An antivirus scanner for Linux servers with Windows clients
Conclusions
Sophos has gotten many things right with its antivirus scanner for Linux: The tool runs unobtrusively in the background, and it only warns the user in case of an actual virus infection. On the downside, the program occupies more than 600MB on disk and takes a hefty swig of RAM: The two processes that make up the Sophos daemon need some 350MB of RAM even when idle.
To check the antivirus scanner's influence on the system's read and write performance, I copied the Linux kernel 4.0 source code on a Gigabit Ethernet LAN to a test computer with Debian 7.5 and SAV via SCP. Without antivirus protection, it took five minutes to transfer 52,000 files totaling 564MB. With the on-access scanner enabled, the copy time was almost twice this (Table 1). The additional hard disk access turned out to be the bottleneck; the CPU had more than enough resources during the file transfer process (Figure 5).
Table 1
Influence of the On-Access Scanner
Action | Duration (min) | Transfer rate (Mbps) | Compared (%) |
---|---|---|---|
Without On-Access Scanner |
|||
SCP receive |
4:57 |
15.18 |
100 |
SCP send |
6:23 |
11.77 |
100 |
With On-Access Scanner |
|||
SCP receive |
8:56 |
8.41 |
55.4 |
SCP send |
10:14 |
7.34 |
62.4 |
Who should install Sophos Anti-Virus for Linux? Sophos does not make any big promises for the product on its homepage: The program only looks for malware that targets Windows computers, Macs, and Android smartphones and tablets. The vendor does not say anything about malware for Linux; thus, the scanner targets users who want to safeguard Windows computers connected to a file server and keep their users from passing on files that are infected with malware. In this case, you will probably prefer to do without the power-hungry on-access scanner and investigate suspicious files as the need arises.
Infos
- Sophos Antivirus for Linux: https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx
- Eicar test file: http://www.eicar.org/86-0-Intended-use.html
- Sophos forum: http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Linux/ct-p/LinuxBasic
- SAV FAQs: https://www.sophos.com/en-us/support/knowledgebase/121880.aspx
- SAV startup guide: https://www.sophos.com/en-us/medialibrary/PDFs/documentation/savl_9_sgeng.pdf
- SAV configuration guide: http://www.sophos.com/en-us/medialibrary/PDFs/documentation/savl_9_cgeng.pdf
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.