Sophos unattended install EFA4

Bugs in eFa 4
Post Reply
Posts: 482
Joined: 14 Dec 2015 22:16
Location: Netherlands

Sophos unattended install EFA4

Post by henk » 22 Feb 2019 20:43

I did take some time and fuzzy logic but it seems to work fine on Efa4. There are other options to configure, consider this as a minimal install.
You need to create a /root/software dir and place the sophos sav-linux-free-9.tgz file in this dir. ... linux.aspx

and make the install script executable (chmod +x
Do not forget to Add Sophos in /etc/MailScanner/MailScanner.conf aka read the script.

Code: Select all

#! /bin/bash
# ----------------------------------
# Script to install sophos-free
# source-dir /root/software
# Download sav-linux-free-9.tgz  from Sophos
# ----------------------------------
tar xzf ./sav-linux-free-9.tgz

cd /root/software/sophos-av

# make /tmp executable
mount -o remount exec /tmp

# Rotate audit log 
service auditd rotate 

./ --automatic --acceptlicence --autostart=True --enableOnBoot=True --live-protection=False --update-free=True /opt/sophos-av

/opt/sophos-av/bin/savconfig UINotifier false
/opt/sophos-av/bin/savconfig EmailNotifier false
/opt/sophos-av/bin/savconfig EnableOnStart false
/opt/sophos-av/bin/savconfig UIttyNotification false
/opt/sophos-av/bin/savconfig SendThreatEmail false
/opt/sophos-av/bin/savconfig UpdatePeriodMinutes 60
/opt/sophos-av/bin/savconfig EmailDemandSummaryIfThreat false
#Disable Data Collection By Sophos:
/opt/sophos-av/bin/savconfig set DisableFeedback true
#Run the update command to see if it is working (this may take some time):
/opt/sophos-av/bin/savdctl --daemon disable
# restart systemctl restart sav-protect
service sav-protect restart

#Remove executable from /tmp file system
mount -o remount /tmp

# fix selinux (savscan err)
grep 'avc:  denied' /var/log/audit/audit.log | audit2allow -M /root/software/sophos-av/mypolSophos

semodule -i /root/software/sophos-av/mypolSophos.pp

# Add Sophos in /etc/MailScanner/MailScanner.conf   (could use sed to do the job for you:)
#Virus Scanners = clamd sophos
# restart MailScanner  ( systemctl restart MailScanner)
#service mailscanner restart

#  --help                             Display this help information
#  --automatic                        Perform an automatic installation, using
#                                       default or command-line options
#  --acceptlicence                    Automatically accept the licence
#  --autostart[=False]                Start the Sophos Anti-Virus daemons
#                                       after the installation [Do not start
#                                       them]
#  --enableOnBoot[=False]             Start the Sophos Anti-Virus daemons
#                                       on system boot [Do not start them]
#  --ignore-existing-installation     Ignore any existing installation
#  --live-protection[=True]           Perform in-the-cloud lookup for
#                                       suspicious files
#  --preferFanotify[=False]           Specify Fanotify as on-access scanning
#                                       interception method
#  --SavWebUsername=USERNAME          Username for accessing Sophos Anti-Virus GUI
#  --SavWebPassword=PASSWORD          Password for accessing Sophos Anti-Virus GUI
#  --update-source-type=TYPE          Set the type of updates:
#                                       TYPE=s Direct from Sophos
#                                       TYPE=o From your own server
#                                       TYPE=n Disable auto-updating
#  --update-source-path=ADDRESS       Enable auto-updating from specified
#                                       address
#  --update-source-username=USERNAME  Username for accessing update source
#  --update-source-password=PASSWORD  Password for accessing update source
#  --update-all-distros[=False]       Download ALL files from update source rather
#                                       than just those required locally
#  --update-cache-path=DIRECTORY      Directory for local update cache
#  --update-period=HOURS              Update interval in hours
#  --update-proxy-address=URL         Address for HTTP proxy
Updating directly from Sophos.
The Free version of Sophos Anti-Virus for Linux comes with no support.
Forums are available for our free tools at
Fetching free update credentials.
Extra files updating is disabled. You can change updating settings using /opt/sophos-av/bin/savsetup.

Installing Sophos Anti-Virus....
Selecting appropriate kernel support...
When Sophos Anti-Virus starts, it updates itself to try to find a Sophos kernel interface module update. This might cause a significant delay.

Installation completed.
Updating from versions - SAV: 9.12.3, Engine: 3.65.2, Data: 5.30
Updating Sophos Anti-Virus....
Updating Command-line programs
Updating Talpa Binary Packs
Updating SAVScan on-demand scanner
Updating Builtin Configuration
Updating sav-protect startup script
Updating sav-rms startup script
Updating Sophos Anti-Virus Daemon
Updating Remote Management Daemon
Updating Manifest
Selecting appropriate kernel support...
Update completed.
Updated to versions - SAV: 9.15.1, Engine: 3.74.2, Data: 5.59
Successfully updated Sophos Anti-Virus from sdds:SOPHOS
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams

Posts: 4
Joined: 23 Nov 2019 15:03

Re: Sophos unattended install EFA4

Post by chanas » 24 Nov 2019 12:02

Works fine. Any idea how to disable treating password protected arhives as a virus? I do not want to skip scanning them completely and the Sophos manual does not seem to have something relevant

Posts: 4
Joined: 23 Nov 2019 15:03

Re: Sophos unattended install EFA4

Post by chanas » 24 Nov 2019 12:50

I think i found it.

in MailScanner.conf
Allowed Sophos Error Messages = "File was encrypted", "Password protected file"

Seems to fix it.

Post Reply