Jamf Nation Community

Hi For Mac Sophos deployment you can Create MacOSX client AV package
Go to c:programdatasophosupdate managerupdate managerCIDS000ESCOSX
Zip “Sophos Anti-Virus.mpkg” folder
do not use RAR format, it does not work well on the Mac afterwards for some reason…
You can launch this mpkg on any Mac by double clicking on it! :) Or using Policy to deploy it to the managed machines.

@emilykausalik thanks thats what i think is the only way as well.

@thuluyang Yes thanks we know that ;)

Hi guys

It seem it is possible to create a Sophos Installer with the autoupdate settings. I first need to clarify the OLD method used to be so that this makes sense.

1. In version 8 and below an administrator used to be able to get the Sophos Anit-Virus.mpkg off the network share of your Sophos Enterprise Console server

eg

smb://yourserver/SophosUpdate/CIDs/S000/ESCOSX/Sophos Anit-Virus.mpkg

2.Edit the mrinit inside the mpkg

1. On a test machine install Sophos Anti-Virus.mpkg and configure the sophos updating manually and the usernames and passwords get written to a plist but they are obfuscated.

2. copy the file /Library/Preferences/com.sophos.sau.plist and put it in the location here

Sophos Anti-Virus.mpkgContentsPackagesSophosAU.mpkgContentsResourcescom.sophos.sau.plist

1. Change the mrinit.conf in Sophos Anti-Virus.mpkg/Contents/Packages/SophosRMS.mpkg/Contents/Resources/ appropriately

Now thats all well and good but the problem in version 9 and above is that the SoposAU.mkg doesn't exist any more in the Sophos Anti-Virus.mpkg

Instead for version 9+ the credentials are not stored in the /Library/Preferences/com.sophos.sau.plist but in a keychain.

/Library/Sophos Anti-Virus/Sophos.keychain

So what you need to differently is at step 4 by packaging up the Sophos.keychain, make sure the com.sophos.sau.plist just includes the PrimaryServerURL (not the obfuscated credentials) and include those in your deployment workflow :)

I found this to be super easy... assuming that you realy don't care about enterprise console distro.

1) As per http://www.sophos.com/en-us/support/knowledgebase/119744.aspx build a pre-configured installer Application as mentioned above.

2) After you've created the custom pkg with your associated accounts info and update schedule. Run composer and then install. Create a .dmg out of that and presto, you're A-OK.

This method works beautifully for me and makes future "un-installs" trivial (not that it was that complicated in the first place).

@Chris_Hafner yes thats correct for a STANDALONE, but as already stated those of us reliant on the windows SEC this is not going to work because the standalone installer doesn't have RMS (will not communicate to your Sophos Enterprise Console)

@tkimpton

Heh, yea, sorry. I lost track of the thread and kind of replied without re-reading where everyone was in the post. Sorry about that ;-)

Using @tkimpton 's info about the Sophos.keychain file, I was able to build an Sophos enterprise installer that works for both AD-bound and unbound Macs in my shop. I have a post with the details available here:

http://derflounder.wordpress.com/2014/09/02/deploying-sophos-enterprise-anti-virus-for-mac-os-x-9-x/

@rtrouton awesome, thanks rich :)

Our office just did a Sophos Cloud deploy. We found the only way to how the Sophos Installer install correctly with unique device names is to create a DMG in Composer. The trick is to do the following steps:
Open Casper Composer (New & Modified Snapshot).
Take the Before Snapshot
Once the Before Snapshot is complete, run the Sophos Installer provided from the Sophos Cloud website.

The critical step to getting the snapshot correct is to:
Open Keychain Access, located in /Applications/Utilities.
Select the Sophos Keychain and choose the Category All Items
Delete the two Sophos Keychain entries:
Primary Server
Sophos Cloud Credentials

Open Activity Monitor, also located in /Applications/Utilities.
Highlight the process SophosMcsAgentD
Choose the icon to Kill the process.

Finally take the After Snapshot.

To un-install Sophos 9.1 before installing Sophos Cloud, Mark Posey wrote this script to run BEFORE the Sophos Cloud install.

