Sophos Anti-Virus for Linux: Locally compiling Talpa Binary Packs for On-Access scanning

  • N.º del artículo: 13503
  • Actualizado: 16 jul 2014

The on-access scanning component of Sophos Anti-Virus for Linux requires several kernel modules to be installed and loaded.

Sophos provides precompiled binary packs for specific kernel versions. For full details on platforms and kernel, please read the following knowledgebase article: Sophos Anti-Virus for Linux system requirements

However, if either of the below applies, the Sophos Anti-Virus installer will need to compile custom binary packs to match your running kernel.

  • you want to enable the on-access scanning component, and are running on a kernel for which Sophos does not provide Binary Packs
  • you have recompiled your kernel at any point

Note: With the release of Sophos Anti-Virus version 9.x it is possible to enable on-access scanning on later kernels without loading/compiling a Talpa kernel module. Please see this article for more details: Sophos Anti-Virus for Linux/Unix v9: Fanotify overview 

What to do

1. Technical requirements

Before you run the installer, to enable it to compile custom kernel modules, you must have the following installed:

  • The kernel source matching your running kernel (normally accessible from /lib/modules/`uname -r`/build/)
  • A system.map file matching your running kernel (normally located in /boot/System.map-`uname -r`)
  • GCC and configured development tools, e.g. 'make'. (The version of GCC must be the same as the one used to compile your kernel.)

Some distributions (such as Debian) provide a kernel-headers package which must also be installed. These distributions also provide all the required kernel sources to compile.

2. Running the installer

Once the above components are installed, you can run the Sophos Anti-Virus for Linux installer as usual, and custom kernel modules will be built.  Alternatively, If Sophos Anti-Virus is already installed you can attempt compilation by running:

/opt/sophos-av/engine/talpa_select select

3. Using a non-default GCC version

If a non-default GCC version was used for kernel compilation, you must use the same version when compiling Talpa.

The recommended way of doing this is to create a file named build.options in <installation directory>/talpa/override/. This file should contain a single line listing options which are directly passed to Talpa's configure script. In this particular case, something like 'CC=gcc-kernel' should be added, where 'gcc-kernel' is a GCC binary used for kernel compilation.

4. Troubleshooting

If the installer cannot compile the kernel modules, a log file is created in this location:

/opt/sophos-av/log/talpaselect.log

If this occurs, please forward the log file to Sophos technical support, along with the following information:

  • Kernel version (uname -r)
  • GCC version (gcc --version)
  • Kernel log since last boot (the output of the dmesg command).

 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios