Installing Sophos Protection for Linux on Open Text Enterprise Servers

Hello everyone, 

I've found this guide on how to install Sophos Protection for Linux on the OpenText servers called

"Sophos Server Protection 2023.3 configuration with OES 23.4"

We have Sophos Central Intercept X Advanced with XDR licenses.

We use SUSE Linux Enterprise Server 15 SP4

We've closely followed the guide but got errors when trying to install the av. Contacting the sophos support revealed, that NSS Volumes are not supported, which (semi)-contradicts this documentation Antivirus Support for NSS - OES 23.4: NSS File System Administration Guide for Linux

We are trying to install a newer version of the sophos protection for linux, since the 2023.3 is not available anymore, which might be the only difference in our and the guides system.

The first noticable error from the install logs is:

"Output: failed to drop privileges: failed to change user and group: user: lookup groupname sophos-spl-group: input/output error"

If I understand the underlying issue correctly, the sophos setup tries to create users which are already present in the system since it's a prerequisite mentioned in the guide to create them in iManager and then fails at installing correctly.

I hope anyone can shed some light onto this issue and that I've provided sufficient information, thanks!

  • 0

    Hi Lukas.

    Today I´ve been installing actual version of Sophos Protection for Linux on an OES Server (23.4 if I remember OK), and following the instructions provided in the link, we have manged to install the AV without issues. The only tricky part is the LUM one.

    We have tested EICAR file on root filesystem and also on NSS volumes, and everything seems to work fine. The EICAR file gets cleaned, and the alert in Sophos Central is triggered.

    We also have Sophos Protection for Linux on other customer with OES working with no issues,

    Maybe you have missed something? I would be glad to help you.

    If you want, you can PM me with details.

    Best regards, Brian.