# Purpose: To remove Sophos local distriubtion and install cloud distribution
# Configuration
# Uninstall Sophos 9.1.X (Local distribution)

/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove

if ! [ "$?" = "0" ]; then echo "ERROR: Failed to uninstall" exit 1
fi

[ "$?" = "0" ] && echo "NOTICE: Removal of Sophos local distribution is successful"

Anyone have any tips on deploying updates to the client? Do you have to uninstall to upgrade? (Example: moving from 9.1.4 to 9.1.7; would you have to uninstall the old client before installing the newer one or can a push with the package suffice?)

@emilykausalik

As per http://www.sophos.com/en-us/support/knowledgebase/119744.aspx you can pre-configure the Sophos installer to contain update credentials typically to update directly from Sophos' servers. Whereas with SAV 9.0.x and 9.1.x these details where stored in a plist inside the Sophos installer application with SAV 9.2.x they are now in a plist in a folder outside the application. You need SAV 9.2.2 for Yosemite compatibility.

Since Sophos Update Manager is discontinued the only ways to distribute updates to Mac clients are -

1. Configure each Mac to get updates directly from Sophos
2. Setup a Windows server running Sophos Enterprise Console
3. Once a month reinstall the latest SAV9 application, typically Sophos issue a new version once a month, this later choice of course means you don't get the benefit of updates every hour

If you have installed say 9.1.4 and it was configured to get updates directly from Sophos then it should should update itself to 9.2.2. If you are merely installing the newer version once a month then pushing the newer version will update it and it is not necessary to remove the older version. Obviously it is best to pre-configure it to get automatic hourly updates and not to just manually update it each month.

Hopefully everything @jelockwood][/url][/url][/url][/url mentioned above falls into deploying the mpkg from the bootstrap location on the Enterprise Console.

The problem I have is knowing which version to trust.

https://www.dropbox.com/s/smof1fl8f4i3x6x/Screen%20Shot%202014-11-12%20at%209.45.24%20AM.png?dl=0

So is it actually 9.1.4 or is it 9.1.8? (9.1.8 is the version available in the bootstrap location on our Enterprise Console.)

I understand how to deploy AV to the machines, I just don't know if I should trust if it updates itself correctly or if I need to re-distribute the application on a regular basis via policy in the JSS with the mpkg from the bootstrap location.

what do you mean which version to trust?

If you can see the picture above @tkimpton, the app is reporting as version 9.1.4, but when you click About Sophos in the menubar icon it says 9.1.8.

yeah, ignore the app version. quite funny its been taking weeks to get our techs to understand this

can't see picture above, has a question mark

the version is read from /Library/Sophos Anti-Virus/RMS/agent.config

my extension attribute is

#!/bin/bash

FILE=/Library/Sophos Anti-Virus/product-info.plist

if [[ -f $FILE ]]; then
command=`defaults read /Library/Sophos Anti-Virus/product-info.plist | grep ProductVersion | awk '{print $3}' | cut -d '"' -f2`

# Display the result
echo "<result>$command</result>" 

fi
exit 0

@emilykausalik I see the same thing, 9.1.4 if I get info on the app in Applications, and 9.1.8 if I use About Sophos. I believe it is a miss on the Get Info of the app bundle. If you go in and check the Sophos Anti-Virus.log file in the Sophos preferences, and do a search for "Version", you'll see that it comes up reporting as 9.1.8. I think they just forgot to update the app bundle.

let me know if you need a hand with SAV, I've had to deal with this for a decade now and can be a pain.

http://tinyurl.com/q75rjw6

@tkimpton sorry, Dropbox fail. Changed it to a link so it should be visible by clicking now.

Okay, so as long as the About Sophos dialogue is correct I'm good.

Our developers are having issues with AJAX calls being blocked by the client. The reply I got from Sophos claims that it was released in the 9.1.5 fix, so I'm wanting to confirm what version our machines have on them before I go back to Dev and tell them to fix their code rather than blame it on Sophos.

Thanks y'all.

trust the one saying 9.1.8 that is the build version

9.1.4 is the app version http://tinyurl.com/q75rjw6

check out my extension attribute

If you deploy from the Sophos Enterprise Console CID location then when it installs it includes settings to get updates from the CID.

