SysAdmin’s Diary

Prolog
Here is the system information for this project,

• Workstation: HP Compaq 6515b
• Operating System: Ubuntu 8.04.1 LTS (Hardy Heron), x86_64 version
• Kernel Version: 2.6.24-19-generic

Pre-Installation

1. Go to Sophos Anti-Virus for Linux homepage and request for 30-day trial.
2. You will receive a set of username and password to download the software
3. Download Sophos Anti-Virus for Linux from http://www.sophos.com/support/updates/linux.html

Installation

1. Verify the installation file is correct
   root@unforgiven:/tmp# file sav-linux-6-i386.tgz
sav-linux-6-i386.tgz: gzip compressed data, from Unix, last modified: Mon Jun 30 19:28:45 2008
2. Extract the tarball
   root@unforgiven:/tmp# tar xzvf sav-linux-6-i386.tgz
sophos-av/sav.tgz
sophos-av/talpa.tgz
sophos-av/uncdownload.tgz
sophos-av/install.sh
3. Go to the installation directory & run the installation script
   root@unforgiven:/tmp# cd sophos-av/
root@unforgiven:/tmp/sophos-av# ./install.sh

   Accept the License,
   Do you accept the licence? Yes(Y)/No(N) [N]
> yes

   Determine the location of Sophos Anti-Virus to be installed,
   Where do you want to install Sophos Anti-Virus? [/opt/sophos-av]
>

   Enter username for the web-based management interface,
   Username for Sophos Anti-Virus GUI? [admin]
>

   Enter password for the web-based management interface,
   Password for Sophos Anti-Virus GUI?
>
Re-enter the same password.
>

   Select the location of auto-update server,
   Which type of auto-updating do you want? From Sophos(s)/From own server(o)/None(n) [s]
>

   Enter username for Sophos update,
   Username for Sophos updates? []
> Q3LQ4MNJ

   Enter password for Sophos update,
   Password for Sophos updates?
>

   Select your proxy option,
   Do you need a proxy to access Sophos updates? Yes(Y)/No(N) [N]
> y

   Enter proxy information,
   What is the address for the proxy server? [http://webcache:8080/]
> http://xx.xx.xx.xx:8080

   Select your on-access scanning option,
   Do you want to enable on-access scanning? Yes(Y)/No(N) [Y]
> y

   The installation is completed successfully after below messages appeared,
   Installation completed.
Starting Sophos Anti-Virus daemon: savd.
Starting Sophos Anti-Virus GUI daemon: savwebd.
Sophos Anti-Virus GUI is available for configuration at http://localhost:8081/

   Your computer is now protected by Sophos Anti-Virus.

Management Interface
Sophos Anti-Virus for Linux comes with a web-based management system to make SysAdmin's life easier to administer the software. To go to the management interface, just point the web browser to http://localhost:8081/. There are several modules on the web management system; Home, Control, Scanning, Exclusions, Alerts, Log, & Viewer.

Sorry, I am too lazy to explain the details of the management interface. You can 'click' at above pictures to get better view of interface. If you insist to know more, why don't you try this software by yourself :)

Sophos Anti-Virus for Linux in Action
One of the great thing I found in Sophos Anti-Virus for Linux is it supports on-access (real time) scanning. You can see the proof at below pictures,

If you're super-g33k like this guy, you might want to run the anti-virus scanning via command line interface. Sophos Anti-virus for Linux comes with savscan,
mij@unforgiven:/tmp$ savscan -ss /tmp/
>>> Virus 'Troj/PSW-Gen' found in file /tmp/wsttrs.exe/FILE:0000
>>> Virus 'Mal/Behav-106' found in file /tmp/wsttrs.exe
>>> Virus 'Troj/LegMir-AQJ' found in file /tmp/cmdbcs.exe

Conclusion
If your Linux workstation or server is located in an enterprise environment, I believe Sophos Anti-Virus for Linux can be one of the security software that you can rely on. I used to be a guy who tests and uses Sophos product as end user as well as system integrator; from my experience, I can say Sophos can provide a very good technical support. Just go to support homepage, and one of the engineer will entertain you shortly.

Yes, I am not going to elaborate more; because if you need further assistance, either in term of sales or technical, I highly recommend you to contact our good friend who is now a Sophos Certified Engineer.