[SOLVED] Sophos AV: On-access scanning not available in LXCs

blubber

New Member
Nov 7, 2019
21
0
1
25
Hallo zusammen,

ich habe für den Fileserver (LXC/Debian Buster) sophos for linux installiert. Im Log "/opt/sophos-av/log/savd.log" sehe ich aber folgendes:

Updating SAVScan on-demand scanner Updating Virus Engine and Data Updating Talpa Kernel Support Updating Manifest Selecting appropriate kernel support... On-access scanning not available because of problems during kernel support compilation. Update completed.</arg></log> <log><category>update.updated</category><level>NOTICE</level><domain>savupdate</domain><msg>UPDATED_TO_VERSION %s %s %s</msg><time>1580293420</time><arg>9.16.0</arg><arg>3.77.1</arg><arg>5.71</arg></log> <log><category>update.updated</category><level>NOTICE</level><domain>savupdate</domain><msg>SUCCESSFULLY_UPDATED_FROM %s</msg><time>1580293420</time><arg>sdds:SOPHOS</arg></log> <log><category>update.check</category><level>INFO</level><domain>savupdate</domain><msg>SUCCESSFULLY_UPDATED_FROM %s</msg><time>1580293574</time><arg>sdds:SOPHOS</arg></log>

Die On-Access Funktion war/ist eigentlich unabdingbar für meinen Fileserver. Hat das Thema schon wer gehabt bzw. auch eine Lösung?

Vielen Dank im Voraus.
 
