Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6546 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Currently running Sophos 9.11.1 for RHEL5 (Linux) and want to know what directory the definition files (.ide) are kept?

GaryMintz

Hello Community!


I work for Advance Control Systems. We have an Energy Utility company customer who has to remain NERC CIP compliant and I have one week to verify that their Linux systems are protected against the BlackEnergy3 malware. I have a list of definition files that I need to verify are in fact on the system. I am not seeing any definition files (.ide) in the directory that I expected to see them in - /opt/sophos-av/lib/sav/.


Please can someone help me with this?

Best regards,


Gary



This thread was automatically locked due to age.
  • 0

    Hello Gary,

    if Sophos has been installed to /opt/sophos-av/ (which is the default be can be changed) this is where you should find the individual .ides and the libraries (.vdb). BTW: savscan -v will list the additional data files (ides) it uses  And - who gave you this list?

    Christian

  • 0 in reply to QC

    Hi Christian,


    I did install Sophos to the default /opt/sophos-av/ directory, but the .ide files should show up in the /opt/sophos-av/lib/sav/ directory. They aren't there. I should tell you how I am having to update to the new version 9.11.1. Imagine for a moment you are sitting at the client machine and it has no internet and it is not connected to a Sophos server of any kind. All you have is the sav-linux-9-i386.tgz file that you downloaded from the Sophos website prior to arriving at the customer’s site. This .tgz file is the updated 9.11.1 package. Now, I follow what may be an incomplete set of steps below:

    UNINSTALL/REINSTALL SOPHOS
    1. As root:# cd /opt/sophos-av/
         # ./uninstall.sh     (y)
         # cd /home/acs/tmp
         # tar zxpfv <sophos filename.tgz>
         # cd sophos-av/
         # ./install.sh
            - accept license agreement (Y)
            - Where do you want to install sophos? Accept default [/opt/sophos-av]
            - enable on-access scanning (Y)
            - auto-updating (n)
            - login = admin
            - password = acsacs
            - auto-update (n)

    Then I check to see that savd is running and I check the new version with /opt/sophos-av/bin/savdstatus --version. Is something missing? Are the .ides included in the .tgz file?

    Best regards,

    Gary

  • 0 in reply to GaryMintz

    Hello Gary,

    I see. The packages from the download contain the libraries (VDB) but not the supplemental IDEs. Please see this thread on how to update with the latest data (and update the libraries and software as well - so no need to uninstall or download/transfer the 400MB+ package).

    Christian

Cookie Information Banner