Skip to end of metadata
Go to start of metadata

miDescription

This recipe shows you the steps you need to follow to make a Sophos Anti-Virus Fileset.  Details may be found from the following links:

Windows:

macOS:

Below is an example for deploying to macOS using command line for devices managed by Enterprise Console

Ingredients

  • FW Admin
  • Sophos Installers

Directions

  1. Login to Sophos Central Admin.
  2. Navigate to Protect Devices then choose one of the following options: 
    • Download Complete macOS Installer
    • Choose Components (this option is available if licensed for multiple features)
  3. The SophosInstall.zip is then downloaded and is by default saved on the Downloads folder.
  4. Extract its contents to the same folder. The following should then be found where the files are extracted to:
    • Sophos Installer Components folder
    • Sophos Installer.app
    These files must be in the same location because theSophos Installer.app requires the Sophos Installer Components folder to be in the same location when it runs.

Type sudo-s and authenticate then copy and paste this command into a text editor like TextWrangler, edit the information so its pointing to your server and your username/password combination:

Code Block
Provide executable permissions to the following files before running the installer. This can be done with the following commands:
sudo chmod a+x /Users/<username>/Downloads/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
sudo chmod a+x /Users/<username>/Downloads/Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper


Run the command below to install:
sudo /Users/<username>/Downloads/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install
This command assumes that the Downloads folder contains the extracted files stated on the previous step.

Once you run this Sophos will hash out the username/passwords and everything else, and your package will be ready to be deployed.

In order to deploy it, you need to copy the script below to a text file and name it. Mine is named install-sophos.sh

#!/bin/bash
 
LOGGER="/usr/bin/logger"
  
# Determine working directory
install_dir=`dirname $0`
 
# Uninstall existing copy of Sophos 8.x by checking for the
# Sophos Antivirus uninstaller package in /Library/Sophos Anti-Virus.
# If present, the uninstallation process is run.
  
if [ -d "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
     ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
     /usr/sbin/installer -pkg "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /
elif [ -d "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
     ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
     /usr/sbin/installer -pkg "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /   
else
   ${LOGGER} "Sophos Anti-Virus 8.x Uninstaller Not Present"
fi
 
# Uninstall existing copy of Sophos 9.0 Stand Alone by checking for the InstallationDeployer application
# in /Library/Application\ Support/Sophos/opm-sa/Installer.app/Contents/MacOS. If present, the
# uninstallation process is run.
 
if [[ -f "/Library/Application\ Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]]; then
   ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
   "/Library/Application\ Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" --remove
else
   ${LOGGER} "Sophos Anti-Virus 9.x Uninstaller Not Present"
fi
 
# Uninstall existing copy of Sophos 9.0 Enterprise by checking for the InstallationDeployer application
# in /Library/Application\ Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer. If present, the
# uninstallation process is run.
 
if [[ -f "/Library/Application\ Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" ]]; then
   ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy."
   "/Library/Application\ Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer" --remove
else
   ${LOGGER} "Sophos Anti-Virus 9.0 Uninstaller Not Present"
fi
 
# Uninstall existing copy of Sophos 9.1 Enterprise by checking for the InstallationDeployer application
# in /Library/Application\ Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer. If present, the
# uninstallation process is run.
 
if [[ -f "/Library/Application\ Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]]; then
   ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy."
   "/Library/Application\ Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer" --remove
else
   ${LOGGER} "Sophos Anti-Virus 9.1 Uninstaller Not Present"
fi
 
# Install Sophos Anti-Virus 9.2
# "/usr/local/sophos/Sophos Installer.app/Contents/MacOS/InstallationDeployer" --install
 
"/usr/local/sophos/Sophos Installer.app/Contents/MacOS/tools/InstallationDeployer" --install
  
# Restart SophosAutoUpdate to force the Sophos AutoUpdate process
# to read the settings stored in /Library/Sophos Anti-Virus/com.sophos.sau.plist
 
killall -HUP SophosAutoUpdate
 
# Cleanup
 
cd /
rm -rf /private/tmp/sophos_install
  
exit 0


To make the FileWave Recipe, simply make an empty fileset and configure similar to this, just keep in mind to edit your install-sophos.sh with whatever path you have on the Fileset Contents (example of mine below):