Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 19417 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

On-Access scanning is not running

Wagab

Hi all,

I have a strange problem and I don't understand what's happening. We have a platform with some debian clients and RHEL clients with a console.

On my console I see that there is a problem with the strategy. It's different with my policy for only RHEL Clients. After some researchs, I found that on-access scanning is not running :

/data/sophos-av/bin/savdstatus
Sophos Anti-Virus is active but on-access scanning is not running

However in my policy, I enable on-access scanning. So, on client I launched :

root@rhel1:~# /data/sophos-av/bin/savdctl enable
root@rhel1:~# /data/sophos-av/bin/savdstatus
Sophos Anti-Virus is active but on-access scanning is not running

And that doesn't work :( .

After others researchs, I found that in talpaselect.log :


Building...
No such file or directory
Traceback (most recent call last):
File "talpa_select.py", line 2057, in _action
File "talpa_select.py", line 1179, in load
File "talpa_select.py", line 958, in select
File "talpa_select.py", line 1665, in select
File "talpa_select.py", line 1853, in build

So I tried to follow :

/search?q= 21711

http://www.sophos.com/en-us/support/knowledgebase/13503.aspx

http://www.sophos.com/en-us/support/knowledgebase/14377.aspx

I installed :

gcc

kernel-devel

I launched : engine/talpa_select select

and now there is that in talpaselect.log :

Building...
No such file or directory
Traceback (most recent call last):
File "talpa_select.py", line 2057, in _action
File "talpa_select.py", line 1179, in load
File "talpa_select.py", line 958, in select
File "talpa_select.py", line 1665, in select
File "talpa_select.py", line 1853, in build
File "/opt/sophos-av/lib/python2.5/subprocess.py", line 444, in call
File "/opt/sophos-av/lib/python2.5/subprocess.py", line 594, in __init__
File "/opt/sophos-av/lib/python2.5/subprocess.py", line 1097, in _execute_child
OSError: [Errno 2] No such file or directory

When I did : 

strace engine/talpa_select select

 I can see (in resume, I think you don't need every line :P ) :

subprocess.py = -1 ENOENT (No such file or directory)

talpa_select.py  = -1 ENOENT (No such file or directory)

For your information, here are RHEL versions :

Red Hat Enterprise Linux Server release 5.9 (Tikanga)

2.6.18-348.6.1.el5 #1 SMP Fri Apr 26 09:21:26 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux

and 

/data/sophos-av/bin/savscan -v | less
SAVScan virus detection utility
Copyright (c) 1989-2013 Sophos Limited. All rights reserved.

System time 10:56:37, System date 05 July 2013

Product version : 4.89.0
Engine version : 3.43.0
Virus data version : 4.90
User interface version : 2.03.043
Platform : Linux/Intel
Released : 13 June 2013

So I have 2 questions :

What's happened on my platform ?

And I'm not sure to understanding the goal of talpa module and how it works. Someone could explain me talpa module please :) ?

I hope I was clear enough. Don't hesitate to ask me more information and sorry for my english.

Thank you in advance for you help.

Wagab

:41433


This thread was automatically locked due to age.
  • 0

    Unfortunately the lines you saved from the talpa_select select call are irrelevant, as they are just due to the way python loads code.

    Guessing from the exception, you don't have make (or possibly strip) installed.

    Also knowing the SAV version would be more useful than the other information you provided (savdstatus --version).

    :41483
  • 0

    Hello,

    thank you for your help.

    First, I would like to say that I think it was interesting that I have written. Originally, I wanted to show you there is something which is not found. When I did locate talpa_select.py, there is nothing. I thought it was linked but maybe I'm wrong :P.

    So here is what you asked me :

    /data/sophos-av/bin/savdstatus --version
    Copyright 1989-2012 Sophos Group. All rights reserved.
    Sophos Anti-Virus = 7.6.4
    Virus engine = 3.43.0
    Virus data = 4.90
    Virus count = 5198110
    Virus data release = Thu Jun 13 00:00:00 2013
    Last update = Wed Jul 10 08:21:10 2013

    What do you thnik about that ?

    Thank you in advance.

    Wagab

    :41515
  • 0

    I have find a solution.

    I launched all these commands :

    yum install gcc
    yum install make
    yum install kernel-devel-`uname -r`

    engine/talpa_select select
    bin/savdctl enable  

    I don't understand why my kernel is not ok now but I need to install packages in order to compilate talpa_select.

    :41519
  • 0

    Talpa is the set of kernel modules that Sophos Anti-Virus for Linux uses to interfaces with the kernel to do on-access scanning.

    SAV 7 is in retirement, so doesn't receive new compiled Talpa Binary Packs for new kernels - hence why you needed to compile locally.

    Compiling locally required gcc, make and the kernel headers for your kernel, as I said.

    :41525
  • 0

    Thank you for your explanation.

    Wagab

    :42223
  • 0

    Hi,

    I have this kernel 2.6.18-308.16.1.el5.centos.plusxen. When i try to yum install kernel-devel-2.6.18-308.16.1.el5.centos.plusxen in amazon machine it says that 

    No package kernel-devel-2.6.18-308.16.1.el5.centos.plusxen available.

    But in another amazon machine has kernal 2.6.32-358.el6.x86_64. I am able to yum install it and on access scanning is active. 

    But for kernel-devel-2.6.18-308.16.1.el5.centos.plusxen it is not working. 

    Please tell me a solution.

    :43265
  • 0

    That doesn't really look like a problem with Sophos; you need to find the kernel devel package for your kernel; from centos or amazon I guess.

    :43267