Install Sophos Antivirus
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Install Sophos Antivirus
In addition of clamwin you can install also Sophos free and detection have a great ehnancement :
STEPS :
1) Make executable /tmp file system :
vi /etc/fstab
Duplicate, asterisk and change /tmp line to temporarly remove noexec option like below
#/dev/mapper/vg_00-lv_tmp /tmp ext4 nosuid,noexec,noatime 1 2
/dev/mapper/vg_00-lv_tmp /tmp ext4 noatime 1 2
2) Download sophos and put in your /root dir
You can use this link
https://secure2.sophos.com/it-it/produc ... nload.aspx
3) Install
Using the guide that you can download in same page you can install in few steps
Ensure to not turn on the system scanner
4) Add in MailScanner
vi /etc/MailScanner/MailScanner.conf
Line :
Virus Scanners = clamd sophos
5)
Restart and enjoy
STEPS :
1) Make executable /tmp file system :
vi /etc/fstab
Duplicate, asterisk and change /tmp line to temporarly remove noexec option like below
#/dev/mapper/vg_00-lv_tmp /tmp ext4 nosuid,noexec,noatime 1 2
/dev/mapper/vg_00-lv_tmp /tmp ext4 noatime 1 2
2) Download sophos and put in your /root dir
You can use this link
https://secure2.sophos.com/it-it/produc ... nload.aspx
3) Install
Using the guide that you can download in same page you can install in few steps
Ensure to not turn on the system scanner
4) Add in MailScanner
vi /etc/MailScanner/MailScanner.conf
Line :
Virus Scanners = clamd sophos
5)
Restart and enjoy
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Install Sophos Antivirus
Recommend setting no exec bit back on /tmp, just fyi
Re: Install Sophos Antivirus
Hi,
I installed Sophos in addition of existing clamAV with your instruction and all work perfectly!
A weird thing since installation, I receive a mail message like this whenever an infected email is detected by Sophos:
[SAV-LINUX] Threat detected during on-demand scan on server.domain.com
A threat was detected during an on-demand scan. Details follow:
3 files scanned.
Number of infections detected: 1
Number of infected files detected: 1
/var/spool/MailScanner/incoming/8730/CD8E410059D.AF62D/nmsg-8730-1.html is infected with W32/Chir-B.
What I need to do to disable this notification?
Thanks!
Jeff
I installed Sophos in addition of existing clamAV with your instruction and all work perfectly!
A weird thing since installation, I receive a mail message like this whenever an infected email is detected by Sophos:
[SAV-LINUX] Threat detected during on-demand scan on server.domain.com
A threat was detected during an on-demand scan. Details follow:
3 files scanned.
Number of infections detected: 1
Number of infected files detected: 1
/var/spool/MailScanner/incoming/8730/CD8E410059D.AF62D/nmsg-8730-1.html is infected with W32/Chir-B.
What I need to do to disable this notification?
Thanks!
Jeff
Re: Install Sophos Antivirus
I think I found the solution!
http://tw.sophos.com/sophos/docs/eng/ma ... _umeng.pdf
Turn on-demand email alerts off
By default, Sophos Anti-Virus emails the summary of an on-demand scan if, and only if, the scan
detects viruses.
To turn off the emailing of an on-demand scan summary if viruses are detected, type:
/opt/sophos-av/bin/savconfig set EmailDemandSummaryIfThreat disabled
So, wait and see!
http://tw.sophos.com/sophos/docs/eng/ma ... _umeng.pdf
Turn on-demand email alerts off
By default, Sophos Anti-Virus emails the summary of an on-demand scan if, and only if, the scan
detects viruses.
To turn off the emailing of an on-demand scan summary if viruses are detected, type:
/opt/sophos-av/bin/savconfig set EmailDemandSummaryIfThreat disabled
So, wait and see!
Re: Install Sophos Antivirus
when installing Sophos the easy way to make /tmp executable: ( without fstab changes)
mount -o remount exec /tmp
and to restore the non exec situation :
mount -o remount /tmp
mount -o remount exec /tmp
and to restore the non exec situation :
mount -o remount /tmp
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Install Sophos Antivirus
Hi,
what is that "make a filesystem executable" all about?
I never did that before for anything?
Thx
akl
what is that "make a filesystem executable" all about?
I never did that before for anything?
Thx
akl
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: Install Sophos Antivirus
it is a way to protect tmp from execution
Re: Install Sophos Antivirus
Hi,
thank you for the instructions, but we run into trouble after installing sophos as mention above.
After efa restart we got an error in line 565 of /etc/unbound/unbound.conf and the service didn't start. Therefore no more mails arrived to our mailserver.
