Endpoint

Sophos Anti-Virus for Linux 9

For Recommended Customers

About these release notes

These are the release notes for Sophos Anti-Virus for Linux Recommended versions, managed by Sophos Enterprise Console or standalone.

Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.

Note: You may find that you cannot yet download and use the latest version on the list below. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

These are the release notes for Sophos Anti-Virus for Linux Recommended versions, managed by Sophos Enterprise Console or standalone.

Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.

Note: You may find that you cannot yet download and use the latest version on the list below. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

Version 9.12.3

Sophos Anti-Virus (SAV) 9.12.3
Threat detection engine 3.65.2

New features

Resolved issues

No resolved issues.

Sophos Anti-Virus (SAV) 9.12.3
Threat detection engine 3.65.2

New features

Resolved issues

No resolved issues.

Version 9.12.2

Sophos Anti-Virus (SAV) 9.12.2
Threat detection engine 3.65.2

New features

  • We have updated libexpat to 2.1.1 because of a vulnerability in 2.1.0.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.
  • We have also updated the readme files to include licenses for third party software.

Resolved issues

No resolved issues.

Sophos Anti-Virus (SAV) 9.12.2
Threat detection engine 3.65.2

New features

  • We have updated libexpat to 2.1.1 because of a vulnerability in 2.1.0.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.
  • We have also updated the readme files to include licenses for third party software.

Resolved issues

No resolved issues.

Version 9.12.0

Components

Sophos Anti-Virus (SAV) 9.12.0
Threat detection engine 3.64.3

New features

  • Sophos Anti-Virus now includes support for Ubuntu 16.04.
  • We have updated OpenSSL to 1.0.2h.
  • Automatic sample submission is now available for Live Protection.
  • A new version of Talpa, 1.21.5, which fixes Talpa-related issues, has been added.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Resolved issues

Issue ID Description
LINUXEP-804 Sophos Anti-Virus now identifies and ignores mount calls from an IP command
LINUXEP-1814 The ACE/TAO implementation has been modified to correct issues with atomic registry file updating.
LINUXEP-1816 An on-demand scan issue has been fixed by increasing the argument limit passed on to the savscan command.
LINUXEP-1820 The yum command now runs as root to prevent errors.
LINUXEP-1938 Log message has been downgraded from error level to debug.
LINUXEP-2018 Debug errors were reported. These should no longer been shown.

Components

Sophos Anti-Virus (SAV) 9.12.0
Threat detection engine 3.64.3

New features

  • Sophos Anti-Virus now includes support for Ubuntu 16.04.
  • We have updated OpenSSL to 1.0.2h.
  • Automatic sample submission is now available for Live Protection.
  • A new version of Talpa, 1.21.5, which fixes Talpa-related issues, has been added.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Resolved issues

Issue ID Description
LINUXEP-804 Sophos Anti-Virus now identifies and ignores mount calls from an IP command
LINUXEP-1814 The ACE/TAO implementation has been modified to correct issues with atomic registry file updating.
LINUXEP-1816 An on-demand scan issue has been fixed by increasing the argument limit passed on to the savscan command.
LINUXEP-1820 The yum command now runs as root to prevent errors.
LINUXEP-1938 Log message has been downgraded from error level to debug.
LINUXEP-2018 Debug errors were reported. These should no longer been shown.

Version 9.11.2

Components

Sophos Anti-Virus (SAV) 9.11.2
Threat detection engine 3.65.2

New features

Resolved issues

No resolved issues.

Components

Sophos Anti-Virus (SAV) 9.11.2
Threat detection engine 3.65.2

New features

Resolved issues

No resolved issues.

Version 9.11.1

Components

Sophos Anti-Virus (SAV) 9.11.1
Threat detection engine 3.64.0

New features

  • Improved update logging. We have added a check that makes it less likely that 'update.update' will be logged in syslog / savd log even when no software or data change has occurred.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Resolved issues

Issue ID Description
LINUXEP-1733 In version 9.11.0, the 'phone-home' feature (which sends platform and product usage data to Sophos) caused kernel modules to load.
LINUXEP-1673 When the language was set to LANG =ja_JP.eucjp and the locale installed on the system, the savdstatus command failed with a decoding error.
LINUXEP-1464 Enterprise Console showed clustered IP address details instead of the host IP address.
LINUXEP-1276 Enterprise Console did not show domain name in the computer details for a CentOS 6.6 endpoint.

