Sophos Anti-Virus for UNIX 9

For Recommended customers

About these release notes

These are the release notes for Sophos Anti-Virus for UNIX Recommended versions, managed by Sophos Enterprise Console or standalone.

Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.


You may find that you cannot yet download and use the latest version on the list below. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

Version 9


Sophos Anti-Virus


May 2018


December 2017


July 2017


January 2017


November 2016


September 2016

Threat detection engine







Version 9.15.0

Updated Components

  • The threat detection engine has been updated from 3.69.2 to 3.72.1. For information about the changes to the threat detection engine, see the Sophos Threat Detection Engine release notes.
  • We have updated curl to version 7.59.0.
  • We have updated Python to version 2.7.14.
  • We have updated libexpat to 2.2.5.
  • We have updated OpenSSL to 1.0.2n.
  • We have updated Boost to 1.66.0.
  • We have updated Samba to 4.8.0.

Version 9.14.1 (AIX only)

Updated components

Version 9.14.0

New features

  • We have added SMBv2 support.
  • We have updated OpenSSL to 1.0.2k.
  • We have updated the product to use RMS 4.1.

Updated Components

  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.
  • We have updated curl to version 7.54.0.
  • We have updated zlib to version 1.2.11.
  • We have updated boost to version 1.59.0.
  • We have updated SAMBA to 4.6.1.
  • We have updated libexpat to 2.2.1.
  • We have updated pycrypto to 2.6.1.

Resolved Issues

No resolved issues.

Version 9.12.7

New features

  • We have updated OpenSSL to 1.0.2j.
  • We have updated libexpat to 2.2.0.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Resolved Issues

  • Minor bug fixes for AIX.

Version 9.12.5

New features

  • The RMS has been updated to use Transport Layer Security (TLS) 1.2.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.

Version 9.12.2

New features

  • Sophos Anti-Virus for UNIX now includes RMS (Remote Management System) 4, which provides more secure communications between Sophos Enterprise Console and endpoint computers.
  • Python has been updated to 2.7.9.
  • Libexpat has been updated to 2.1.1.
  • Boost has been updated to 1.59.0.
  • ACE-TAO has been updated to 6.2.5.
  • OpenSSL has been updated to 1.0.2h.
  • The threat detection engine has been updated. For information about the changes to the threat detection engine, see the threat detection engine release notes.
  • We have also updated the readme files to include licenses for third party software.

Resolved Issues

Issue ID



Unused commands in the Remote Management System (RMS) protocol. Only commands that are used are now enabled. All deprecated commands have been removed.


Event messages do not use the overridden computer name

This issue has been fixed so that Linux/Unix endpoint computers now consistently use the overridden hostname.


Some local Remote Management System (RMS) ports are unnecessarily visible to the network. All unnecessary ports are now locked down for improved security.


Scheduled scan occasionally fails to send email alert

If you manage your Linux computers with Sophos Enterprise Console and you have set up email notifications, a scheduled scan should send an email when it finds a threat. However, this occasionally fails to happen. This has been fixed.


$INST/etc is owned by sophosav allowing replacement of root-owned files

$INST is owned by sophosav, so that any process running as sophosav can move or replace files inside it. This has been fixed.


Linux computers did not display an error in Enterprise Console when an update from their "primary" location failed.


The symlink "/opt/sophos-av/uncdownload/libsmbclient.so" was removed and then later recreated during updating.


When the language was set to LANG =ja_JP.eucjp and the locale installed on the system, the savdstatus command failed with a decoding error.


Enterprise Console showed clustered IP address details instead of the host IP address.


The ACE/TAO implementation has been modified to correct issues with atomic registry file updating.


An on-demand scan issue has been fixed by increasing the argument limit passed on to the savscan command.

Known issues and limitations

Issue ID Description
-- If you downgrade to version 9.7.1 from 9.7.2, RMS may not restart correctly.

You can resolve this issue by stopping the sav-rms service and restarting it manually. See Sophos knowledgebase article 118388.

DEF95670 Enterprise Console displays the incorrect version number after an upgrade or downgrade between Recommended and Preview versions.

If you upgrade or downgrade between the Recommended and Preview versions of Sophos Anti-Virus, the product version number displayed in Enterprise Console is not updated. This is because these versions have the same threat detection engine and threat data (changes in the version number are reported only when the detection engine or data version changes). Enterprise Console will display the correct version number as soon as Sophos Anti-Virus receives an automatic update that includes new threat data.

-- Per-process memory limits on UNIX systems can restrict Sophos Anti-Virus from functioning correctly.

On IBM AIX systems, Sophos Anti-Virus requires more memory than the default "Maximum Data Segment" size limit. For information on how to increase this limit, see www.sophos.com/en-us/support/knowledgebase/118805.aspx.

DEF74349 Enterprise Console does not show that a file has been quarantined.

On a Sophos Anti-Virus installation that is managed by Sophos Enterprise Console, if an on-demand scan quarantines a file, savlog shows that the file has been quarantined, but in Enterprise Console, "action taken" is blank.


If you install a managed installation of Sophos Anti-Virus on an AIX or HP-UX workstation, and in Sophos Enterprise Console you move the workstation from the "Unassigned" group to another group, the "Anti-virus and HIPS policy" column in the computer list might display "Differs from policy". To work around this, in Enterprise Console, right-click the workstation, point to "Comply with", and then click "Group anti-virus and HIPS Policy".


During installation or upgrade, if you make typographical errors when prompted for information, and correct these, control characters might be stored as part of your input. This could cause a problem, especially with updating. For more information, go to www.sophos.com/en-us/support/knowledgebase/58693.aspx.


On a computer running Solaris version 10 with a Japanese locale, if you try to install Sophos Anti-Virus from a central installation directory and you enter an installation location using Japanese text, the installation fails with the message "svccfg: Syntax error".


If you install Sophos Anti-Virus on a computer that has Sophos Anti-Virus and a third-party product that uses SAV Interface installed, you might have to configure Sophos Anti-Virus to use the correct location for the Sophos Anti-Virus libraries and threat data. For information, go to www.sophos.com/en-us/support/knowledgebase/50230.aspx..

-- Sophos Anti-Virus on AIX and SAV Interface on AIX.

On AIX, it is possible for the memory allocation functions to return memory addresses that don't exist, usually when the computer is running low on memory. If these memory addresses are subsequently accessed, the computer may terminate the application.</p><p>Sophos recommends setting the PSALLOC environment variable to the value "early", before running Sophos Anti-Virus on AIX or SAV Interface applications on AIX, i.e.


Setting PSALLOC to "early" causes the memory allocation functions to only allocate memory that exists. This may cause your computer to run slower, because further checks are carried out on memory as it is allocated.

Additional information

  • Installation in non-ASCII encoded locations

    You can't install Sophos Anti-Virus in a location that is specified by a non-ASCII path.

  • Japanese language support

    Sophos Anti-Virus can be installed on computers that are using ja_JP.eucJP and ja_JP.UTF8. Installation on computers with ja_JP.sjis locale (Japanese with Shift-JIS encoding) is not supported.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2018 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.