Installing "Sophos Anti-Virus for Linux (Sophos Central managed computers)" on Manjaro

Support Third-party Applications
1

Does anyone have any experience getting Sophos Anti-Virus for Linux (Sophos Central managed computers) running on Manjaro? I would normally use ClamAV where anti-virus is required, but the decision is not up to me. I’ve tried running the installation script but each time I try the sav-protect.service module logs errors stating talpa.startup: Unable to load Talpa modules.. The output of the talpaselect.log is provided below:

[Talpa-select]
Copyright 1989-2020 Sophos Limited. All rights reserved.
2020-11-25 16:12:36 GMT /opt/sophos-av/engine/_/talpa_select selectexisting /opt/sophos-av
[Talpa-select]
Copyright 1989-2020 Sophos Limited. All rights reserved.
2020-11-25 16:12:37 GMT /opt/sophos-av/engine/_/talpa_select load --hook talpa_vfshook --wait 10
Linux distribution: [manjaro]
Product: [Manjaro Linux]
Kernel: [5.9.10-1-MANJARO]
Multiprocessor support enabled.
Searching for source pack...
Searching for suitable binary pack...
No suitable binary pack available.
Preparing for build...
Extracting sources...
Configuring build of version 1.25.3...
configuring checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... none
checking whether gcc and cc understand -c and -o together... yes
checking for ld... ld
checking for egrep... grep -E
checking whether ln -s works... yes
checking for cat... /usr/bin/cat
checking for cut... /usr/bin/cut
checking for sed... /usr/bin/sed
checking for uname... /usr/bin/uname
checking for rm... /usr/bin/rm
checking for xargs... /usr/bin/xargs
checking for Talpa version... 1.25.3
checking for operating system... Linux
checking for kernel headers layout... /lib/modules/5.9.10-1-MANJARO/build/include:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/generated:/lib/modules/5.9.10-1-MANJARO/build/include/generated/uapi:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/generated/uapi:/lib/modules/5.9.10-1-MANJARO/build/include/uapi:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/uapi
checking for linux/version.h... yes
checking for linux/magic.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include/uapi
checking for uapi/linux/magic.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include
checking for linux/uidgid.h... for uidgid strict type checking header
checking for linux/compiler.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include
checking for uapi/asm/unistd.h... yes - /lib/modules/5.9.10-1-MANJARO/build/arch/x86/include
checking for asm/unistd_64_x32.h... yes - /lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/generated
checking for kernel configuration... checking for linux/kconfig.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include
done
checking for retpoline... configured, no check needed
checking for compilation environment... ok
checking for kernel architecture... x86_64
checking for kernel version code... 329994
checking for kernel version string... 5.9.10-1-MANJARO
checking for RHEL release code... not found
checking for linux/sched.h... yes
checking for unused task flag... ffzb_local.c: In function 'main':
ffzb_local.c:49:1: error: 'PF_KTHREAD' undeclared (first use in this function)
   49 | PF_KTHREAD | \
      | ^~~~~~~~~~
ffzb_local.c:65:27: note: in expansion of macro 'PF_TALPA_ALL'
   65 |     unsigned int result = PF_TALPA_ALL;
      |                           ^~~~~~~~~~~~
ffzb_local.c:49:1: note: each undeclared identifier is reported only once for each function it appears in
   49 | PF_KTHREAD | \
      | ^~~~~~~~~~
ffzb_local.c:65:27: note: in expansion of macro 'PF_TALPA_ALL'
   65 |     unsigned int result = PF_TALPA_ALL;
      |                           ^~~~~~~~~~~~
configure: error: compiler failure