If you use the standalone version you need to pre-configure the installer app to add update credentials which usually will be set to update directly from Sophos.

It is annoying that the plist within the main Sophos application does not match the headline version number but Sophos do provide the correct version number at /Library/Sophos Anti-Virus/product-info.plist and have made it clear this is the correct place to check it.

Note: It is also the correct place to check which type you have installed -

Sophos Home Edition
Sophos Standalone Edition
Sophos Managed Edition (i.e. Sophos Enterprise Console)
Sophos Cloud Edition

By checking the type you can see if people are running the wrong one and not confuse those in any license counts.

defaults read /Library/Sophos Anti-Virus/product-info Product

gives you a number that indicates the product type.

1B897C99-EBD6-430D-AA97-EF71E7AC6C15 = home edition
C7CC7924-277E-431D-88E7-F6C956AD24D9 = standalone edition
F9A0034E-6549-41ED-BD37-88CF2AA4CC8A = managed edition
F268E38B-F647-4E06-AA73-3F3C2850E6F5 = sophos cloud edition

Clearly people should not be running the home edition on work computers.

@lisacherie Are you able to share the script you use please? That is exactly how I would like to run the install but a bit over my head!

Wow this is a big thread. I seem to only have to deal with getting a working Sophos package every couple of years. Most of the time it all gets updated via the SEC. Read this thread to refresh my knowledge of deploying Sophos. So much of information here. @tkimpton][/url][/url][/url][/url that is an amazing script for removing any version of Sophos. Thanks! It works for me but when I run it I do see an error that says "line 15: [: /Library/Application Support/Sophos: binary operator expected" That line reads "elif [ -d /Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg ]; then" But it does seem to work. I used to install Sophos and then package with Composer but thanks to the tips in this thread I'm now using the .mpkg that is on the SEC in /Sophos Update/CIDs/S000/ESCOSX/ The problem I had at first was that Casper would give me this error that it couldn't verify the package or something to do with the integrity. I had a feeling that it was something to do with it being an .mpkg as it would install perfectly on a workstation on its own.

So I went back to searching JAMFnation on mpkg and and found a tip from @donmontalvo][/url][/url][/url][/url where he said to 1. Add the pkg to the policy, then under the action pop up select "Cache"
2. Then under the maintenance section check the box that says [x] Install cached packages.

So my policy first runs the @tkimpton][/url][/url][/url][/url script to clear out any former install of Sophos. Then it pushes out the .mpkg file to the machine and caches it. Then installs any cached packages. Other than that one error it all works great. A little digging around JAMFNation and I'm all set. This is an amazing community.

My files in my package

I am currently deploying 9.1.8 Enterprise. Hope this helps someone. I also managed to set the update setting URL locations based on the machines computer name, include overrides and put in the Sophos Keychain.

The reason for this was that some remote sites were taking far too long to get credentials and left the machine in some cases vulnerable without AV.

/private/tmp/Sophos Anti-Virus.mpkg
/Library/Sophos Anti-Virus/Sophos.keychain
/Library/Management/Scripts/Sophos_Overrides.sh
/Library/LaunchDaemons/com.sn.savoverrides.Launchd.plist

PREINSTALL

#!/bin/bash
## preinstall


####### ENVIRONMENT VARIABLES #######

FILE1=/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer

FILE2=/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer

######### DO NOT MODIFY BELOW THIS LINE ###########


### Uninstall version 9.1
if [[ -f $FILE1 ]]; then
/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove > /dev/null 2>&1

### Uninstall version 9.0
elif [[ -f $FILE2 ]]; then
/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/InstallationDeployer --remove > /dev/null 2>&1
fi

# Pause 10 seconds
sleep 10

# Remove the old preferences
sudo rm -rf /Library/Preferences/com.soph* > /dev/null 2>&1

# Remove the old Caches
rm -rf /Library/Caches/com.sophos.*
rm -rf /Library/Application Support/Sophos Anti-Virus/
rm -rf  /Library/Application Support/Sophos/

