Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 6365 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Command savdstatus does not return reliable information about on-access scanning

GrantS

This is what I see in Linux, unsure if it applies on windows and OSX.

When using something like a configuration management system like saltstack, puppet or cfengine, without reliable status information it is makes it hard to conform the configuration in an efficient manner and there is no way to prove compliance outside of SEC.

There are two main problems

Initial Output Is Not Detailed

After you start the sav-protect service on linux, savdstatus will always return the following

# /opt/sophos-av/bin/savdstatus
Sophos Anti-Virus is active

This does not give you any information about on-access scanning. You can run savdctl and after the delay (as described below) you will get

#/opt/sophos-av/bin/savdctl enable

# sleep 5

# /opt/sophos-av/bin/savdstatus
Sophos Anti-Virus is active and on-access scanning is running

See the bit below about the delay

Change of State Delay

After running savdctl there is a delay before savdstatus output reflects the new change. This is more obvious when attempting to enable on-access scanning.

This is because savdctl is asynchonous and the time it takes to start up on-access scanning. So even though it appears there is a delay in reporting, it is reporting the correct state at that time. There is a delay in the time start on access scanning.

eg.

# /opt/sophos-av/bin/savdctl disable

# echo "Before State";/opt/sophos-av/bin/savdstatus;echo "Enabling on-access scanning";/opt/sophos-av/bin/savdctl enable;echo "State immediatley after savdctl";/opt/sophos-av/bin/savdstatus;sleep 2; echo "State After 2 sec";/opt/sophos-av/bin/savdstatus;sleep 2; echo "State after another 2 sec" ;/opt/sophos-av/bin/savdstatus;sleep 2; echo "State after another 2 sec" ;/opt/sophos-av/bin/savdstatus;sleep 2; echo "State after another 2 sec" ;/opt/sophos-av/bin/savdstatus
Before State
Sophos Anti-Virus is active but on-access scanning is not running
Enabling on-access scanning
State immediatley after savdctl
Sophos Anti-Virus is active but on-access scanning is not running
State After 2 sec
Sophos Anti-Virus is active but on-access scanning is not running
State after another 2 sec
Sophos Anti-Virus is active but on-access scanning is not running
State after another 2 sec
Sophos Anti-Virus is active and on-access scanning is running
State after another 2 sec
Sophos Anti-Virus is active and on-access scanning is running
#



This thread was automatically locked due to age.