Search Google Appliance

Home >> Anti-Virus Information >> Sophos Anti-virus for Linux

Sophos Anti-virus for Linux

1. Installing and Updating Sophos

1.1. Obtaining and Installing Sophos

These instructions are primarily for people who want to install Sophos Anti-Virus onto their personal laptop and/or desktop. Please check with your local IT Support Staff about antivirus protection for college and departmental systems as local arrangements often apply, and installing the version intended for personal systems may cause problems.

A preconfigured installation package for Sophos for linux is available for installation onto personal laptops and desktops running Linux, together with some notes on installing and configuring the program. Limited additional support is available for Sophos on the Linux platform. For full information on configuring Sophos for Linux, please refer to the Sophos Anti-Virus for Linux documentation pages.

If you haven't already obtained Sophos you can download it for free via the following link: Make a note of the location where you save or extract the downloaded file.

Before installing Sophos for Linux:

  • Before starting, note that the Sophos install and uninstall scripts, as well as many of the utilities described in this document, need to be run as root. These instructions assume that you aren't logged on as root but are able to use the sudo command.
  • If you have previously installed Sophos on your system you need to uninstall it before you install the latest version. If you don't, configuration information such as the credentials used to update Sophos will not be updated and automatic updating may fail when these are updated in around November each year. Uninstalling Sophos is usually done by running the command

    sudo /opt/sophos-av/

  • Make sure that you are connected to the internet when you install Sophos as the setup program needs to be able to download components as it installs.
  • For a list of Linux versions that Sophos for Linux supports, see Sophos Anti-Virus for Linux: system requirements. Note that even where a kernel is not supported, Sophos may install and most functions will work fine. However, on-access scanning may not be available.

1.2. Installing Sophos for Linux

This section describes how to install Sophos once you have downloaded it from the IT Services Self-registration page.

After you have downloaded the file, open a command window and change to the directory where you saved the download. First you need to decompress the package (you may have chosen to do this as part of the download). On many systems you can do this using an archive manager. Otherwise, using a terminal session, extract it using the command tar -xzvf filename where you should replace filename with the name of the file you downloaded. For example, at the time of writing the file is called sophos75linux2013.tgz so the command would be tar -xzvf sophos75linux2013.tgz. This will decompress the package into the subdirectory sophos-av.

Make sure that you have removed any previous versions of Sophos by running

sudo /opt/sophos-av/

Sophos is a 32bit application. If you are installing Sophos onto a 64bit linux system you may first need to install 32bit compatibility libraries, or you may see an error. On Ubuntu systems refer to the Sophos knowledgebase article Sophos Anti-Virus for Linux: Installation on Ubuntu 64-bit fails with "python not found" for details including the command line to install the libraries and resolve the problem.

Run the install script using sudo ./sophos-av/ The installer will take a few minutes to complete and will download components from Sophos as needed.

The installation of Sophos onto your computer is an automatic process. Once you have started the installation please be patient and wait for it to complete. You are not required to help in this process. Once the install is complete you should see the following.

Note that there is a line that looks a little like an error. This is in the red box in the figure above and starts Disabling Sophos Anti-Virus GUI.

This is expected and normal. The GUI is disabled because a username and password are needed in order to configure the GUI. The GUI provides an easy way to carry out certain tasks such as stopping or starting the onaccess scanner, configuring exclusions and viewing the log. If you want the GUI you can enable it as described in the next section.

You should look for the lines outlined in green on the figure above. These show a successful installation.

However, also keep an eye out for lines such as the ones shown outlined in red in the figure below. In this case the kernel isn't supported and the result is that on-acceess scanning is disabled. In other respects Sophos will work fine, so it will update automatically, and you can run manual or scheduled scans. Given the relatively low number of viruses specific to the linux platform, running a regular manual scan may be all that you need.

1.3. Enabling the Sophos Anti-Virus GUI

Sophos options can be configured via the command-line but if you prefer a graphical method of configuring many of the options, you can enable the GUI. There are a couple of ways of doing this, one of which is given below.

Start the configuration by running the command sudo /opt/sophos-av/bin/savsetup. Follow the prompts to enable the GUI. You will be prompted for a username and password and you should make sure you set a strong password. By default the GUI uses port 8081 but if this port is already in use the configuration program will suggest an alternative. The picture below shows the sequence of prompts.