# Remove the previous installers
rm -rf /Library/Scripts/SN/AV/Sophos Anti-Virus.mpkg > /dev/null 2>&1
rm -rf /tmp/Sophos Anti-Virus.mpkg > /dev/null 2>&1

exit 0          ## Success
exit 1          ## Failure

--------------------------
POST INSTALL

#!/bin/sh

## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

############


####### HISTORY ##############
#
#
# Written by Tim Kimpton 09.23.2014
#
# The Remote Management System (RMS) that deals with the communication between Sophos Anti-Virus for Mac OS X and the Sophos Enterprise Console can be
# configured to allow the Machine Name, Domain Name, and Computer Description to be overridden and alternative values to be used.
#
# http://www.sophos.com/en-us/support/knowledgebase/119758.aspx
#
############################

####### ENVIRONMENT VARIABLES ###########

# Get the machines current computername
ComputerName=`scutil --get ComputerName`

# Get machine location
LOCATION=`scutil --get ComputerName | cut -c 2-4`


# LONDON, AMSTERDAM, FRANCE, EUROPEAN REMOTE
if [[ "${LOCATION}" = LON && AMS && CDG && ERE ]]; then
PrimaryServerURL=XXX/SophosUpdate/CIDs/S000/ESCOSX

# SAN DIEGO
elif [ "${LOCATION}" = SAN ]; then
PrimaryServerURL=XXX/SophosUpdate/CIDs/S000/ESCOSX

# SEATTLE
elif [ "${LOCATION}" = SEA ]; then
PrimaryServerURL=XXX/SophosUpdate/CIDs/S000/ESCOSX

# SAN JOSE
elif [ "${LOCATION}" = SJC  ]; then
PrimaryServerURL=XXX/SophosUpdate/CIDs/S000/ESCOSX

# DEFAULT
else
PrimaryServerURL=XXX/SophosUpdate/CIDs/S000/ESCOSX

fi

### Domain Bindings ###

# Apple AD Plugin
AD=XXX

# Likewise AD Plugin
LikewiseAD="Likewise - Active Directory"

### LikeWise machine ###
LWmachine=`dscl /"${LikewiseAD}"/ -list /Computers | awk '{print $0}'`

### Apple AD machine ###
ADMachineCheck=`dsconfigad -show | grep "Computer Account" | awk '{print $4}' | cut -d "$" -f1`

### Check to see if the machine is bound to AD with the Apple Plugin
DomainCheck=`dsconfigad -show | grep -i "Active Directory Domain" | awk '{print $5}'`

############################### DO NOT MODIFY BELOW THIS LINE #################################

# install the pkg
sudo installer -pkg /tmp/Sophos Anti-Virus.mpkg -target /

sleep 10

############## ComputerNameOverride ###############

# Check to see if the ComputerName is already in the file
if
cat /Library/Sophos Anti-Virus/RMS/agent.config | grep ComputerNameOverride > /dev/null 2>&1 ;then

# If it is already in the file just echo out
echo "Sophos Anti-Virus ComputerNameOverride already exists!"

# If the override does not exist then check again the Apple AD plugin against the computer name
elif [ "${DomainCheck}"  = corp.service-now.com ]; then
echo "The machine"${ADMachineCheck}" exists in Active Directory and bound to "${DomainCheck}"
Creating the Sophos Anti-Virus Override"

# Write the override file to the location
sudo echo ""ComputerNameOverride"=""${ADMachineCheck}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist


# Carry out the check if the machine is bound by Likewise plugin
elif
dscl /"${LikewiseAD}"/ -list Computers > /dev/null 2>&1 ;then
echo "The machine "${LikewiseAD}" exists in Active Directory and is bound to the Domain via the Likewise plugin
Creating the Sophos Anti-Virus ComputerNameOverride"

# Write the override file to the location
sudo echo ""ComputerNameOverride"=""${LWmachine}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist
fi

############## ComputerDescriptionOverride #############

# Check to see if the ComputerName is already in the file
if
cat /Library/Sophos Anti-Virus/RMS/agent.config | grep ComputerDescriptionOverride > /dev/null 2>&1 ;then

