Tag Archives: check sophos av is running or not

How to install and uninstall Sophos Antivirus in Linux

Leave a reply

Short post to learn how to install and uninstall Sophos Antivirus in Linux.

Sophos is a well-known antivirus for Windows, Linux, Mac platforms. Sophos also offers different security solutions along with antivirus. In this post we walk through the install, check and remove Sophos antivirus on Linux systems. You can download Sophos antivirus for Linux for free here.

How to install Sophos Antivirus in Linux

You can transfer the installer downloaded on a laptop or desktop on your Linux server. Or you can use tools like wget to download the installer directly on your Linux server. You can get a Linux installer link from your account on a website.

You will be having Sophos Antivirus with install.sh script within. For non-interactive setup executive script with below switches and you are good to go –

root@kerneltalks # ./install.sh --automatic --acceptlicence /opt/sophos-av
Installing Sophos Anti-Virus....
Selecting appropriate kernel support...

Installation completed.
Your computer is now protected by Sophos Anti-Virus.

Antivirus is successfully installed on your server.

Check current status of Sophos Antivirus

Antivirus runs with service named sav-protect. So you can use normal Linux service status command to check the status of AV service.

root@kerneltalks # service sav-protect status
sav-protect.service - "Sophos Anti-Virus daemon"
   Loaded: loaded (/usr/lib/systemd/system/sav-protect.service; enabled)
   Active: active (running)[0m since Thu 2018-07-19 13:30:50 IST; 3 months 4 days ago
     Docs: man:sav-protect
  Process: 5619 ExecStop=/opt/sophos-av/engine/.sav-protect.systemd.stop.sh (code=exited, status=0/SUCCESS)
  Process: 6287 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.(code=exited, status=1/FAILURE)
  Process: 5646 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
 Main PID: 6286 (savd)
   CGroup: /system.slice/sav-protect.service
           ├─5842 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.397 --ondemandcontrol=socketpair://46/47
           └─6286 savd etc/savd.cfg

Oct 21 17:50:56 kerneltalks savd[6286]: scheduled.scan.log: Scheduled scan "SEC:Weekly scan" completed: master boot records scanned: 0, boot records scanned: 0, files scanned: 968342, scan errors: 0, threats detected: 0, infected files detected: 0
Oct 21 21:38:46 kerneltalks savd[6286]: update.check: Successfully updated Sophos Anti-Virus from \\avserver.kerneltalks.com\SophosUpdate\CIDs\S038\savlinux

You can see the recent two activities as a successful scheduled scan run and virus definition update in the last log lines.

How to uninstall Sophos Antivirus in Linux

Run uninstall.sh script located at /opt/sophos-av to uninstall Sophos Antivirus.

root@kerneltalks # /opt/sophos-av/uninstall.sh
Uninstalling Sophos Anti-Virus.
WARNING: Sophos Anti-Virus still running.
Do you want to stop Sophos Anti-Virus? Yes(Y)/No(N) [N]
> Y

Stopping Sophos Anti-Virus.
Sophos Anti-Virus has been uninstalled.

And AV is un-installed. You can confirm by checking status again which will result in an error.

root@kerneltalks # service sav-protect status
service: no such service sav-protect