User Tools

Site Tools


sophos_virus_scanner

If on access scanning is running, you can see whether that the Talpa module is monitoring file opens by running:

cat /proc/sys/talpa/intercept-filters/VettingController/ops

If Talpa is properly configured, the result should be the following:

-open
+close
+exec
+mount
+umount

If you see ”+open” instead, tune the Talpa module to exclude monitoring of file opens with the following command:

/opt/sophos-av/bin/savconfig set TalpaOperations -- -open

It is safe to take this action on any server, and doing so is strongly encouraged.


Check your work. The following gives you the full list of exclusions:

/opt/sophos-av/bin/savconfig ExcludeFileOnGlob && /opt/sophos-av/bin/savconfig ExcludeFilePaths

4. To test, turn on-access back on by restarting sav-protect:

service sav-protect restart

To enable Talpa Debug logging

/opt/sophos-av/bin/savconfig set TalpaDebug True
/etc/init.d/sav-protect restart

More info:

[root@~]# /opt/sophos-av/bin/savconfig get TalpaOperations
-open
[root@~]# /opt/sophos-av/bin/savdstatus
Sophos Anti-Virus is active and on-access scanning is running
[root@~]# /opt/sophos-av/bin/savdctl disable
[root@~]# /opt/sophos-av/bin/savdstatus
Sophos Anti-Virus is active but on-access scanning is not running
sophos_virus_scanner.txt · Last modified: 2013/11/13 16:29 (external edit)