# If it is already in the file just echo out
echo "Sophos Anti-Virus ComputerDescriptionOverride already exists!"

# If the override does not exist then check again the Apple AD plugin against the computer name
elif [ "${DomainCheck}"  = corp.service-now.com ]; then
echo "The machine"${ADMachineCheck}" exists in Active Directory and bound to "${DomainCheck}"
Creating the Sophos Anti-Virus ComputerDescriptionOverride"

# Write the override file to the location
sudo echo ""ComputerDescriptionOverride"=""${ADMachineCheck}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

# Carry out the check if the machine is bound by Likewise plugin
elif
dscl /"${LikewiseAD}"/ -list Computers > /dev/null 2>&1 ;then
echo "The machine "${LikewiseAD}" exists in Active Directory and is bound to the Domain via the Likewise plugin
Creating the Sophos Anti-Virus ComputerDescriptionOverride"

# Write the override file to the location
sudo echo ""ComputerDescriptionOverride"=""${LWmachine}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

fi

################# DomainNameOverride ###################

# Check to see if the ComputerName is already in the file
if
cat /Library/Sophos Anti-Virus/RMS/agent.config | grep DomainNameOverride > /dev/null 2>&1 ;then

# If it is already in the file just echo out
echo "Sophos Anti-Virus DomainNameOverride already exists!"

# If the override does not exist then check again the Apple AD plugin against the computer name
elif [ "${DomainCheck}"  = corp.service-now.com ]; then
echo "The machine"${ADMachineCheck}" exists in Active Directory and bound to "${DomainCheck}"
Creating the Sophos Anti-Virus DomainNameOverride"

# Write the override file to the location
sudo echo ""DomainNameOverride"="$AD"" >> "/Library/Sophos Anti-Virus/RMS/agent.config"


# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

# Carry out the check if the machine is bound by Likewise plugin
elif
dscl /"${LikewiseAD}"/ -list Computers > /dev/null 2>&1 ;then
echo "The machine "${LikewiseAD}" exists in Active Directory and is bound to the Domain via the Likewise plugin
Creating the Sophos Anti-Virus DomainNameOverride"

# Write the override file to the location
sudo echo ""ComputerDescriptionOverride"="$AD"" >> "/Library/Sophos Anti-Virus/RMS/agent.config"


# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

fi

# Load the LaunchDaemon
launchctl load -w /Library/LaunchDaemons/com.sn.savoverride.Launchd.plist

# Hide the folder
chflags hidden /Library/Management/

# Hide the launchdaemon
chflags hidden /Library/LaunchDaemons/com.sn.savoverride.Launchd.plist

# Pause 10 seconds
sleep 10

############# Set Sophos PrimaryURL #################

# Set to use network volume for Primary server
defaults write /Library/Preferences/com.sophos.sau PrimaryServerType '<integer>2</integer>'

# Set the URL
defaults write /Library/Preferences/com.sophos.sau PrimaryServerURL smb://$PrimaryServerURL

# Set secondary server to Sophos
defaults write /Library/Preferences/com.sophos.sau SecondaryServerType '<integer>0</integer>'

defaults write /Library/Preferences/com.sophos.sau SecondaryServer '<true/>'

# Restart Sophos Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.*
launchctl load -w /Library/LaunchDaemons/com.sophos.*


exit 0      ## Success
exit 1      ## Failure

Sophos_Overrides.sh run with a launch daemon and watch path if /Library/Sophos Anti-Virus/RMS/agent.config is modified

#!/bin/bash

####### HISTORY ##############
#
#
# Written by Tim Kimpton 09.23.2014
#
# The Remote Management System (RMS) that deals with the communication between Sophos Anti-Virus for Mac OS X and the Sophos Enterprise Console can be
# configured to allow the Machine Name, Domain Name, and Computer Description to be overridden and alternative values to be used.
#
# http://www.sophos.com/en-us/support/knowledgebase/119758.aspx
#
############################