You should see the line outlined in red in the figure above if everything is successful. The word done that is shown on the right of this line in green shows that the GUI daemon was started successfully.

Once the GUI is enabled, you can access it by opening a web browser and connecting to http://localhost:8081. This address assumes that you used port number 8081 for the GUI when you enabled it. If you used a different port number, make sure that you change the 8081 part of the address as neccessary.

The initial status screen shows some configuration details and status information. Several additional tabs are available. Control will allow you to stop and start the onaccess scanner, while on the Scanning tab you can set some options relating to scanning such as what to do if a virus is found. You can exclude files and folders from being scanned using the Scanning tab, configure how you are alerted about any viruses found using the Alerting tab and view the log using the Log Viewer tab.When you access any of the configuration pages, you will be prompted for the username and password that you set when you enabled the GUI.

Once Sophos has successfully installed you can check that all is well by running the command sudo /opt/sophos-av/bin/savdstatus. This command doesn't tell you when Sophos was last updated. Examining the logs using the GUI or by running sudo /opt/sophos-av/bin/savlog will tell you more.

1.4. Keeping Sophos Anti-virus up to date

Sophos Anti-Virus uses a username and password to automatically download updates. These credentials are valid for around 14 months and expire around November each year. Once they have expired, Sophos will no longer be updated, and your computer will be more vulnerable to new viruses etc.

This normally only applies to Sophos installed onto personal laptops and desktops. On college or departmental systems, Sophos (or other antivirus software) is often managed by your local IT Support staff and you should check with them before making any changes.

To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year. Please see the FAQ for more details on how to check when your installation(s) of Sophos will stop updating.

So long as the updating credentials are current, Sophos for Linux is preconfigured to automatically download and install updates to keep your defences against viruses, trojans and worms as up-to-date as possible. On networked computers, this occurs once on hour (this is shown as 60 minutes on the status page of the GUI screen).

To find out when the program last updated itself, you can view the log by running the command sudo /opt/sophos-av/bin/savlog. Alternatively, if you have enabled the GUI, you can use this to check the last update time.


You can also trigger a manual update by running sudo /opt/sophos-av/bin/savupdate.

Once updates have been downloaded, they are automatically installed for you.

1.5. Further Information

If you encounter any problems there is a Frequently Asked Questions (FAQ) web page with answers to some of the most common issues that people encounter.

We provide some outline information on configuring Sophos options and scans in the next section and Sophos provide full documentation on their Sophos Anti-Virus for Linux documentation pages.

2. Further Configuration and Setting up Manual and Scheduled Scans

2.1. Configuring Sophos Settings

The preconfigured Sophos installer package available from the Computing Services configures Sophos with the following settings.

  • Updates downloaded directly from Sophos
  • Checks for and downloads available updates once an hour
  • On-access scanning is enabled
  • No scheduled scans are configured

For full details for configuring Sophos further, refer to the Sophos Anti-Virus for Linux documentation pages. For information on configuring scans, see the next section.

2.2. Enabling and Disabling On-access Scanning

You can enable or disable on-access scanning via the GUI under the [Control] tab. Alternatively, at the command line, use

sudo /opt/sophos-av/bin/savdctl enable

to enable on-access scanning, and

sudo /opt/sophos-av/bin/savdctl disable

to disable it.

2.3. Scanning Your Computer for Viruses

To scan all or part of the computer for viruses, use the command savscan. You can specify a path to be scanned. To scan the whole computer run

savscan /

or to scan a directory use

savscan directoryname

For example, to scan the directory /home/abcd0123 use the command

savscan /home/abcd0123.

To configure a scheduled scan to scan your computer automatically every Wednesday at 9pm (or at any other time/frequency), you need to use crontab to schedule the savscan command using options as appropriate (such as savscan / to scan the whole computer). The syntax of crontab may vary. Use man crontab to check the syntax on your system. See the Sophos knowledgebase article Setting up a cron job in UNIX-type operating systems for further information.

If you run a manual scan, the output should appear on the screen so that you can see whether any viruses are detected. If you configure a scheduled scan via crontab, the output will be logged, and you can check the results using sudo /opt/sophos-av/bin/savlog --category=savscan or via the Log Viewer tab of the GUI interface (select [savscan.log] from the Category drop-down.)


Service area: 

Written by IT Services. Latest revision 8 June 2015