cat /opt/sophos-av/etc/savd.cfg

<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE SophosAntiVirus SYSTEM "savd.dtd"><SophosAntiVirus xmlns="savd.xsd"><Sophos><OnAccess><EnableOnStart>true</EnableOnStart><Quarantine>false</Quarantine><TakeActionOnClose>false</TakeActionOnClose><RestrictProcessExclusions>false</RestrictProcessExclusions><OnEnable><StartupTimeoutMs>60000</StartupTimeoutMs><Scan /><NoScan /></OnEnable><OnDisable><StopTimeoutMs>30000</StopTimeoutMs><ScanTimeoutMs>10000</ScanTimeoutMs><Scan /><NoScan /></OnDisable><Scanner><HookModule>talpa_vfshook</HookModule><Processes>2</Processes><ThreadsPerProcess>5</ThreadsPerProcess><AdaptiveThreading>true</AdaptiveThreading><MaximumThreads>5</MaximumThreads><MissingHeartbeatDurationSec>60</MissingHeartbeatDurationSec><AutomaticAction /><DenyOnDetectionError>false</DenyOnDetectionError><DenyOnOperatingSystemError>true</DenyOnOperatingSystemError><DenyOnCorruptFile>false</DenyOnCorruptFile><AllowIfEncrypted>false</AllowIfEncrypted><AllowIfPartVolume>false</AllowIfPartVolume><AllowIfNotSupported>false</AllowIfNotSupported><AllowCorruptInCleanArchive>true</AllowCorruptInCleanArchive><TalpaDevicePath>/dev/sophos-vc</TalpaDevicePath><TalpaVettingTimeoutMs>100</TalpaVettingTimeoutMs><TalpaVettingGroup>0</TalpaVettingGroup><FileCacheSizeBytes>4096</FileCacheSizeBytes><UseExtendedRegex>true</UseExtendedRegex><GracePeriods><StopTimeoutMs>20000</StopTimeoutMs><KillTimeoutMs>2000</KillTimeoutMs></GracePeriods><RespawnThrottling><Limit>5</Limit><Max>10</Max><PeriodDurationMs>20000</PeriodDurationMs></RespawnThrottling><ExclusionEncodings>UTF-8</ExclusionEncodings><ExclusionEncodings>EUC-JP</ExclusionEncodings><ExclusionEncodings>ISO-8859-1</ExclusionEncodings><FileExclusions><Glob /><Expression /></FileExclusions><MountExclusions><DeviceExpression /><DeviceGlob /><MountpointExpression /></MountExclusions><ThreatDetection><U32><EnableAutoStop>0</EnableAutoStop><ExecFileDisinfection>1</ExecFileDisinfection><Xml>0</Xml><SXLLiveProtection>0</SXLLiveProtection></U32><U16 /><STR /><VirusDataDir>./lib/sav</VirusDataDir><IdeDir>./lib/sav</IdeDir><UseSharedMemory>false</UseSharedMemory><SXL><ServerList>00010203</ServerList><TopLevelDomain>nix.sophosxl.net</TopLevelDomain></SXL></ThreatDetection></Scanner><Talpa><intercept-filters><Cache><fstypes>ext3</fstypes><fstypes>ext4</fstypes><fstypes>zfs</fstypes><fstypes>tmpfs</fstypes><fstypes>devtmpfs</fstypes><fstypes>iso9660</fstypes><fstypes>udf</fstypes><fstypes>xfs</fstypes><fstypes>reiserfs</fstypes><fstypes>jfs</fstypes><fstypes>vfat</fstypes><fstypes>msdos</fstypes><fstypes>ntfs</fstypes><fstypes>hfs</fstypes><fstypes>minix</fstypes><fstypes>ramfs</fstypes><fstypes>romfs</fstypes><fstypes>ufs</fstypes><fstypes>umsdos</fstypes><fstypes>xenix</fstypes><fstypes>cramfs</fstypes><status>enable</status></Cache><DebugSyslog><status>disable</status></DebugSyslog><FilesystemExclusionProcessor><paths /><fstypes /></FilesystemExclusionProcessor><FilesystemInclusionProcessor><status>false</status><include-path>/</include-path></FilesystemInclusionProcessor><VettingController><timeout-ms>10000</timeout-ms><fs-timeout-ms>60000</fs-timeout-ms><timeout-deny>true</timeout-deny><xsmartsched-fix>true</xsmartsched-fix><interruptible>false</interruptible></VettingController></intercept-filters></Talpa><Fanotify><ExcludeFilesystems /></Fanotify><PreferFanotify>false</PreferFanotify><DisableFanotify>true</DisableFanotify></OnAccess><Notification><debug>False</debug><QueueLimit>50</QueueLimit><Notifiers><Log><Status>True</Status><Location>./log</Location><Prefix>savd</Prefix><MaxSizeMiB>100</MaxSizeMiB><ErrorCategory>log.error</ErrorCategory><ThreatCategory>log.threat</ThreatCategory></Log><Syslog><Status>True</Status><Facility>DAEMON</Facility></Syslog><UI><Status>enabled</Status><ttynotification>True</ttynotification><popupNotification>True</popupNotification><Message><ContactMessage /></Message></UI><Email><Status>enabled</Status><Server>localhost:25</Server><SendThreatEmail>true</SendThreatEmail><SendScanErrorEmail>true</SendScanErrorEmail><SendErrorEmail>true</SendErrorEmail><SendLogEmailLevel>FATAL</SendLogEmailLevel><SendDemandSummaryAlways>false</SendDemandSummaryAlways><SendDemandSummaryIfThreat>true</SendDemandSummaryIfThreat><Message><ThreatMessage /><ScanErrorMessage /><LogMessage /></Message><EmailLanguage>English</EmailLanguage><AlwaysSend><MsgID>USING_BACKUP_CONFIGURATION</MsgID><MsgID>ALL_UPDATE_SOURCES_FAILED</MsgID><MsgID>RESPAWN-LIMIT</MsgID><MsgID>VIRUS-DATA-OLD</MsgID><MsgID>TALPA-FAILURE</MsgID><MsgID>TALPA-COMPILED</MsgID></AlwaysSend><Recipient><To>root@localhost</To></Recipient><Log>true</Log></Email></Notifiers></Notification><OnDemand><LogStartStop>true</LogStartStop><LogDetails>true</LogDetails></OnDemand><Core /><WebUI><HttpPort>8081</HttpPort><Username>admin</Username><Password /></WebUI><CID><SophosUpdateLocation locked="true">sdds:SOPHOS</SophosUpdateLocation><NotifyOnUpdate>false</NotifyOnUpdate><NotifyOnCheck>false</NotifyOnCheck></CID><Update><EnableAutoUpdating>true</EnableAutoUpdating><Primary><Policy>recommended</Policy><UseHttps>true</UseHttps></Primary><Secondary><UseHttps>true</UseHttps></Secondary><UpdateHttpsAllowDowngradeToHttp>true</UpdateHttpsAllowDowngradeToHttp></Update><LogPrimaryUpdateError>true</LogPrimaryUpdateError><DetectionFeedback><MaxQueueSize>8192</MaxQueueSize><LookupDomain>samples.sophosxl.net</LookupDomain><UploadURL>samples.sophosxl.net</UploadURL><UploadFiles>false</UploadFiles><UploadTimeout>120</UploadTimeout></DetectionFeedback></Sophos><Corporate /><Machine><OnAccess><DisableFanotify>0</DisableFanotify></OnAccess></Machine><User><OnAccess><EnableOnStart>1</EnableOnStart><Scanner><ThreatDetection><U32><SXLLiveProtection>1</SXLLiveProtection></U32></ThreatDetection></Scanner></OnAccess><Update>

Mein Trick waren die fstypes...habe bei mir ext2 gegen zfs getauscht.
 
das scheint wohl geholfen zu haben, die Meldung erscheint nicht mehr.

Nur wie hast du das mit den KernelHeaders gemacht? Die quellen vom PVE eingebunden?

Code:
Linux distribution: [debian]
Product: [Debian GNU/Linux bullseye/sid]
Kernel: [5.3.13-1-pve]
Multiprocessor support enabled.
Searching for source pack...
Searching for suitable binary pack...
No suitable binary pack available.
Preparing for build...
Extracting sources...
Configuring build of version 1.25.3...
Error: Failed to prepare the source code for build. Kernel headers not found. Install kernel headers.
Waiting for sav-protect...
 
d.h. das binary auf einem anderem pve system kompilieren lassen? Oder wie soll ich mit dem Fehler umgehen? ;)
 
gar nicht...die headers braucht man auf einem "echten" system nur für das talpa on acces module..welches aber auf einem lxc container nicht läuft

also ignore :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!