####### ENVIRONMENT VARIABLES ###########

# Get the machines current computername
ComputerName=`scutil --get ComputerName`

### Domain Bindings ###

# Apple AD Plugin
AD=XXX

# Likewise AD Plugin
LikewiseAD="Likewise - Active Directory"

### LikeWise machine ###
LWmachine=`dscl /"${LikewiseAD}"/ -list /Computers | awk '{print $0}'`

### Apple AD machine ###
ADMachineCheck=`dsconfigad -show | grep "Computer Account" | awk '{print $4}' | cut -d "$" -f1`

### Check to see if the machine is bound to AD with the Apple Plugin
DomainCheck=`dsconfigad -show | grep -i "Active Directory Domain" | awk '{print $5}'`

##### DO NOT MODIFY BELOW THIS LINE ######


############## ComputerNameOverride ###############

# Check to see if the ComputerName is already in the file
if
cat /Library/Sophos Anti-Virus/RMS/agent.config | grep ComputerNameOverride > /dev/null 2>&1 ;then

# If it is already in the file just echo out
echo "Sophos Anti-Virus ComputerNameOverride already exists!"

# If the override does not exist then check again the Apple AD plugin against the computer name
elif [ "${DomainCheck}"  = corp.service-now.com ]; then
echo "The machine"${ADMachineCheck}" exists in Active Directory and bound to "${DomainCheck}"
Creating the Sophos Anti-Virus Override"

# Write the override file to the location
sudo echo ""ComputerNameOverride"=""${ADMachineCheck}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist


# Carry out the check if the machine is bound by Likewise plugin
elif
dscl /"${LikewiseAD}"/ -list Computers > /dev/null 2>&1 ;then
echo "The machine "${LikewiseAD}" exists in Active Directory and is bound to the Domain via the Likewise plugin
Creating the Sophos Anti-Virus ComputerNameOverride"

# Write the override file to the location
sudo echo ""ComputerNameOverride"=""${LWmachine}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist
fi

############## ComputerDescriptionOverride #############

# Check to see if the ComputerName is already in the file
if
cat /Library/Sophos Anti-Virus/RMS/agent.config | grep ComputerDescriptionOverride > /dev/null 2>&1 ;then

# If it is already in the file just echo out
echo "Sophos Anti-Virus ComputerDescriptionOverride already exists!"

# If the override does not exist then check again the Apple AD plugin against the computer name
elif [ "${DomainCheck}"  = corp.service-now.com ]; then
echo "The machine"${ADMachineCheck}" exists in Active Directory and bound to "${DomainCheck}"
Creating the Sophos Anti-Virus ComputerDescriptionOverride"

# Write the override file to the location
sudo echo ""ComputerDescriptionOverride"=""${ADMachineCheck}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

# Carry out the check if the machine is bound by Likewise plugin
elif
dscl /"${LikewiseAD}"/ -list Computers > /dev/null 2>&1 ;then
echo "The machine "${LikewiseAD}" exists in Active Directory and is bound to the Domain via the Likewise plugin
Creating the Sophos Anti-Virus ComputerDescriptionOverride"

# Write the override file to the location
sudo echo ""ComputerDescriptionOverride"=""${LWmachine}""" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

fi

################# DomainNameOverride ###################

# Check to see if the ComputerName is already in the file
if
cat /Library/Sophos Anti-Virus/RMS/agent.config | grep DomainNameOverride > /dev/null 2>&1 ;then

# If it is already in the file just echo out
echo "Sophos Anti-Virus DomainNameOverride already exists!"

# If the override does not exist then check again the Apple AD plugin against the computer name
elif [ "${DomainCheck}"  = corp.service-now.com ]; then
echo "The machine"${ADMachineCheck}" exists in Active Directory and bound to "${DomainCheck}"
Creating the Sophos Anti-Virus DomainNameOverride"

# Write the override file to the location
sudo echo ""DomainNameOverride"="$AD"" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

# Carry out the check if the machine is bound by Likewise plugin
elif
dscl /"${LikewiseAD}"/ -list Computers > /dev/null 2>&1 ;then
echo "The machine "${LikewiseAD}" exists in Active Directory and is bound to the Domain via the Likewise plugin
Creating the Sophos Anti-Virus DomainNameOverride"

# Write the override file to the location
sudo echo ""ComputerDescriptionOverride"="$AD"" >> "/Library/Sophos Anti-Virus/RMS/agent.config"

