When using SELinux or other security architectures (such as AppArmour), the following error may be encountered during on-access scanning:
Error occurred while scanning <FILE>: 0x3c: Unable to write to talpa socket (Close). (The operation was denied.)
First seen in
SAV for Linux v7
Security architectures like SELinux can restrict the permissions of some processes when accessing a file. Sophos Anti-Virus always attempts to access files in the same context as the calling process, which can prevent scanning of the file with SELinux enabled.
For example, if the calling process is only allowed write access to a file, then Sophos Anti-Virus will be restricted to write access only. When read access is unavailable the file is not scannable.
What To Do
Exclude the file from on-access scanning. For managed installations this can be done via the Enterprise Console 'Anti-Virus & HIPS' policy. For unmanaged installations run the following command:
/opt/sophos-av/bin/savconfig add ExcludeFilePaths <FILE>
Alternatively, modify the SELinux configuration to allow the calling process read access to the file.