, on the basis that the issue can be replicated on the current active minor release
  • If a reported product issue cannot be replicated on the current active minor release, or in the event that a software update would be required to provide a resolution for a non-current minor release, Sophos advises that such issues may fall outside the scope of commercially reasonable efforts support
  • The corresponding major version must be supported by Sophos, excluding extended or limited support offerings

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

SEP smcd : tons of 8KB reads of logs (performance issue)

I need a solution

With SEP for Linux 14.2.1031.0100 on RHEL 7 we are seeing smcd nearly constantly reading/re-reading the multi-hundred-MB dated log data in /var/symantec/sep/Logs/MMDDYYYY.log in mere 8KB read() operations. We have seen this before on older versions of SEP 14 as well.

This happens even with smcd started with ‘-l warning’ instead of the default of ‘-l info’ What is the purpose of this and how do we stop it? It saturates a full CPU core on our VMs unless we stop smcd, deleted all of those logs, and start smcd again. That buys us some time until those logs get big again.

% sudo strace -f -p 28822

...

[pid 28822] read(14, "31050400343A,6,2,0,ourhost-linux"..., 8191) = 8191
[pid 28822] _llseek(14, -7976, [295662760], SEEK_CUR) = 0

<nearly constant stream of those system calls and 100% CPU usage>

...
0

Related:

Is Symetec Enterprise Security Manager supported in RHEL 7x ppc64le platform?

I need a solution

I wanted to know if Enterprise Security Manager is supported in REdhat 7x  systems that run on ppc64le  systems.

As per the following link http://eval.symantec.com/mktginfo/enterprise/fact_sheets/ent-factsheet_enterprise_security_manager_6.5_06-2005.en-us.pdf   

RHEL 7.x on ppc64le is not in the supported platform list.  Is this correct? Is there a plan to support this plform in future ?

Thanks

Rajesh

0

Related:

Unable to update defintions, in RHEL 6.10 , sep::lux::Cseplux: Failed to run session, error code: 0x80010830 Error 2: No Such file or directoty.

I need a solution

Unable to update defintions, in RHEL 6.10 ,(2.6.32-754.2.1), I am installing the Latest client, 14.2.1031.0100.

Hence the component malfunction is not fixed.

Once SEP client is installed, Liveupdate, comes with thebelow error. We are using Reverse proxy for defintion update and it works for all other servers.

sep::lux::Cseplux: Failed to run session, error code: 0x80010830

Error 2: No Such file or directoty.

ilve update session failed. Please enable debug logging for more information

0

Related:

  • No Related Posts

Symantec DLP 15.0 on RHEL 7.4 (Stuck at Login after Reboot)

I need a solution

Hi All,

There is an environment of Symantec DLP 15.0 wherein the Enforce Server is installed on RHEL 7.4. It has been running successfully for a while after upgradation. However due to some issue this machine was rebooted and then subsequently, it fails at systemctl status systemd-logind.service with Failed to Login Service failure.

Assuming this to be an issue with the machine, various steps were attempted after reading articles such as https://unix.stackexchange.com/questions/321038/cannot-login-failed-to-start-login-service. However the machine was not able to be run successfully.

So, a new machine with RHEL 7.4 was setup (VM) and Enforce Server was installed on it using the EnforceReinstallationResources(config and keystore folders) method and here an issue was encountered “Failed to encrypt the password file” which was resolved using https://www.symantec.com/connect/articles/symantec-enforce-recovery-reinstall tips. 

Running the Enforce Server, was able to access the Login Screen for DLP. The AD Integration was not showing so tried installing the relevant packages krb5 etc and then rebooted the machine.

So unfortunately, this new machine got stuck at the login as well and shows “Failed to Login Service Failure”.

Is this an issue with RHEL 7.4 ? 

Kind regards

0

Related:

14.0 symcfgd completely wedges RHEL 7.6 hosts

I need a solution

Environment: SEP 14.0.2332-0100 on RHEL 7.6

Synopsis: RHEL 7.6 was released. When a host is updated to 7.6 (FWIW the first kernel to come with RHEL 7.6 is 3.10.0-957) and either the host is rebooted or the symcfgd service is restarted, the host completely wedges, silently, and is unusable.

Repeatable Steps:

  1. Update to RHEL 7.6
  2. Reboot. Your host will wedge as it comes up.
  3. Reboot to single user mode to avoid /etc/rc3.d scripts related to SEP
  4. Build new SEP kernel modules via build.sh
  5. Run /etc/rc3.d/S21autoprotect by hand. Runs fine. Kernel modules load.
  6. Run /etc/rc3.d/S22symcfgd by hand and the host immediately wedges and starts flashing keyboard LEDs.

Short-term Workaround: For us, for now, is to reboot the host and choose an older 7.5 kernel when the kernel selection menu is displayed. As new kernel package updates come around, let alone ones with required security fixes, this will not be possible.

0

Related:

  • No Related Posts