Sophos v5

Greg Matthews gmatt at nerc.ac.uk
Fri Apr 7 17:00:26 IST 2006


On Fri, 2006-04-07 at 10:52 +0200, shrek-m at gmx.de wrote:
> On 06.04.2006 12:31, Greg Matthews wrote:
> 
> >Just a data point following someones question about sophos v5... this
> >will not even install on CentOS v4. the sophos provided install.sh
> >script dies very quickly with:
> >
> >        # ./install.sh -v -d /usr/local/Sophos/
> >        'import site' failed; use -v for traceback
> >        Traceback (most recent call last):
> >          File "<string>", line 1, in ?
> >        zipimport.ZipImportError: can't decompress data; zlib not
> >        available
> >  
> >
> 
> is this really the sav-linux-5-i386  install.sh ??
> i doubt because "-v -d"  are invalid command-line options.

yes it is. I realised that the -v and -d were at least undocumented but
I tried them anyway as Sophos *may* have included some backwards
compatibility for installation (probably not tho).

> [sophos-av]# ll ../sav-linux-5-i386.tgz
> -rw-r--r--  1 root root 48591563 31. Mär 17:19 ../sav-linux-5-i386.tgz

        [root at myhost build]# pwd
        /local/software/build
        [root at myhost build]# ls -l ../sav-linux-5-i386.tgz
        -rw-r--r--  1 root root 48591563 Apr  6
        11:05 ../sav-linux-5-i386.tgz
        [root at myhost build]# ls -l sophos-av/
        total 68
        drwxr-xr-x  2 root root  4096 Mar 20 22:00 doc
        -rwxr-xr-x  1 root root  3427 Mar 20 21:21 install.sh
        drwxr-xr-x  4 root root  4096 Mar 20 22:00 savi
        drwxr-xr-x  5 root root  4096 Mar 20 22:00 sav-linux
        -rw-r--r--  1 root root 41610 Mar 20 21:43 supported_kernels.txt
        drwxr-xr-x  5 root root  4096 Mar 20 22:01 talpa
        -rw-r--r--  1 root root     8 Mar 20 21:21 version
        [root at myhost build]# cd sophos-av
        [root at myhost sophos-av]# ./install.sh -v -d /usr/local/Sophos
        'import site' failed; use -v for traceback
        Traceback (most recent call last):
          File "<string>", line 1, in ?
        zipimport.ZipImportError: can't decompress data; zlib not
        available

> [sophos-av]# ./install.sh -v -d /usr/local/Sophos-test/
> Invalid command-line option: -v
> Invalid command-line option: -d
> install.sh: Install Sophos Anti-Virus
> Usage: ./install.sh [INSTALL-DIRECTORY] [OPTION] ...
> [.... --help ...]
> 
> 
> iirc  "/usr/local/Sophos/"  is created from MS Sophos.install and i 
> would not install sav in this directory.

well thats up to you, I was trying to see if MS and sophos 5 were
compatible. MS expects to find it in /usr/local/Sophos at present.

> sav5 under fc5(athlon64)  2.6.16
> on-demand, auto-updates, ...  =  ok
> on-access does not work, the talpa modules are the problem.
> # tail -5 /opt/sophos-av/talpa/build/talpa-0.9.32/build.log
> make[4]: *** 
> [/opt/sophos-av/talpa/build/talpa-0.9.32/src/platforms/linux/glue.o] 
> Fehler 1
> make[3]: *** [_module_/opt/sophos-av/talpa/build/talpa-0.9.32] Fehler 2
> make[2]: *** [talpa_core.ko] Fehler 2
> make[1]: *** [all-recursive] Fehler 1
> make: *** [all] Fehler 2
> 
> # uname -a ; rpm -qa zlib*
> Linux localhost.localdomain 2.6.16-1.2080_FC5 #1 SMP Tue Mar 28 03:38:47 
> EST 2006 x86_64 x86_64 x86_64 GNU/Linux
> zlib-1.2.3-1.2.1
> zlib-1.2.3-1.2.1
> 
> >In fact Sophos will not even support RHELv4. The product is supported on
> >ancient versions of redhat up to rhel3. But they do appear to support
> >its installation on suse with a 2.6 kernel... This seems li ke a pretty
> >poor show given how long RHEL4 has been out, and that v5 is due out this
> >year.
> >  
> >
> 
> on-demand is supported
> on-access is a different thing.

what I mean is that even if you get it to work on rhel4 it is
unsupported.

> http://www.sophos.com/products/es/endpoint-server/sav-linux.html
> 
>     * *Distributions supported for on-access and on-demand scanning*
>       Red Hat Linux 7.2/8.0/9.0
>       Red Hat Enterprise Linux 2.1/3 - ES/AS/WS
>       SUSE 7.2/8/9.0/9.1/9.2/9.3/Enterprise Server 8/9
>       TurboLinux 8/10 Server, 8 Enterprise Edition
>       *(For more distributions supported with on-demand scanning only,
>       see the Linux system requirements on the Sophos Anti-Virus for
>       non-Windows platforms page.
>       <http://www.sophos.com/products/es/endpoint-server/sav-non-windows.html>)*
> 
> -->    
> http://www.sophos.com/products/es/endpoint-server/sav-non-windows.html
> 
>     * *Linux* on Intel
>       Red Hat 5.1/5.2/6.0/6.1/7.2/8/9
>       RHEL 2.1/3/4  <==
>       SUSE 6/7/8/9.0/9.1/9.2/9.3/10.0
>       Enterprise Server 8/9
>       TurboLinux 6/7/8/10
>       *(For more distributions supported with both on-access and
>       on-demand scanning, see the Linux system requirements on the
>       Sophos Anti-Virus for Linux page.
>       <http://www.sophos.com/products/es/endpoint-server/sav-linux.html>)*

sounds great doesnt it... I've not managed to find this product for
linux. I can find it for solaris and macos8/9 and lots of other *nix
variants but not linux. For linux binaries you are directed to the linux
pages which require you to have redhat v3 or older. And besides, this is
version 4.

> >less surprisingly, they still dont support 64bit architectures.
> >
> 
> surprisingly
> sav 5  on-demand, autoupdate, sav-web, sav-protect(without on-access) is 
> ok under fc5 x86_64  athlon64  2.6.16

reading install_en.txt:

        "1.3 64-bit computers
        
        Sophos Anti-Virus does not support 64-bit hardware (including
        computers running 32-bit emulation)."

yes, I can run sophos v4.x fine on my 64 bit dual/dual athlon, but its a
32 bit binary and this config is unsupported by Sophos.

Not sure how to explain the different behaviour we see with the install
script but from here the whole thing is completely broken on RHEL4. It
also appears to have more than quadrupled in size to almost 50MB.

For a supposedly "enterprise class" product, its pretty embarassing to
not support RHEL4 especially when you claim support for v3.

G

> 
> >[...snip...]
> >  
> >
> 
> -- 
> shrek-m
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford


-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.



More information about the MailScanner mailing list