Sophos anti-virus GUI / real time scanning [Solved]

[Linux_]

Hi all,

First off im totally new to Linux just moved over from Windows. So please be paitent as I am by no means an expat.

I have been using Sophos on my Windows environments for a long time and its been a good product so when i saw there was a Linux version naturally i followed the guide on youtube to install it.

I noticed that there is no GUI for it which isnt really a problem but during the installation i got a error for real time scanning. I tested this by downloading eicar files from the internet and it didnt stop it however when i did a manual scan of the downloads directory it picked it up and deleted it. This is why i think its not working properly.

So my question is:
- Is there a way to get a GUI for sophos?
- How can i check the real time scanning is on?
- How can i schedule scans rather then doing it manually?

Potentially there is probably a better anti-virus suited for linux happy to hear what that might be that others are using.

[SwampRabbit]

I believe that the Sophos client on Debian based distros has always had issues with the Talpa Binary pack needing to be compiled.
https://community.sophos.com/kb/en-us/13503

Linux isn't Windows, this doesn't mean you don't have to be careful, as there is malware developed for Linux.
We don't need to cover all the religious reasons why some think you shouldn't or should care, there is plenty of that info on the inter-webs.

But if you are worried you could get hit by drive-by or watering hole browser malware, through phishing and spam, or just want to be a good netizen then...

ClamAV is the mainly used anti-virus solution out there, I believe the newer versions have on-access scanning through a daemon.

For comfortability, there is the ClamTK GUI.

If you open up Synaptic, search for "clam" you'll find packages for scanning things like Zip, RAR, and other files too!

For rootkits, there is rkhunter and chrootkit.

Personally, I would just:
1. open GUFW and turn the firewall on (Home should be fine)
2. install ClamAV, ClamTK, and whatever complimenting packages you want.
3. secure your browser, install uBlock Origin, Privacy Badger, and the VirusTotal extension (VTzilla for Firefox) The later will let you send things (files, webpages, links etc) to Google's VirusTotal before opening them.
4. antiX and MX now come with antiX Advert Blocker so give that a try too (check someonewhocares.org at least), a lot of malicious code is hidden in Ads these days.
5. uninstall things like ftp, telnet, hexchat, netcat, geany, git, samba (server) etc, etc if you don't need them because the badguys or automated tools will use them to "live off the land".

That right there should take care of most of the big stuffs.
If you want more, DuckDuckGo can provide you all the information you want.
The sky is the limit on how far you want to go, you can compile your own Linux kernel if you want to go that far.

[Linux_]

Thanks for all the tips!

I am trying to remove the Sophos folder but can't seem to remove it.
Any idea how I can delete it? I did google but didn't work.

Code: Select all

:~/Downloads
$ rm -rf sophos-av
rm: cannot remove 'sophos-av/sav.tar': Permission denied
rm: cannot remove 'sophos-av/uncdownload.tar': Permission denied
rm: cannot remove 'sophos-av/install.sh': Permission denied
rm: cannot remove 'sophos-av/talpa.tar': Permission denied

:~/Downloads
$ chmod ugo+rwx sophos-av
chmod: changing permissions of 'sophos-av': Operation not permitted

:~/Downloads
$ lsattr sophos-av
--------------e---- sophos-av/sav.tar
--------------e---- sophos-av/uncdownload.tar
--------------e---- sophos-av/install.sh
--------------e---- sophos-av/talpa.tar

[JayM]

Code: Select all

sudo rm -rf sophos-av

should work. Enter your own password when it asks you.

[Linux_]

Tried with sudo as well no luck.
Any other ideas?

Code: Select all

:~/Downloads
$ sudo rm -rf sophos-av
[sudo] password for xxxxxx: 
rm: cannot remove 'sophos-av/sav.tar': Operation not permitted
rm: cannot remove 'sophos-av/uncdownload.tar': Operation not permitted
rm: cannot remove 'sophos-av/install.sh': Operation not permitted
rm: cannot remove 'sophos-av/talpa.tar': Operation not permitted

With GUI side seems to be same error when i open as root

[manyroads]

Did you try performing a 'complete uninstall' in synaptic or mxpi, or wherever you may have gotten this beast? :lipsrsealed:

In the future, lease do yourself a favor and check with linux folks how to best approach solving a prblem. You'll be glad you did. Windows logic does not frequently apply in this world...

[Linux_]

Actually its not even the install. What I am trying to delete is the .tar extracted files.
So all the files inside this Sophos folder was inside a tar which i extracted and installed.

Following this youtube video: (froward to 7 minutes)
https://www.youtube.com/watch?v=QH9gRThLEag

The Sophos install didn't show up in synaptic when I wanted to uninstall.
I uninstalled it using this method as per Sophos document:
https://community.sophos.com/kb/en-us/116928

So the program itself is gone just the installer files which i extracted I can't delete.

[JayM]

Try booting from your MX live USB stick and then deleting the sophos directory (as sudo or in a root Thunar.) If it still won't let you then I don't know what to tell you: Sophos has probably done something to protect itself from being removed, just like many viruses do. You may have to just reinstall MX.

From now on, never download and install stuff from the Internet or follow installation instructions on other websites unless one of the MX developers tells you to in order to solve a problem you're having. If you want an app, first run MX Package Installer and see if it's available in any of the tabs: Popular Apps, Stable repo, Testing repo, Debian backports or Flatpaks. If it's not there, first read the instructions here then start a new topic here requesting that the app be added to MX's repositories. The MX Packaging Team will review any existing packages that the app's developer may have provided, the source code, whether or not the app already has a package available in upstream Debian, and repackage it if necessary (or possible) to make it work in MX without breaking other things. At very least, start a new topic in the forum: "I want to install this app following these instructions, is it safe?"

TL:DR version: only install apps with MX Package Installer (MXPI.) If what you want isn't available on any of the tabs, ask for it to be added to MX so you can install it with MXPI.

[Auro Kumar Sahoo]

First Welcome to the new world of Linux and More specifically to MX Linux.
As a windows user, every body including me when migrated to linux we bring some windows culture with us like Anti-Virus treats, File fragmentation, Installing software from here and there...

In linux you should be assured about system is very secure regarding to virus and malware infections. Windows virus are simple text files here and cant harm your system but some things you should keep in mind as mentioned mostly by SwampRabbit. Again antivirus softwares available are not for linux, they are for windows as if you download some file which contains virus to infect windows can not do any harm to you, but if you distribute the file to anyone using Windows may tell your system is infectede as he get virus threat in his system.

One more thing you need to know and practice, Use Commonsense when on line, dont open any things shown up. Use Super user power Vigilantly and never run any code from terminal if not familiar. Rest mentioned by SwampRabbit.

No need to get any antivirus on linux with some terms and conditions, No need any file de fragmentation and Install software from official repository only, If software not latest please wait or check testing repos.

[ChrisUK]

You might get a better idea of the problem if you use

Code: Select all

 ls -la sophos-av 

instead of lsattr.

I'd try the following:

Code: Select all

 chmod ugo+w sophos-av

If that returns an error and lets assume the i and a flags are set, then:

Code: Select all

chattr -i -a sophos-av

If no error then try again: (If still not permitted stop, as I'm stumped )

Code: Select all

chmod ugo+w sophos-av

If OK then:

Code: Select all

rm -rf sophos-av

Or just wait for someone more knowledgable about file permissions/attributes.