How to test Sophos Protection for Linux detection features
You can test Sophos Protection for Linux detection features to confirm that your device is protected and communicating with Sophos Central.
Test alert
You can use the runtimedetections
command to create a test alert. To create a test alert, do as follows:
- Go to
/opt/sophos-spl/plugins/runtimedetections/bin
. - Run the following command:
runtimedetections --test-alert
You'll see that the alert is created and sent to Sophos Central in /opt/sophos-spl/plugins/runtimedetections/log/runtimedetections.log
. Run the following command:
cat /opt/sophos-spl/plugins/runtimedetections/log/runtimedetections.log
Example
14 [2023-01-16T17:26:37.631Z] INFO [0000000000] runtimedetections <> Alert testing command executed, exiting
12363670 [2023-01-16T17:26:37.641Z] INFO [0000000000] runtimedetections <> Sent alert to event journal Alert Tester as 1673889997640013873 (31b7076e-5723-46e3-b5ec-90dc9267d6a2)
You'll also see the alert in Sophos Central in the Threat Analysis Center.
Here's an example:
On-demand and on-access scanning
EICAR is an industry-standard detection test file, not a virus.
- Go to www.eicar.org.
- Click Download anti malware test file.
- Download the EICAR test file. It's detected and cleaned when it's written to the disk.
You'll see the detection in av.log
. Run the following command:
cat /opt/sophos-spl/plugins/av/log/av.log
Example
180191342 [2023-01-18T16:03:43.969] INFO [9358345792] av <> Threat cleaned up at path: /.../eicar.com
You'll also see the alert in Sophos Central on the Server Summary page.
Here's an example: