1. Installing and Updating Sophos
1.1. Obtaining and Installing Sophos
These instructions are primarily for people who want to install Sophos Anti-Virus onto their personal laptop and/or desktop. Please check with your local IT Support Staff about antivirus protection for college and departmental systems as local arrangements often apply, and installing the version intended for personal systems may cause problems.
A preconfigured installation package for Sophos for linux is available for installation onto personal laptops and desktops running Linux, together with some notes on installing and configuring the program. Limited additional support is available for Sophos on the Linux platform. For full information on configuring Sophos for Linux, please refer to the Sophos Anti-Virus for Linux documentation pages.
If you haven't already obtained Sophos you can download it for free via the following link:
https://register.it.ox.ac.uk/software. Make a note of the location where you save or extract the downloaded file.
Before installing Sophos for Linux:
- Before starting, note that the Sophos install and uninstall scripts, as well as many of the utilities described in this document, need to be run as root. These instructions assume that you aren't logged on as root but are able to use the sudo command.
If you have previously installed Sophos on your system you need to uninstall it before you install the latest version. If you don't, configuration information such as the credentials used to update Sophos will not be updated and automatic updating may fail when these are updated in around November each year. Uninstalling Sophos is usually done by running the command
- Make sure that you are connected to the internet when you install Sophos as the setup program needs to be able to download components as it installs.
- For a list of Linux versions that Sophos for Linux supports, see Sophos Anti-Virus for Linux: system requirements. Note that even where a kernel is not supported, Sophos may install and most functions will work fine. However, on-access scanning may not be available.
1.2. Installing Sophos for Linux
This section describes how to install Sophos once you have downloaded it from the IT Services Self-registration page.
After you have downloaded the file, open a command window and change to the directory where you saved the download. First you need to decompress the package (you may have chosen to do this as part of the download). On many systems you can do this using an archive manager. Otherwise, using a terminal session, extract it using the command
tar -xzvf filename where you should replace filename with the name of the file you downloaded. For example, at the time of writing the file is called sophos75linux2013.tgz so the command would be
tar -xzvf sophos75linux2013.tgz. This will decompress the package into the subdirectory
Make sure that you have removed any previous versions of Sophos by running
Sophos is a 32bit application. If you are installing Sophos onto a 64bit linux system you may first need to install 32bit compatibility libraries, or you may see an error. On Ubuntu systems refer to the Sophos knowledgebase article Sophos Anti-Virus for Linux: Installation on Ubuntu 64-bit fails with "python not found" for details including the command line to install the libraries and resolve the problem.
Run the install script using
sudo ./sophos-av/install.sh. The installer will take a few minutes to complete and will download components from Sophos as needed.
The installation of Sophos onto your computer is an automatic process. Once you have started the installation please be patient and wait for it to complete. You are not required to help in this process. Once the install is complete you should see the following.
Note that there is a line that looks a little like an error. This is in the red box in the figure above and starts
Disabling Sophos Anti-Virus GUI.
This is expected and normal. The GUI is disabled because a username and password are needed in order to configure the GUI. The GUI provides an easy way to carry out certain tasks such as stopping or starting the onaccess scanner, configuring exclusions and viewing the log. If you want the GUI you can enable it as described in the next section.
You should look for the lines outlined in green on the figure above. These show a successful installation.
However, also keep an eye out for lines such as the ones shown outlined in red in the figure below. In this case the kernel isn't supported and the result is that on-acceess scanning is disabled. In other respects Sophos will work fine, so it will update automatically, and you can run manual or scheduled scans. Given the relatively low number of viruses specific to the linux platform, running a regular manual scan may be all that you need.
1.3. Enabling the Sophos Anti-Virus GUI
Sophos options can be configured via the command-line but if you prefer a graphical method of configuring many of the options, you can enable the GUI. There are a couple of ways of doing this, one of which is given below.
Start the configuration by running the command
sudo /opt/sophos-av/bin/savsetup. Follow the prompts to enable the GUI. You will be prompted for a username and password and you should make sure you set a strong password. By default the GUI uses port 8081 but if this port is already in use the configuration program will suggest an alternative. The picture below shows the sequence of prompts.