Traceback (most recent call last):
  File "talpa_select.py", line 2035, in _action
  File "talpa_select.py", line 898, in load
  File "talpa_select.py", line 664, in select
  File "talpa_select.py", line 1555, in select
  File "talpa_select.py", line 1639, in build
  File "talpa_select.py", line 1769, in __try_build
  File "talpa_select.py", line 1634, in checkConfigureErrors
SelectException: exc-configure-failed
[Talpa-select]
Copyright 1989-2020 Sophos Limited. All rights reserved.
2020-11-25 16:14:54 GMT /opt/sophos-av/engine/_/talpa_select load --hook talpa_vfshook --wait 10
Linux distribution: [manjaro]
Product: [Manjaro Linux]
Kernel: [5.9.10-1-MANJARO]
Multiprocessor support enabled.
Searching for source pack...
Searching for suitable binary pack...
No suitable binary pack available.
Preparing for build...
Extracting sources...
Configuring build of version 1.25.3...
configuring checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... none
checking whether gcc and cc understand -c and -o together... yes
checking for ld... ld
checking for egrep... grep -E
checking whether ln -s works... yes
checking for cat... /usr/bin/cat
checking for cut... /usr/bin/cut
checking for sed... /usr/bin/sed
checking for uname... /usr/bin/uname
checking for rm... /usr/bin/rm
checking for xargs... /usr/bin/xargs
checking for Talpa version... 1.25.3
checking for operating system... Linux
checking for kernel headers layout... /lib/modules/5.9.10-1-MANJARO/build/include:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/generated:/lib/modules/5.9.10-1-MANJARO/build/include/generated/uapi:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/generated/uapi:/lib/modules/5.9.10-1-MANJARO/build/include/uapi:/lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/uapi
checking for linux/version.h... yes
checking for linux/magic.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include/uapi
checking for uapi/linux/magic.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include
checking for linux/uidgid.h... for uidgid strict type checking header
checking for linux/compiler.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include
checking for uapi/asm/unistd.h... yes - /lib/modules/5.9.10-1-MANJARO/build/arch/x86/include
checking for asm/unistd_64_x32.h... yes - /lib/modules/5.9.10-1-MANJARO/build/arch/x86/include/generated
checking for kernel configuration... checking for linux/kconfig.h... yes - /lib/modules/5.9.10-1-MANJARO/build/include
done
checking for retpoline... configured, no check needed
checking for compilation environment... ok
checking for kernel architecture... x86_64
checking for kernel version code... 329994
checking for kernel version string... 5.9.10-1-MANJARO
checking for RHEL release code... not found
checking for linux/sched.h... yes
checking for unused task flag... ffzb_local.c: In function 'main':
ffzb_local.c:49:1: error: 'PF_KTHREAD' undeclared (first use in this function)
   49 | PF_KTHREAD | \
      | ^~~~~~~~~~
ffzb_local.c:65:27: note: in expansion of macro 'PF_TALPA_ALL'
   65 |     unsigned int result = PF_TALPA_ALL;
      |                           ^~~~~~~~~~~~
ffzb_local.c:49:1: note: each undeclared identifier is reported only once for each function it appears in
   49 | PF_KTHREAD | \
      | ^~~~~~~~~~
ffzb_local.c:65:27: note: in expansion of macro 'PF_TALPA_ALL'
   65 |     unsigned int result = PF_TALPA_ALL;
      |                           ^~~~~~~~~~~~
configure: error: compiler failure

Traceback (most recent call last):
  File "talpa_select.py", line 2035, in _action
  File "talpa_select.py", line 898, in load
  File "talpa_select.py", line 664, in select
  File "talpa_select.py", line 1555, in select
  File "talpa_select.py", line 1639, in build
  File "talpa_select.py", line 1769, in __try_build
  File "talpa_select.py", line 1634, in checkConfigureErrors
SelectException: exc-configure-failed
2

What significance this has - beside the fail - I don’t know - but it is related to the configuration of the makefile maybe even the source code.

Consult AUR maintainer first - then upstream.

Supported versions do not include Arch based Linux

https://support.sophos.com/support/s/article/KB-000033389?language=en_US

  • Supported distributions (latest minor point or LTS version):
    • Amazon Linux, Amazon Linux 2
    • CentOS 6/7/8
    • Debian 9, 10
    • Oracle Linux 6/7/8
    • Red Hat Enterprise Linux 6/7/8
    • SUSE 12/15
    • Ubuntu 16/18 LTS
3

Hi Frede, thanks for your help.

No AUR maintainers present for this one unfortunately. Just a shell script from Sophos. We’ve emailed them, but have not heard back.

I’ve seen that. Was wondering whether it would install on another Linux distro.

4

Oh - that complicates it - I guess.

It is - probably - related to some libraries which is different versions than available on Arch - when it comes to applications built for other distributions that version difference becomes crucial whether an application will compile or not.

5

Now, this is a superb use for a WMVM.

6

“WM”… Window manager, Windows machine, wailing midgit?

7

Ugh. FIxed.

8

Ah… I know that one.

Sadly, I don’t think that’s an option either for me. Not unless the host system was CentOS/Debian/Ubuntu and running Sophos, with Manjaro as a guest OS.

9

Actually Sophos Antivirus free for Linux was discontinued 5 months ago:

https://community.sophos.com/free-antivirus-tools-for-desktops/f/discussions/121788/sav-for-linux-free-edition-is-discontinued

10

It’s not the free version. It’s the centrally managed version that lets your IT Department see your machine on a console.