After following the instructions in the article How to install Symantec AntiVirus for Linux on Ubuntu, Auto-Protect is not enabled.
Some kernels are supported by the install packages supplied with Symantec AntiVirus for Linux (SAVFL), and Auto-Protect will function immediately. Some are not and require an extra, manual step. (See System requirements for Symantec AntiVirus for Linux 1.0 for details on kernels currently supported.) As of SAVFL version 1.0.8, it is possible to compile and install Auto-Protect kernel modules for Linux versions that are not otherwise supported by Symantec.
For details, consult the README that comes in the source tarball (e.g. ap-kernelmodule-1.0.10-26.tar.gz) for Auto-Protect.
The steps for Ubuntu can be summarized as follows:
- Install the development tools for your particular Ubuntu version:
sudo apt-get install linux-headers-$(uname -r) build-essential
- Extract the source tarball.
- For SAVFL 1.0.8 only, the build.sh file must be modified because there is an if-then statement that is not properly constructed:
if [ "$kernelVerNumber" -gt "132632" ] ; then #kernel version >= 2.6.24
Change the -gt to -ge, and the if-then statement will work as described in the comment.
Note: For newer builds (1.0.9 and higher), this modification is not needed.
Run build.sh as follows from a terminal window, where /path/to/expanded/folder is where build.sh is located, i.e. /home/user/Desktop/ap-kernelmodule-1.0.10-26:
sudo ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
A message will be displayed indicating that the build was successful.
- Copy the kernel modules (as directed in README) to /opt/Symantec/autoprotect/ and restart the system (or restart autoprotect and rtvscand daemons).
sudo cp ./bin.ira/* /opt/Symantec/autoprotect
sudo /etc/init.d/autoprotect restart
sudo /etc/init.d/rtvscand restart
Auto-Protect should function normally after this operation is complete. Downloading an eicar test file will trigger a detection.
If the if-then statement is not modified as described, you may get an error similar to the following when running build.sh (Ubuntu 8.04 -- Hardy):
CFLAGS was changed in "/home/admin/Desktop/sav-linux-1.0.8-17/ap-kernelmodule-1.0.8-17/symev/Makefile". Fix it to use EXTRA_CFLAGS.