You should see the line outlined in red in the figure above if everything is successful. The word done that is shown on the right of this line in green shows that the GUI daemon was started successfully.
Once the GUI is enabled, you can access it by opening a web browser and connecting to
http://localhost:8081. This address assumes that you used port number 8081 for the GUI when you enabled it. If you used a different port number, make sure that you change the 8081 part of the address as neccessary.
The initial status screen shows some configuration details and status information. Several additional tabs are available.
Control will allow you to stop and start the onaccess scanner, while on the
Scanning tab you can set some options relating to scanning such as what to do if a virus is found. You can exclude files and folders from being scanned using the
Scanning tab, configure how you are alerted about any viruses found using the
Alerting tab and view the log using the
Log Viewer tab.When you access any of the configuration pages, you will be prompted for the username and password that you set when you enabled the GUI.
Once Sophos has successfully installed you can check that all is well by running the command
sudo /opt/sophos-av/bin/savdstatus. This command doesn't tell you when Sophos was last updated. Examining the logs using the GUI or by running
sudo /opt/sophos-av/bin/savlog will tell you more.
1.4. Keeping Sophos Anti-virus up to date
Sophos Anti-Virus uses a username and password to automatically download updates. These credentials are valid for around 14 months and expire around November each year. Once they have expired, Sophos will no longer be updated, and your computer will be more vulnerable to new viruses etc.
This normally only applies to Sophos installed onto personal laptops and desktops. On college or departmental systems, Sophos (or other antivirus software) is often managed by your local IT Support staff and you should check with them before making any changes.
To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year. Please see the FAQ for more details on how to check when your installation(s) of Sophos will stop updating.
So long as the updating credentials are current, Sophos for Linux is preconfigured to automatically download and install updates to keep your defences against viruses, trojans and worms as up-to-date as possible. On networked computers, this occurs once on hour (this is shown as 60 minutes on the status page of the GUI screen).
To find out when the program last updated itself, you can view the log by running the command
sudo /opt/sophos-av/bin/savlog. Alternatively, if you have enabled the GUI, you can use this to check the last update time.
You can also trigger a manual update by running
Once updates have been downloaded, they are automatically installed for you.
1.5. Further Information
If you encounter any problems there is a Frequently Asked Questions (FAQ) web page with answers to some of the most common issues that people encounter.
2. Further Configuration and Setting up Manual and Scheduled Scans
2.1. Configuring Sophos Settings
The preconfigured Sophos installer package available from the Computing Services configures Sophos with the following settings.
- Updates downloaded directly from Sophos
- Checks for and downloads available updates once an hour
- On-access scanning is enabled
- No scheduled scans are configured
For full details for configuring Sophos further, refer to the Sophos Anti-Virus for Linux documentation pages. For information on configuring scans, see the next section.
2.2. Enabling and Disabling On-access Scanning
You can enable or disable on-access scanning via the GUI under the
[Control] tab. Alternatively, at the command line, use
sudo /opt/sophos-av/bin/savdctl enable
to enable on-access scanning, and
sudo /opt/sophos-av/bin/savdctl disable
to disable it.
2.3. Scanning Your Computer for Viruses
To scan all or part of the computer for viruses, use the command
savscan. You can specify a path to be scanned. To scan the whole computer run
or to scan a directory use
For example, to scan the directory
/home/abcd0123 use the command
To configure a scheduled scan to scan your computer automatically every Wednesday at 9pm (or at any other time/frequency), you need to use crontab to schedule the
savscan command using options as appropriate (such as
savscan / to scan the whole computer). The syntax of crontab may vary. Use
man crontab to check the syntax on your system. See the Sophos knowledgebase article Setting up a cron job in UNIX-type operating systems for further information.
If you run a manual scan, the output should appear on the screen so that you can see whether any viruses are detected. If you configure a scheduled scan via crontab, the output will be logged, and you can check the results using
sudo /opt/sophos-av/bin/savlog --category=savscan or via the Log Viewer tab of the GUI interface (select
[savscan.log] from the