1. Installing and Updating Sophos
1.1. Obtaining and Installing Sophos
These instructions are primarily for people who want to install Sophos Anti-Virus onto their personal laptop and/or desktop. Please check with your local IT Support Staff about antivirus protection for college and departmental systems as local arrangements often apply, and installing the version intended for personal systems may cause problems.
A preconfigured installation package for Sophos for linux is available for installation onto personal laptops and desktops running Linux, together with some notes on installing and configuring the program. Limited additional support is available for Sophos on the Linux platform. For full information on configuring Sophos for Linux, please refer to the Sophos Anti-Virus for Linux documentation pages.
If you haven't already obtained Sophos you can download it for free via the following link:
https://register.it.ox.ac.uk/software. Make a note of the location where you save or extract the downloaded file.
Before installing Sophos for Linux:
1.2. Installing Sophos for Linux
This section describes how to install Sophos once you have downloaded it from the OUCS Self-registration page.
After you have downloaded the file, open a command window and change to the directory
where you saved the download. First you need to decompress the package (you may have
chosen to do this as part of the download). On many systems you can do this using an
archive manager. Otherwise, using a terminal session, extract it using the command
tar -xzvf filename where you should replace filename with
the name of the file you downloaded. For example, at the time of writing the file is
called sophos75linux2013.tgz so the command would be
sophos75linux2013.tgz. This will decompress the package into the
Make sure that you have removed any previous versions of Sophos by running
Sophos is a 32bit application. If you are installing Sophos onto a 64bit linux system you may first need to install 32bit compatibility libraries, or you may see an error. On Ubuntu systems refer to the Sophos knowledgebase article Sophos Anti-Virus for Linux: Installation on Ubuntu 64-bit fails with "python not found" for details including the command line to install the libraries and resolve the problem.
Run the install script using
sudo ./sophos-av/install.sh. The
installer will take a few minutes to complete and will download components from Sophos
The installation of Sophos onto your computer is an automatic process. Once you have started the installation please be patient and wait for it to complete. You are not required to help in this process. Once the install is complete you should see the following.
Figure v75-install-success.gif [Installation Completion]
Note that there is a line that looks a little like an error. This is in the red box in
the figure above and starts
Disabling Sophos Anti-Virus GUI.
This is expected and normal. The GUI is disabled because a username and password are needed in order to configure the GUI. The GUI provides an easy way to carry out certain tasks such as stopping or starting the onaccess scanner, configuring exclusions and viewing the log. If you want the GUI you can enable it as described in the next section.
You should look for the lines outlined in green on the figure above. These show a successful installation.
However, also keep an eye out for lines such as the ones shown outlined in red in the figure below. In this case the kernel isn't supported and the result is that on-acceess scanning is disabled. In other respects Sophos will work fine, so it will update automatically, and you can run manual or scheduled scans. Given the relatively low number of viruses specific to the linux platform, running a regular manual scan may be all that you need.
Figure kernel-error1.gif [Kernel Error for On-Access Scanning]
1.3. Enabling the Sophos Anti-Virus GUI
Sophos options can be configured via the command-line but if you prefer a graphical method of configuring many of the options, you can enable the GUI. There are a couple of ways of doing this, one of which is given below.
Start the configuration by running the command
/opt/sophos-av/bin/savsetup. Follow the prompts to enable the GUI. You will
be prompted for a username and password and you should make sure you set a strong
password. By default the GUI uses port 8081 but if this port is already in use the
configuration program will suggest an alternative. The picture below shows the sequence
Figure enable-gui.gif [Enable GUI Configuration]
You should see the line outlined in red in the figure above if everything is successful. The word done that is shown on the right of this line in green shows that the GUI daemon was started successfully.
Once the GUI is enabled, you can access it by opening a web browser and connecting to
http://localhost:8081. This address assumes that you used port
number 8081 for the GUI when you enabled it. If you used a different port number, make
sure that you change the 8081 part of the address as neccessary.
The initial status screen shows some configuration details and status information.
Several additional tabs are available.
Control will allow you to stop and
start the onaccess scanner, while on the
Scanning tab you can set some
options relating to scanning such as what to do if a virus is found. You can exclude
files and folders from being scanned using the
Scanning tab, configure how
you are alerted about any viruses found using the
Alerting tab and view the
log using the
Log Viewer tab.When you access any of the configuration
pages, you will be prompted for the username and password that you set when you enabled
Figure v75-gui-interface.gif [GUI Information Screen]
Once Sophos has successfully installed you can check that all is well by running the
sudo /opt/sophos-av/bin/savdstatus. This command doesn't tell
you when Sophos was last updated. Examining the logs using the GUI or by running
sudo /opt/sophos-av/bin/savlog will tell you more.
1.4. Keeping Sophos Anti-virus up to date
Sophos Anti-Virus uses a username and password to automatically download updates. These credentials are valid for around 14 months and expire around November each year. Once they have expired, Sophos will no longer be updated, and your computer will be more vulnerable to new viruses etc.
This normally only applies to Sophos installed onto personal laptops and desktops. On college or departmental systems, Sophos (or other antivirus software) is often managed by your local IT Support staff and you should check with them before making any changes.
To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year. Please see the FAQ for more details on how to check when your installation(s) of Sophos will stop updating.
So long as the updating credentials are current, Sophos for Linux is preconfigured to automatically download and install updates to keep your defences against viruses, trojans and worms as up-to-date as possible. On networked computers, this occurs once on hour (this is shown as 60 minutes on the status page of the GUI screen).
To find out when the program last updated itself, you can view the log by running the
sudo /opt/sophos-av/bin/savlog. Alternatively, if you have
enabled the GUI, you can use this to check the last update time.
You can also trigger a manual update by running
Once updates have been downloaded, they are automatically installed for you.
1.5. Further Information
If you encounter any problems there is a Frequently Asked Questions (FAQ) web page with answers to some of the most common issues that people encounter.
We provide some outline information on configuring Sophos options and scans in the next section and Sophos provide full documentation on their Sophos Anti-Virus for Linux documentation pages.
2. Further Configuration and Setting up Manual and Scheduled Scans
2.1. Configuring Sophos Settings
The preconfigured Sophos installer package available from the Computing Services configures Sophos with the following settings.
For full details for configuring Sophos further, refer to the Sophos Anti-Virus for Linux documentation pages. For information on configuring scans, see the next section.
2.2. Enabling and Disabling On-access Scanning
You can enable or disable on-access scanning via the GUI under the
tab. Alternatively, at the command line, use
sudo /opt/sophos-av/bin/savdctl enable
to enable on-access scanning, and
sudo /opt/sophos-av/bin/savdctl disable
to disable it.
2.3. Scanning Your Computer for Viruses
To scan all or part of the computer for viruses, use the command
savscan. You can specify a path to be scanned. To scan the whole
or to scan a directory use
For example, to scan the directory
/home/abcd0123 use the command
To configure a scheduled scan to scan your computer automatically every Wednesday at
9pm (or at any other time/frequency), you need to use crontab to schedule the
savscan command using options as appropriate (such as
savscan / to scan the whole computer). The syntax of crontab may
man crontab to check the syntax on your system. See the
Sophos knowledgebase article Setting up a cron
job in UNIX-type operating systems for further information.
If you run a manual scan, the output should appear on the screen so that you can see
whether any viruses are detected. If you configure a scheduled scan via crontab, the
output will be logged, and you can check the results using
/opt/sophos-av/bin/savlog --category=savscan or via the Log Viewer tab of
the GUI interface (select
[savscan.log] from the