The on-access scanning component of Sophos Anti-Virus for Linux requires several kernel modules to be installed and loaded.
Sophos provides precompiled binary packs for specific kernel versions. For full details on platforms and kernel, please read the following knowledgebase article: Sophos Anti-Virus for Linux system requirements
However, if either of the below applies, the Sophos Anti-Virus installer will need to compile custom binary packs to match your running kernel.
- you want to enable the on-access scanning component, and are running on a kernel for which Sophos does not provide Binary Packs
- you have recompiled your kernel at any point
Note: With the release of Sophos Anti-Virus version 9.x it is possible to enable on-access scanning on later kernels without loading/compiling a Talpa kernel module. Please see this article for more details: Sophos Anti-Virus for Linux/Unix v9: Fanotify overview
What to do
1. Technical requirements
Before you run the installer, to enable it to compile custom kernel modules, you must have the following installed:
- The kernel source matching your running kernel (normally accessible from /lib/modules/`uname -r`/build/)
- A system.map file matching your running kernel (normally located in /boot/System.map-`uname -r`)
- GCC and configured development tools, e.g. 'make'. (The version of GCC must be the same as the one used to compile your kernel.)
Some distributions (such as Debian) provide a kernel-headers package which must also be installed. These distributions also provide all the required kernel sources to compile.
2. Running the installer
Once the above components are installed, you can run the Sophos Anti-Virus for Linux installer as usual, and custom kernel modules will be built. Alternatively, If Sophos Anti-Virus is already installed you can attempt compilation by running:
3. Using a non-default GCC version
If a non-default GCC version was used for kernel compilation, you must use the same version when compiling Talpa.
The recommended way of doing this is to create a file named build.options in <installation directory>/talpa/override/. This file should contain a single line listing options which are directly passed to Talpa's configure script. In this particular case, something like 'CC=gcc-kernel' should be added, where 'gcc-kernel' is a GCC binary used for kernel compilation.
If the installer cannot compile the kernel modules, a log file is created in this location:
If this occurs, please forward the log file to Sophos technical support, along with the following information:
- Kernel version (uname -r)
- GCC version (gcc --version)
- Kernel log since last boot (the output of the dmesg command).