You need to create a /root/software dir and place the sophos sav-linux-free-9.tgz file in this dir.
https://www.sophos.com/en-us/products/f ... linux.aspx
and make the install script executable (chmod +x sophos_install.sh)
Do not forget to Add Sophos in /etc/MailScanner/MailScanner.conf aka read the script.
sophos_install.sh
Code: Select all
#! /bin/bash
# ----------------------------------
# Script to install sophos-free
# source-dir /root/software
# Download sav-linux-free-9.tgz from Sophos
# ----------------------------------
tar xzf ./sav-linux-free-9.tgz
cd /root/software/sophos-av
# make /tmp executable
mount -o remount exec /tmp
# Rotate audit log
service auditd rotate
./install.sh --automatic --acceptlicence --autostart=True --enableOnBoot=True --live-protection=False --update-free=True /opt/sophos-av
/opt/sophos-av/bin/savconfig UINotifier false
/opt/sophos-av/bin/savconfig EmailNotifier false
/opt/sophos-av/bin/savconfig EnableOnStart false
/opt/sophos-av/bin/savconfig UIttyNotification false
/opt/sophos-av/bin/savconfig SendThreatEmail false
/opt/sophos-av/bin/savconfig UpdatePeriodMinutes 60
/opt/sophos-av/bin/savconfig EmailDemandSummaryIfThreat false
#Disable Data Collection By Sophos:
/opt/sophos-av/bin/savconfig set DisableFeedback true
#Run the update command to see if it is working (this may take some time):
/opt/sophos-av/bin/savupdate
/opt/sophos-av/bin/savdctl --daemon disable
# restart systemctl restart sav-protect
service sav-protect restart
#Remove executable from /tmp file system
mount -o remount /tmp
# fix selinux (savscan err)
grep 'avc: denied' /var/log/audit/audit.log | audit2allow -M /root/software/sophos-av/mypolSophos
semodule -i /root/software/sophos-av/mypolSophos.pp
# Add Sophos in /etc/MailScanner/MailScanner.conf (could use sed to do the job for you:)
#Virus Scanners = clamd sophos
# restart MailScanner ( systemctl restart MailScanner)
#service mailscanner restart
#OPTIONS:
# --help Display this help information
# --automatic Perform an automatic installation, using
# default or command-line options
# --acceptlicence Automatically accept the licence
# --autostart[=False] Start the Sophos Anti-Virus daemons
# after the installation [Do not start
# them]
# --enableOnBoot[=False] Start the Sophos Anti-Virus daemons
# on system boot [Do not start them]
# --ignore-existing-installation Ignore any existing installation
# --live-protection[=True] Perform in-the-cloud lookup for
# suspicious files
# --preferFanotify[=False] Specify Fanotify as on-access scanning
# interception method
# --SavWebUsername=USERNAME Username for accessing Sophos Anti-Virus GUI
# --SavWebPassword=PASSWORD Password for accessing Sophos Anti-Virus GUI
# --update-source-type=TYPE Set the type of updates:
# TYPE=s Direct from Sophos
# TYPE=o From your own server
# TYPE=n Disable auto-updating
# --update-source-path=ADDRESS Enable auto-updating from specified
# address
# --update-source-username=USERNAME Username for accessing update source
# --update-source-password=PASSWORD Password for accessing update source
# --update-all-distros[=False] Download ALL files from update source rather
# than just those required locally
# --update-cache-path=DIRECTORY Directory for local update cache
# --update-period=HOURS Update interval in hours
# --update-proxy-address=URL Address for HTTP proxy
Updating directly from Sophos.
The Free version of Sophos Anti-Virus for Linux comes with no support.
Forums are available for our free tools at http://openforum.sophos.com/
Fetching free update credentials.
Extra files updating is disabled. You can change updating settings using /opt/sophos-av/bin/savsetup.
Installing Sophos Anti-Virus....
Selecting appropriate kernel support...
When Sophos Anti-Virus starts, it updates itself to try to find a Sophos kernel interface module update. This might cause a significant delay.
Installation completed.
Updating from versions - SAV: 9.12.3, Engine: 3.65.2, Data: 5.30
Updating Sophos Anti-Virus....
Updating Command-line programs
Updating Talpa Binary Packs
Updating SAVScan on-demand scanner
Updating Builtin Configuration
Updating sav-protect startup script
Updating sav-rms startup script
Updating Sophos Anti-Virus Daemon
Updating Remote Management Daemon
Updating Manifest
Selecting appropriate kernel support...
Update completed.
Updated to versions - SAV: 9.15.1, Engine: 3.74.2, Data: 5.59
Successfully updated Sophos Anti-Virus from sdds:SOPHOS