Components

Sophos Anti-Virus (SAV) 9.11.1
Threat detection engine 3.64.0

New features

  • Improved update logging. We have added a check that makes it less likely that 'update.update' will be logged in syslog / savd log even when no software or data change has occurred.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Resolved issues

Issue ID Description
LINUXEP-1733 In version 9.11.0, the 'phone-home' feature (which sends platform and product usage data to Sophos) caused kernel modules to load.
LINUXEP-1673 When the language was set to LANG =ja_JP.eucjp and the locale installed on the system, the savdstatus command failed with a decoding error.
LINUXEP-1464 Enterprise Console showed clustered IP address details instead of the host IP address.
LINUXEP-1276 Enterprise Console did not show domain name in the computer details for a CentOS 6.6 endpoint.

Version 9.11.0

Components

Sophos Anti-Virus (SAV) 9.11.0
Threat detection engine 3.63.0

Removed features

  • The web user interface (web UI) previously provided for Sophos Anti-Virus is no longer available.

New features

  • Installations of Sophos Anti-Virus that are currently managed by Enterprise Console can now be migrated to Sophos Cloud.

    To migrate computers, log on to the Sophos Cloud console, go to the Downloads tab and use the installer or script there. See Sophos Knowledgebase Article 121887.
  • A new version of Talpa, 1.20, has been added.
  • Sophos Anti-Virus now includes Talpa Binary Pack support for Ubuntu 15.04 and Debian 8.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Resolved issues

Issue ID Description
LINUXEP-97 Linux computers did not display an error in Enterprise Console when an update from their "primary" location failed.
LINUXEP-482 Talpa Binary Pack (TBP) was compiled during an update even if on-access scanning was not enabled.
LINUXEP-895 The symlink "/opt/sophos-av/uncdownload/libsmbclient.so" was removed and then later recreated during updating.
LINUXEP-899 On RedHat 6.6, there were issues when uninstalling 9.8.5. and errors with Python 2.7 were reported.

Components

Sophos Anti-Virus (SAV) 9.11.0
Threat detection engine 3.63.0

Removed features

  • The web user interface (web UI) previously provided for Sophos Anti-Virus is no longer available.

New features

  • Installations of Sophos Anti-Virus that are currently managed by Enterprise Console can now be migrated to Sophos Cloud.

    To migrate computers, log on to the Sophos Cloud console, go to the Downloads tab and use the installer or script there. See Sophos Knowledgebase Article 121887.
  • A new version of Talpa, 1.20, has been added.
  • Sophos Anti-Virus now includes Talpa Binary Pack support for Ubuntu 15.04 and Debian 8.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Resolved issues

Issue ID Description
LINUXEP-97 Linux computers did not display an error in Enterprise Console when an update from their "primary" location failed.
LINUXEP-482 Talpa Binary Pack (TBP) was compiled during an update even if on-access scanning was not enabled.
LINUXEP-895 The symlink "/opt/sophos-av/uncdownload/libsmbclient.so" was removed and then later recreated during updating.
LINUXEP-899 On RedHat 6.6, there were issues when uninstalling 9.8.5. and errors with Python 2.7 were reported.

Known issues and limitations

Issue ID Description
LINUXEP-897 On some Japanese systems, characters in desktop alerts are corrupted.

On the Japanese version of RHEL/CentOS/Oracle Linux 7, desktop alerts may include corrupted characters. You should install the xorg-x11-fonts-misc fonts.

WKI67300 On Red Hat Enterprise Linux version 6 or version 5 64-bit, desktop pop-up alerts are not displayed.

To fix this problem, install the latest libXpm from the appropriate package on the Red Hat installation DVD.

This package is needed by desktop pop-up alerts but is not installed by default by Red Hat.

DEF92486 On-access scanning with fanotify on NFSv4 can block all access to files.

Running on-access scanning with fanotify on an NFSv4 file system can result in all file access being blocked. This is a kernel issue. Sophos is working with the Linux community to resolve it. Workrounds are to use Talpa instead, downgrade to NFSv3, or exclude any NFSv4 shares from on-access scanning.

DEF96261 On-access scanning with fanotify on CIFS causes 30 seconds delay in file creation and access.

If on-access scanning is run with fanotify on a CIFS (Common Internet File System) local share, users can experience a delay of around 30 seconds when creating or accessing files. This is a kernel issue and Sophos is working with the Linux community to resolve it. Workarounds are to disable CIFS oplocks or exclude the CIFS share from on-access scanning.

DEF74349 Enterprise Console does not show that a file has been quarantined.

On a Sophos Anti-Virus installation that is managed by Sophos Enterprise Console, if an on-demand scan quarantines a file, savlog shows that the file has been quarantined, but in Enterprise Console, "action taken" is blank.

Issue ID Description
LINUXEP-897 On some Japanese systems, characters in desktop alerts are corrupted.

