These are the release notes for Sophos Anti-Virus for Linux Recommended versions, managed by Sophos Enterprise Console or standalone.
Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.
|Sophos Anti-Virus (SAV)||9.12.0|
|Threat detection engine||3.64.3|
|LINUXEP-804||Sophos Anti-Virus now identifies and ignores mount calls from an IP command|
|LINUXEP-1814||The ACE/TAO implementation has been modified to correct issues with atomic registry file updating.|
|LINUXEP-1816||An on-demand scan issue has been fixed by increasing the argument limit passed on to the savscan command.|
|LINUXEP-1820||The yum command now runs as root to prevent errors.|
|LINUXEP-1938||Log message has been downgraded from error level to debug.|
|LINUXEP-2018||Debug errors were reported. These should no longer been shown.|
|Sophos Anti-Virus (SAV)||9.11.1|
|Threat detection engine||3.64.0|
|LINUXEP-1733||In version 9.11.0, the 'phone-home' feature (which sends platform and product usage data to Sophos) caused kernel modules to load.|
|LINUXEP-1673||When the language was set to LANG =ja_JP.eucjp and the locale installed on the system, the savdstatus command failed with a decoding error.|
|LINUXEP-1464||Enterprise Console showed clustered IP address details instead of the host IP address.|
|LINUXEP-1276||Enterprise Console did not show domain name in the computer details for a CentOS 6.6 endpoint.|
|Sophos Anti-Virus (SAV)||9.11.0|
|Threat detection engine||3.63.0|
|LINUXEP-97||Linux computers did not display an error in Enterprise Console when an update from their "primary" location failed.|
|LINUXEP-482||Talpa Binary Pack (TBP) was compiled during an update even if on-access scanning was not enabled.|
|LINUXEP-895||The symlink "/opt/sophos-av/uncdownload/libsmbclient.so" was removed and then later recreated during updating.|
|LINUXEP-899||On RedHat 6.6, there were issues when uninstalling 9.8.5. and errors with Python 2.7 were reported.|
|Sophos Anti-Virus (SAV)||9.8.5|
|Threat detection engine||3.60.0|
No resolved issues.
|Sophos Anti-Virus (SAV)||9.7.2|
|Threat detection engine||3.58.1|
No new features.
No resolved issues.
|Sophos Anti-Virus (SAV)||9.7.1|
|Threat detection engine||3.55.0|
|SUG95841||Added support for customers to create packages that update directly from
We have altered the script for making installation packages (mkinstpkg.sh) so that customers can now select Sophos as the update location.
|DEF94382||fanotify scan processors are occasionally force terminated.
We have reworked stream handling so that fanotify is no longer force terminated.
|DEF94926||fanotify scanning reports uncaught exception errors
This issue has been resolved after a review of our exception handling.
|DEF85504||If you run the uninstallation script with an invalid option, the help for
installation is displayed.
Running uninstall.sh with an invalid option used to result in the list of options for installation being displayed. The correct list of uninstallation options is now displayed.
|SUG65114||Make it possible to ensure that Sophos Anti-Virus does not use an http
A noproxy setting can now be enforced in savconfig. For details, see the manpage for savconfig.
|DEF95670||Enterprise Console displays the incorrect version number after an upgrade or
Enterprise Console did not update version numbers after upgrade or downgrade between versions with the same threat detection engine and data (for example, Preview and Recommended version). This has now been changed so that the correct version number is shown.
|DEF96222||RMS, which handles communications with the server, does not start
This is fixed, as the sophosmgmtd adapter now restarts the RMS components (mrouter and magent) after an SEGV error.
|WKI95940||RMS, which handles communications with the server, does not initialize and
rapidly fills Messages.txt with sav-rms failure messages.
This is fixed, as the sophosmgmtd adapter now manages restarts for the RMS components (mrouter and magent).
|DEF87381||The RMS component mrouter coredumps when cluster software changes the
network adapter settings.
This is fixed, as the sophosmgmtd adapter restarts mrouter after an SEGV error.
|WKI79953||The RMS component magent coredumps.
This is fixed, as the sophosmgmtd adapter restarts magent after an SEGV error.
|SUG80323||Force RMS to send a 'heartbeat' message back to Enterprise Console
We have implemented this, as the sophosmgmtd adapter can be configured to do periodic restarts (which force messages to be sent).
|Sophos Anti-Virus (SAV)||9.6.1|
|Threat detection engine||3.51|
|DEF95938||Talpa Binary Pack can fail on Linux kernels 3.11 and later.
Under some circumstances, Talpa Binary Pack can fail to intercept file accesses on Linux kernels 3.11 and later, so that the user loses on-access protection.
|DEF95898||Mount fails with the error "protocol driver not attached" when Sophos
Anti-Virus 9.5.1 for Linux is installed.
Attempting to mount a drive on a Linux computer with Sophos Anti-Virus version 9.5.1 (with engine version 3.50) fails. For more information, see http://www.sophos.com/en-us/support/knowledgebase/120622.aspx.
|DEF95394||Talpa generates multiple errors and can cause lockups on computers with
Linux 3.8 kernel.
If you run Sophos Anti-Virus 9.5.0 or later on a computer running the Linux kernel 3.8, Talpa generates errors and can cause lockups. The computer has to be restarted before it can be used again.
|DEF95174||Kernel panics occur on computers with cPanel installed.
Kernel panics occur if Sophos Anti-Virus 9.5.0 or later is installed on computers that also have cPanel installed.
|DEF95055||On some distributions, Talpa Binary Pack crashes when attempting a "scan on
close" for exiting processes on Linux kernel 3.8 and later.
