Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6548 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Currently running Sophos 9.11.1 for RHEL5 (Linux) and want to know what directory the definition files (.ide) are kept?

GaryMintz

Hello Community!


I work for Advance Control Systems. We have an Energy Utility company customer who has to remain NERC CIP compliant and I have one week to verify that their Linux systems are protected against the BlackEnergy3 malware. I have a list of definition files that I need to verify are in fact on the system. I am not seeing any definition files (.ide) in the directory that I expected to see them in - /opt/sophos-av/lib/sav/.


Please can someone help me with this?

Best regards,


Gary



This thread was automatically locked due to age.
Parents
  • 0

    Hello Gary,

    if Sophos has been installed to /opt/sophos-av/ (which is the default be can be changed) this is where you should find the individual .ides and the libraries (.vdb). BTW: savscan -v will list the additional data files (ides) it uses  And - who gave you this list?

    Christian

  • 0 in reply to QC

    Hi Christian,


    I did install Sophos to the default /opt/sophos-av/ directory, but the .ide files should show up in the /opt/sophos-av/lib/sav/ directory. They aren't there. I should tell you how I am having to update to the new version 9.11.1. Imagine for a moment you are sitting at the client machine and it has no internet and it is not connected to a Sophos server of any kind. All you have is the sav-linux-9-i386.tgz file that you downloaded from the Sophos website prior to arriving at the customer’s site. This .tgz file is the updated 9.11.1 package. Now, I follow what may be an incomplete set of steps below:

    UNINSTALL/REINSTALL SOPHOS
    1. As root:# cd /opt/sophos-av/
         # ./uninstall.sh     (y)
         # cd /home/acs/tmp
         # tar zxpfv <sophos filename.tgz>
         # cd sophos-av/
         # ./install.sh
            - accept license agreement (Y)
            - Where do you want to install sophos? Accept default [/opt/sophos-av]
            - enable on-access scanning (Y)
            - auto-updating (n)
            - login = admin
            - password = acsacs
            - auto-update (n)

    Then I check to see that savd is running and I check the new version with /opt/sophos-av/bin/savdstatus --version. Is something missing? Are the .ides included in the .tgz file?

    Best regards,

    Gary

Reply
  • 0 in reply to QC

    Hi Christian,


    I did install Sophos to the default /opt/sophos-av/ directory, but the .ide files should show up in the /opt/sophos-av/lib/sav/ directory. They aren't there. I should tell you how I am having to update to the new version 9.11.1. Imagine for a moment you are sitting at the client machine and it has no internet and it is not connected to a Sophos server of any kind. All you have is the sav-linux-9-i386.tgz file that you downloaded from the Sophos website prior to arriving at the customer’s site. This .tgz file is the updated 9.11.1 package. Now, I follow what may be an incomplete set of steps below:

    UNINSTALL/REINSTALL SOPHOS
    1. As root:# cd /opt/sophos-av/
         # ./uninstall.sh     (y)
         # cd /home/acs/tmp
         # tar zxpfv <sophos filename.tgz>
         # cd sophos-av/
         # ./install.sh
            - accept license agreement (Y)
            - Where do you want to install sophos? Accept default [/opt/sophos-av]
            - enable on-access scanning (Y)
            - auto-updating (n)
            - login = admin
            - password = acsacs
            - auto-update (n)

    Then I check to see that savd is running and I check the new version with /opt/sophos-av/bin/savdstatus --version. Is something missing? Are the .ides included in the .tgz file?

    Best regards,

    Gary

Children
Cookie Information Banner