On the Japanese version of RHEL/CentOS/Oracle Linux 7, desktop alerts may include corrupted characters. You should install the xorg-x11-fonts-misc fonts.

WKI67300 On Red Hat Enterprise Linux version 6 or version 5 64-bit, desktop pop-up alerts are not displayed.

To fix this problem, install the latest libXpm from the appropriate package on the Red Hat installation DVD.

This package is needed by desktop pop-up alerts but is not installed by default by Red Hat.

DEF92486 On-access scanning with fanotify on NFSv4 can block all access to files.

Running on-access scanning with fanotify on an NFSv4 file system can result in all file access being blocked. This is a kernel issue. Sophos is working with the Linux community to resolve it. Workrounds are to use Talpa instead, downgrade to NFSv3, or exclude any NFSv4 shares from on-access scanning.

DEF96261 On-access scanning with fanotify on CIFS causes 30 seconds delay in file creation and access.

If on-access scanning is run with fanotify on a CIFS (Common Internet File System) local share, users can experience a delay of around 30 seconds when creating or accessing files. This is a kernel issue and Sophos is working with the Linux community to resolve it. Workarounds are to disable CIFS oplocks or exclude the CIFS share from on-access scanning.

DEF74349 Enterprise Console does not show that a file has been quarantined.

On a Sophos Anti-Virus installation that is managed by Sophos Enterprise Console, if an on-demand scan quarantines a file, savlog shows that the file has been quarantined, but in Enterprise Console, "action taken" is blank.

Additional information

  • Installation in non-UTF-8 and non-ASCII encoded locations

    You can't install Sophos Anti-Virus in a location that is specified by a non-UTF-8 and non-ASCII path.

  • Installation on computers using non-UTF-8 and non-ASCII encoding

    On a computer that is using non-UTF-8 and non-ASCII encoding, to install from the deployment package that is created by mkinstpkg.sh, run the installation script as follows:

    LANG=C ./sophos-av/install.sh
  • Japanese language support

    Sophos Anti-Virus can be installed on computers that are using ja_JP.eucJP and ja_JP.UTF8. Installation on computers with ja_JP.sjis locale (Japanese with Shift-JIS encoding) is not supported.

  • Fonts required on Japanese systems

    On the Japanese version of RHEL/CentOS/Oracle Linux 7, you must install the xorg-x11-fonts-misc fonts. This ensures that desktop messages are correctly displayed.

  • Sophos Remote Management System doesn't start if Sophos Anti-Virus has been installed from NFS filesystem

    If you install Sophos Anti-Virus from an NFS filesystem, Sophos Remote Management System won't start. To work around this, use an alternative installation source instead, for example a Samba share.

  • Sophos Anti-Virus and PureMessage for UNIX

    If you install Sophos Anti-Virus on a mail server that is running Sophos PureMessage for UNIX, you must make sure that scanning of MIME files is disabled in Sophos Anti-Virus. This is because scanning MIME files with Sophos Anti-Virus might prevent PureMessage from accessing files that contain viruses. By default, MIME scanning is disabled.

  • Installation in non-UTF-8 and non-ASCII encoded locations

    You can't install Sophos Anti-Virus in a location that is specified by a non-UTF-8 and non-ASCII path.

  • Installation on computers using non-UTF-8 and non-ASCII encoding

    On a computer that is using non-UTF-8 and non-ASCII encoding, to install from the deployment package that is created by mkinstpkg.sh, run the installation script as follows:

    LANG=C ./sophos-av/install.sh
  • Japanese language support

    Sophos Anti-Virus can be installed on computers that are using ja_JP.eucJP and ja_JP.UTF8. Installation on computers with ja_JP.sjis locale (Japanese with Shift-JIS encoding) is not supported.

  • Fonts required on Japanese systems

    On the Japanese version of RHEL/CentOS/Oracle Linux 7, you must install the xorg-x11-fonts-misc fonts. This ensures that desktop messages are correctly displayed.

  • Sophos Remote Management System doesn't start if Sophos Anti-Virus has been installed from NFS filesystem

    If you install Sophos Anti-Virus from an NFS filesystem, Sophos Remote Management System won't start. To work around this, use an alternative installation source instead, for example a Samba share.

  • Sophos Anti-Virus and PureMessage for UNIX

    If you install Sophos Anti-Virus on a mail server that is running Sophos PureMessage for UNIX, you must make sure that scanning of MIME files is disabled in Sophos Anti-Virus. This is because scanning MIME files with Sophos Anti-Virus might prevent PureMessage from accessing files that contain viruses. By default, MIME scanning is disabled.

Technical support

You can find technical support for Sophos products in any of these ways:

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2007–2016 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

Copyright © 2007–2016 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.