This means that Talpa Binary Pack support is currently unavailable for these kernels.
|DEF94853||On the RHEL/Centos 6.5 distribution, mount points fail with a custom Talpa
On the RHEL/Centos 6.5 distribution update, which includes the 2.6.32-431 kernel, attempts to mount fail with a message similar to "... failed, reason given by server: No such file or directory." The message log contains one or more of these entries: "kernel: talpa-vfshook: Failed to synchronise post-mount! (-2)".
|DEF94114||fanotify reports that it has deleted threats even if it has failed to delete
fanotify sometimes reports that it has deleted a file that contains a threat but leaves the file on disk. This occurs when a user attempts to access files in a sticky directory that they do not own and cannot write to.
|DEF94234||Updating directly from Sophos would fail if the main Sophos server is
Updating directly from Sophos would fail if the main Sophos server is unavailable, when a backup server should've been used but wasn't.
|DEF93898||Endpoints do not correctly report primary and secondary update locations to
Endpoint computers sometimes do not have primary or secondary update locations shown in "Computer Details" or "Update details" in Enterprise Console, even if they are compliant with your policies and up to date.
|DEF93016||Web UI log viewer shows log messages without line breaks.
When an update reports a long message, a large block of text without line breaks is shown in the log, which is hard to read.
|DEF92615||savscan allows regular users to send the savscan log to
Users can use the -p=<log path> option to send the savscan log to /opt/sophos-av/var/spool. The email notifier then tries to parse the files and deliver them as email. This results in an error and the notifier stops processing files.
|DEF92612||After an upgrade from version 6 to 7 and then to 9, world-writeable files and directories are left in a Sophos directory.|
|Sophos Anti-Virus (SAV)||9.5.2|
|Threat detection engine||3.50.2|
The threat data have been updated.
No issues were resolved.
|Sophos Anti-Virus (SAV)||9.5.1|
|Threat detection engine||3.50.2|
The threat detection engine and threat data have been updated.
No issues were resolved.
|Sophos Anti-Virus (SAV)||9.5.0|
|Threat detection engine||3.48|
|DEF93361||ExclusionEncodings option does not work with Fanotify.
The ExclusionEncodings option, which enables you to exclude files with names that are not encoded in UTF-8 (for example filenames in EUC-JP), does not work with Fanotify.
|DEF93714||Fanotify does not block access to malicious programs.
If you use Fanotify to intercept files for on-access scanning, it does not prevent malicious programs from running. Instead it hangs for three minutes and then allows access.
|DEF92586||Talpa fails to monitor an NFS mount if it cannot find any files when the filesystem is mounted or on-access scanning is started.|
|DEF92198||If Talpa is enabled, writing a file to an NFS share causes kernel panic on the NFS server.|
|LINUXEP-897||On some Japanese systems, characters in desktop alerts are corrupted.
On the Japanese version of RHEL/CentOS/Oracle Linux 7, desktop alerts may include corrupted characters. You should install the xorg-x11-fonts-misc fonts.
|WKI67300||On Red Hat Enterprise Linux version 6 or version 5 64-bit, desktop pop-up
alerts are not displayed.
To fix this problem, install the latest libXpm from the appropriate package on the Red Hat installation DVD.
This package is needed by desktop pop-up alerts but is not installed by default by Red Hat.
|DEF92486||On-access scanning with fanotify on NFSv4 can block all access to
Running on-access scanning with fanotify on an NFSv4 file system can result in all file access being blocked. This is a kernel issue. Sophos is working with the Linux community to resolve it. Workrounds are to use Talpa instead, downgrade to NFSv3, or exclude any NFSv4 shares from on-access scanning.
|DEF96261||On-access scanning with fanotify on CIFS causes 30 seconds delay in file
creation and access.
If on-access scanning is run with fanotify on a CIFS (Common Internet File System) local share, users can experience a delay of around 30 seconds when creating or accessing files. This is a kernel issue and Sophos is working with the Linux community to resolve it. Workarounds are to disable CIFS oplocks or exclude the CIFS share from on-access scanning.
|DEF74349||Enterprise Console does not show that a file has been quarantined.
On a Sophos Anti-Virus installation that is managed by Sophos Enterprise Console, if an on-demand scan quarantines a file, savlog shows that the file has been quarantined, but in Enterprise Console, "action taken" is blank.
You can't install Sophos Anti-Virus in a location that is specified by a non-UTF-8 and non-ASCII path.
On a computer that is using non-UTF-8 and non-ASCII encoding, to install from the deployment package that is created by mkinstpkg.sh, run the installation script as follows:
Sophos Anti-Virus can be installed on computers that are using ja_JP.eucJP and ja_JP.UTF8. Installation on computers with ja_JP.sjis locale (Japanese with Shift-JIS encoding) is not supported.
On the Japanese version of RHEL/CentOS/Oracle Linux 7, you must install the xorg-x11-fonts-misc fonts. This ensures that desktop messages are correctly displayed.
If you install Sophos Anti-Virus from an NFS filesystem, Sophos Remote Management System won't start. To work around this, use an alternative installation source instead, for example a Samba share.
If you install Sophos Anti-Virus on a mail server that is running Sophos PureMessage for UNIX, you must make sure that scanning of MIME files is disabled in Sophos Anti-Virus. This is because scanning MIME files with Sophos Anti-Virus might prevent PureMessage from accessing files that contain viruses. By default, MIME scanning is disabled.
You can find technical support for Sophos products in any of these ways:
Copyright © 2007–2016 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.