So we went back to our latest VMware snapshot (before sophos install) and everything works well again.
Any suggestions.
Thanx!
Daniel
thank you for the instructions, but we run into trouble after installing sophos as mention above.
After efa restart we got an error in line 565 of /etc/unbound/unbound.conf and the service didn't start. Therefore no more mails arrived to our mailserver.
So we went back to our latest VMware snapshot (before sophos install) and everything works well again.
Any suggestions.
Thanx!
Daniel
Re: Install Sophos Antivirus
the obvious question is, what was wrong on line 565 of your configuration file?
without knowing what was in the file, it'd be very difficult for a third party to diagnose it.
without knowing what was in the file, it'd be very difficult for a third party to diagnose it.
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: Install Sophos Antivirus
I Installed Sophos in 3.0.0.7 and upgraded in 3.0.0.8
Now i reinstalled in a new fresh 3.0.0.9
I have no problem
I suggest so :
Install a fresh 3.0.0.9 that is perfect version, it have the most stable Centos version
3.0.0.9 have TXREP, with TXREP I have no more false positive without affecting spam detection
With a fresh install you have a perfect functional Clam Antivirus with unofficial extension
Then you must install the only antivirus that works without system modification
Fprot6
Sophos
When you install it you must be careful and specify to not activate automatic system scan of filesystem because you need to use it only to be invoked by MailScanner to scan incoming email files
You also need to modify MailScanner line to invoke these 3 products instead of clam only.
Here my virus detection statistics :
Date Total Sophos Only Clam Only FProt Only
08/04/2016 78 72 22 56 6 0 0
07/04/2016 29 17 17 12 12 0 0
06/04/2016 46 27 27 19 19 0 0
05/04/2016 20 5 5 15 15 0 0
04/04/2016 6 5 5 1 1 0 0
03/04/2016 4 2 2 2 2 0 0
02/04/2016 20 15 15 5 5 0 0
01/04/2016 16 14 14 2 2 0 0
31/03/2016 7 3 3 4 4 0 0
30/03/2016 15 11 6 4 4 5 0
29/03/2016 285 285 167 0 0 118 0
For example 08/04 i found 78 incomingi viruses, Sophos detected 72, 22 was detected by sophos only, Clam detected 56 and 6 only by clam, fprot 0
So if you want you can not install Fprot, but i suggest to install sophos, as you can see
Now i reinstalled in a new fresh 3.0.0.9
I have no problem
I suggest so :
Install a fresh 3.0.0.9 that is perfect version, it have the most stable Centos version
3.0.0.9 have TXREP, with TXREP I have no more false positive without affecting spam detection
With a fresh install you have a perfect functional Clam Antivirus with unofficial extension
Then you must install the only antivirus that works without system modification
Fprot6
Sophos
When you install it you must be careful and specify to not activate automatic system scan of filesystem because you need to use it only to be invoked by MailScanner to scan incoming email files
You also need to modify MailScanner line to invoke these 3 products instead of clam only.
Here my virus detection statistics :
Date Total Sophos Only Clam Only FProt Only
08/04/2016 78 72 22 56 6 0 0
07/04/2016 29 17 17 12 12 0 0
06/04/2016 46 27 27 19 19 0 0
05/04/2016 20 5 5 15 15 0 0
04/04/2016 6 5 5 1 1 0 0
03/04/2016 4 2 2 2 2 0 0
02/04/2016 20 15 15 5 5 0 0
01/04/2016 16 14 14 2 2 0 0
31/03/2016 7 3 3 4 4 0 0
30/03/2016 15 11 6 4 4 5 0
29/03/2016 285 285 167 0 0 118 0
For example 08/04 i found 78 incomingi viruses, Sophos detected 72, 22 was detected by sophos only, Clam detected 56 and 6 only by clam, fprot 0
So if you want you can not install Fprot, but i suggest to install sophos, as you can see
Re: Install Sophos Antivirus
Any specific instructions on how to install and where to find Fprot6?
###edit###
seems older and f-prot.com doesn't have a download link. I guess I'll skip it
###edit###
seems older and f-prot.com doesn't have a download link. I guess I'll skip it
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: Install Sophos Antivirus
Sometimes also Fpprot catch some virus
Updates are regular, installation is simple and sure, so I use it
Updates are regular, installation is simple and sure, so I use it
Re: Install Sophos Antivirus
Where did you get the free version from?
All 3 versions I can find are commercial:
http://www.cyren.com/f-prot-antivirus-f ... rvers.html
http://www.cyren.com/f-prot-antivirus-f ... tions.html
http://www.cyren.com/f-prot-antivirus-f ... rvers.html
or are you using a commercial one? If that is the case, please excuse my blonde moment.
