How to Use Sophos On Linux To Scan For Viruses

A primer on the best Linux antivirus tool

Image of Matrix-like glyphs and hands.



SOPHOS is an outstanding antivirus solution for Linux, even though it's a command line-only tool. Once installed, will run continuously in the background, checking for malicious files. It also include the ability to run on-demand scans, so you can make sure that file you want to send to another user isn’t malicious.

First, though, do you really need antivirus software on Linux?

This type of software works to prevent malicious files from infecting your computer. Should that malicious file manage to invade your system, the damage it could do ranges from negligible to catastrophic.

But typically this happens on Windows machines. As for the Linux operating system, it is generally regarded that an antivirus solution isn’t needed. Even the Ubuntu official line on this subject makes it fairly clear:

Anti-virus software does exist for Linux, but you probably don’t need to use it. Viruses that affect Linux are still very rare. Some argue that this is because Linux is not as widely used as other operating systems, so no one writes viruses for it. Others argue that Linux is intrinsically more secure, and security problems that viruses could make use of are fixed very quickly.

That doesn’t mean you should completely ignore an antivirus solution. Why? There's one instance where antivirus software can be considered a necessity: When you share files with others. Even if a file you’ve received from someone has no negative impact on your Linux machine, you never know if that same file might contain malicious code that could affect a Windows user.

Which one to use? While ClamAV is very good, it's gotten less reliable lately. That's why we recommend installing SOPHOS.

Installing SOPHOS

Installing SOPHOS is done entirely from the terminal window. Here’s what you need to do:

  1. Download the SOPHOS installer and save the file in your Downloads directory.

  2. Open a terminal window and change into the Downloads directory with the command cd ~/Downloads.

  3. Extract the downloaded file with the command tar xvzf sav-linux-free-9.tgz.

    Screenshot of extracting the downloaded file.
  4. Change into the newly created directory with the command cd sophos-av.

  5. Run the installer with the command sudo ./

    Screenshot of the SOPHOS installer command.
  6. Prepare to answer some questions.

At this point, you’ll be asked to answer a few questions. You should answer with the default (simply by pressing the Enter key on your keyboard), unless otherwise noted. These questions are:

  • Where do you want to install Sophos Anti-Virus? [/opt/sophos-av] - go with the default.
  • Do you want to enable on-access scanning? Yes(Y)/No(N) [Y] - type Y and then press Enter on your keyboard.
  • Which type of auto-updating do you want? From Sophos(s)/From own server(o)/None(n) [s] - type s and then press Enter on your keyboard. 
  • Do you wish to install the Free (f) or Supported (s) version of SAV for Linux? [s] - type f and then press Enter on your keyboard.
  • Do you need a proxy to access Sophos updates? Yes(Y)/No(N) [N] - go with the default.

When the installation completes, SOPHOS is running and protecting and protecting your computer.

How To Run an On-Demand Scan

Say you’ve received a file via email and you’ve saved it to your Downloads directory. The file hasn’t done any harm to your machine, but you need to send it to someone else, who happens to work on Windows.

You should ensure that file is free from malicious content before you send it on. Thanks to SOPHOS, you can do just that. Let’s say, for the sake of simplicity, the filename is test.docx. Here’s how to scan that file with SOPHOS:

  1. Open a terminal window.

  2. Change into the Downloads directory with the command cd ~/Downloads.

  3. Scan the file with the command savscan test.docx.

    Screenshot of the savscan command.
  4. Read the results of the report.

    Screenshot of the scan results.
  5. Close the terminal window.

If the report comes back to say no viruses were found, feel free to send that file to your Windows users, knowing it should be safe from malicious code. If SOPHOS reports the file to be malicious, do not send that file. Instead, if the file is found to be malicious, delete it immediately (if SOPHOS doesn’t automatically quarantine it for you).

Your Best Bet

Yes, there are other antivirus options for the Linux operating system. For general use, it's very unlikely you will ever need to use one. However, if you tend to send a lot of files to Windows users, you owe it to those users to install SOPHOS and scan those files before sending them on.