1. Installation
From the following page, you need to download the installer from "Browser".
Linux malware scan | Download free antivirus for Linux | Sophos
Upload the downloaded file to the / tmp directory of CentOS. The file name is sav-linux-free-9.tgz as of 03/09/2017. Change the commands described later according to the file name.
First, log in to CentOS as root.
Extract the file with the following command.
# cd / tmp # tar -xzvf sav-linux-free-9.tgz
Execute the installation with the following command.
# ./sophos-av/install.sh
Then, the following message is displayed. Press the Enter key and follow the instructions on the screen.
Sophos Anti-Virus ================= Copyright (c) 1989-2015 Sophos Limited. All rights reserved. Welcome to the Sophos Anti-Virus installer. Sophos Anti-Virus includes an on-access scanner, an on-demand command line scanner, a Sophos Anti-Virus daemon, and a Sophos Anti-Virus GUI. On-Access Scanner Scans files when accessed and allows access only when clean On-Demand Scanner Scans all or part of the computer immediately Sophos Anti-Virus Daemon Provides Sophos Anti-Virus with control, logging and email alerting Background process provided Sophos Anti-Virus GUI User interface accessed via a web browser Press the "Enter" key to display the license agreement. Then press <spc> to scroll down.
Scroll with the space bar and press Y + Enter at the end.
Do you agree with the license agreement? Yes (Y) / No (N) [N]> Y
You can leave the default location, press Enter.
Specify where to install Sophos Anti-Virus. [/ opt / sophos-av]>
Press Enter to accept the default.
Enable on-access scanning? Yes (Y) / No (N) [Y]>
Auto-update can be done from Sophos, so keep the default and press Enter.
You can update directly from Sophos (account information required) or from your own server (directory or website (account information may be required)). Select the type of auto-update: Sophos (s) / own server (o) / none (n) [s]>
Press f + Enter to install Free Edition.
Updated directly from Sophos. Do you want to install the free version (f) or the supported version (s) of SAV for Linux? [s]> f
Since no proxy is used, press Enter to accept the default.
No support is provided for the free version of Sophos Anti-Virus for Linux. For a free tools forum, see: http://openforum.sophos.com/ Do I need a proxy to update from Sophos? Yes (Y) / No (N) [N]>
After performing the above settings, the installation will start.
Installation is complete when the installation complete message is displayed.
2.Operation check
Use a test virus to check Sophos operation.
The test virus is available from the following site.
EICAR
Currently, the following four types of files can be downloaded.
http://www.eicar.org/download/eicar.com http://www.eicar.org/download/eicar.com.txt http://www.eicar.org/download/eicar_com.zip http://www.eicar.org/download/eicarcom2.zip
Use the following command to actually download the virus file.
# wget http://www.eicar.org/download/eicar.com.txt
Then, the following message is displayed.
********************** Sophos Anti-Virus Warning ********************** Threat "EICAR-AV-Test" has been detected in the following files: "/tmp/eicar.com.txt". File is still infected **************** ****************************************************** ****
Surprisingly, if you check it with the ls command, you will see that the files remain. The on-access scanner does not seem to do it until removal.
# ls eicar.com.txt sav-linux-free-9.9.tgz sophos-av
However, when you open the file with the vi editor, the following message is displayed, so it seems safe.
********************** Sophos Anti-Virus Warning ********************** ~ Threat "EICAR-AV-Test" has been detected in the following file ~ "/tmp/eicar.com.txt". ~ ~ File access denied ~ ~ ******** ****************************************************** ************
Now try a regular scan. A normal scan can be executed with the following command.
# savscan /
If there is a file infected by the virus, the following email will be sent to the root user.
Subject: [SAV-LINUX] Threat 'EICAR-AV-Test' detected on localhost.localdomain Status: RO A threat classified as 'EICAR-AV-Test' was detected in the file '/tmp/eicar.com.txt' when attempting to open it at Wed Jun 17 01:05:35 2015 JST +0900 (2015-06-16 16:05:35 UTC) .Access to the infected file was not allowed.
As before, the files infected with the virus have not been removed.
However, this confirms that Sophos Antivirus is working properly.
3. How to set up a scheduled scan
By default, Sophos Antivirus is not configured to perform scheduled scans.
The settings are made in crontab.
Execute the following command to open the vi editor. Add the crontab settings.
# crontab -u root -e
Then, if you set the following, the scan will be executed at 10:55 every day.
55 10 * * * / opt / sophos-av / bin / savscan /
Please refer to the following for how to set the time and script.
minute (0-59) hour (0-23) day_of_month (1-31) month (1-12) day_of_week (0-7) /path/script.sh
4. Uninstall
To uninstall Sophos Antivirus, simply run the following command:
# /opt/sophos-av/uninstall.sh