All 3 versions I can find are commercial:
http://www.cyren.com/f-prot-antivirus-f ... rvers.html
http://www.cyren.com/f-prot-antivirus-f ... tions.html
http://www.cyren.com/f-prot-antivirus-f ... rvers.html
or are you using a commercial one? If that is the case, please excuse my blonde moment.
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: Install Sophos Antivirus
Thank you! Weirdly enough it is not lsited on the overview page for home users: http://www.f-prot.com/download/home_user/
Re: Install Sophos Antivirus
I think I am going to sit this one out:
Code: Select all
Found an existing license key in /root/f-prot/license.key, updating antivir.def ...
Unable to update `antvir.def' with the provided license key.
The error message above should explain why.
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: Install Sophos Antivirus
in first step you must mane /tmp executable fron /etc/fstab
Re: Install Sophos Antivirus
thanks but that didn't help with the license problem I posted above
###edit###
where did you place fprot? I put it into root while installing but it seems it needs a "permanent" place like /opt?
###edit###
where did you place fprot? I put it into root while installing but it seems it needs a "permanent" place like /opt?
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: Install Sophos Antivirus
at first time remove noexec option from /tmp in /etc/fstab and reboot
(at the end replace it)
download pachage, unpack and put under /opt
and do install-f-prot.pl
insert entry in MailScanner configuration to use it
under /opt/f-prot there is license.key
i dont remember how i have it but i think that is retrieved during install
(at the end replace it)
download pachage, unpack and put under /opt
and do install-f-prot.pl
insert entry in MailScanner configuration to use it
under /opt/f-prot there is license.key
i dont remember how i have it but i think that is retrieved during install
Re: Install Sophos Antivirus
sav-linux installed and working on 3.0.0.8.
/tmp did not have enough space so created /install and put the download and the extraction in there. After installation, rm -rf /install
/tmp did not have enough space so created /install and put the download and the extraction in there. After installation, rm -rf /install
Re: Install Sophos Antivirus
Thanks for the great information!!!
Mark
Mark
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: Install Sophos Antivirus
The first thing that I do when install a new efa box is enlarge space
Re: Install Sophos Antivirus
Very useful information.
Re: Install Sophos Antivirus
Here's a possible gotcha.
I receive a lot of messages with Chinese language filenames. Sophos AV has trouble with these filenames and calls the attachments "viruses" even though it is not.
Basically, if Sophos cannot access the filename, it gives up and errs on the side of caution. I think I'll have to disable Sophos because of this as I cannot afford to check every day to find out what legitimate files Sophos is blocking.
Example:
Sophos: Could not check ./00D30180490.AF1A6/�永-天����港IPO��约�书 (corrupt)
Sophos: Could not check ./00D30180490.AF1A6/�永-天����港IPO��约�书 (corrupt)
The actual filenames in the queue directory are:
-rw-rw---- 1 postfix mtagroup 375411 Aug 29 17:57 %D6%D0%BD%E9%CE%AF%CD%D0%D0%AD%D2%E920.rar
-rw-rw---- 1 postfix mtagroup 518325 Aug 29 17:57 message
-rw-rw---- 1 postfix mtagroup 236594 Aug 29 17:57 安永-天立教育香港IPO业务约定书
which are well formatted UTF8 filenames.
I receive a lot of messages with Chinese language filenames. Sophos AV has trouble with these filenames and calls the attachments "viruses" even though it is not.
Basically, if Sophos cannot access the filename, it gives up and errs on the side of caution. I think I'll have to disable Sophos because of this as I cannot afford to check every day to find out what legitimate files Sophos is blocking.
Example:
Sophos: Could not check ./00D30180490.AF1A6/�永-天����港IPO��约�书 (corrupt)
Sophos: Could not check ./00D30180490.AF1A6/�永-天����港IPO��约�书 (corrupt)
The actual filenames in the queue directory are:
-rw-rw---- 1 postfix mtagroup 375411 Aug 29 17:57 %D6%D0%BD%E9%CE%AF%CD%D0%D0%AD%D2%E920.rar
-rw-rw---- 1 postfix mtagroup 518325 Aug 29 17:57 message
-rw-rw---- 1 postfix mtagroup 236594 Aug 29 17:57 安永-天立教育香港IPO业务约定书
which are well formatted UTF8 filenames.
Re: Install Sophos Antivirus
I've never received any attachments with a completely foreign locale, could this be made to work if you install the correct locales on the EFA system?