# Restarting the Sophos RMS Services
launchctl unload -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl unload -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

launchctl load -w /Library/LaunchDaemons/com.sophos.managementagent.plist
launchctl load -w /Library/LaunchDaemons/com.sophos.messagerouter.plist

fi

exit 0

** NOTE IN JANUARY SOPHOS ARE RELEASING 9.2.2 will be released as recommended and we are going to have to go through all of this again and 9.2.2 is an app and is completely different!!!**

http://www.sophos.com/en-us/support/knowledgebase/120189.aspx

With regards to Sophos 9.2.2's installer being an app, I took a look at repackaging Sophos Home Edition (as that's already at 9.2.2). I have a post with my findings available here:

http://derflounder.wordpress.com/2014/11/27/deploying-sophos-anti-virus-home-edition-for-mac-9-2-x-f...

Thanks rich we really appreciate it :)

I got nothing even from the head of Sophos development in Canada and numerous support calls.

:)

I will play around with Enterprise 9.2.2 over Christmas when I get a breather from work and will let you know what I have come up with :)

Tim

@rtoughton
@tkimpton

Quite some time ago I adapted Richard's original script to allow deploying the paid for but standalone version of SAV9.0.x, more recently I have updated my modified script to allow deploying SAV 9.2.2 see my article here http://jelockwood.blogspot.co.uk/2014/03/deploying-sophos-anti-virus-on-mac.html and follow the pastebin link to get a copy of the script.

The process is basically the same as Richard's original one - using Packages to build an installer package containing the Sophos installer application along with the now externally stored update settings, and then running (my version of) a post-install script.

This works fine to deploy the standalone version on versions of OS X from 10.6 all the way up to and including 10.10.1

@jelockwood

Unfortunately your update setting for 9.2.2 are not clear (externally stored update settings)

I have tried to look for this in your scripts and cannot see it. Please can you provide details?

Thanks

@tkimpton

I did mention it on my webpage and earlier in this thread. For the Sophos standalone version you pre-configure the Sophos installer application as per their instructions here http://www.sophos.com/en-us/support/knowledgebase/119744.aspx

You then package up the Sophos installer application and these settings (using Packages) and run the post-install script to install both. The Sophos installer app will look for the settings that should be included with it. The settings used to be inside the Sophos installer application but are now in a folder outside the application - this folder is called "Sophos Installer Components" and contains a file called "updateconfig.xml". So the installer package needs to deliver both "Sophos Installer.app" and "Sophos Installer Components" (at the same level) I did this by putting both into a folder and delivering the parent folder.

As I don't have a Windows server I am using the standalone version of Sophos as mentioned. If Sophos Enterprise Console now stores the settings outside of the Sophos Installler.app and if it now uses the Sophos Installer.app rather than a package then a similar approach should be possible.

thanks "Sophos Installer Components" is what i was looking for

I have had Sophos 9.1.7 working fine in our environment, has the update server name, and auto update as it should.

I repackaged the provided mpkg with a pkg, doing a snapshot in Composer. Has been working (does require a reboot)

Now I have an updated 9.1.8 mpkg, and the Sophos admins, want to include a GroupPath, grouppath.list, in the mpkg.

http://www.sophos.com/en-us/support/knowledgebase/119791.aspx

Did that, but this just doesn't install correctly / work anymore.

Is there an ultimate destination that this grouppath.list (or information contained thereof) is located PostInstall, that way, I can just include that with Composer. Any experiences / feedback greatly appreciated. John

@johnklimeck][/url,

I'm deploying Sophos Enterprise 9.1.8 using the method described here:

https://derflounder.wordpress.com/2014/09/02/deploying-sophos-enterprise-anti-virus-for-mac-os-x-9-x...

@johnklimeck @rtoughton

As you are hopefully aware you need Sophos Anti-Virus 9.2.2 for full Yosemite compatibility, I think the latest version is now 9.2.3. I deploy the standalone (paid for) version of 9.2.2 using a tweaked version of Richard Troughton's original solution as documented here http://derflounder.wordpress.com/2014/02/20/deploying-sophos-anti-virus-for-mac-os-x-9-x/ with my tweaked version here http://jelockwood.blogspot.co.uk/2014/03/deploying-sophos-anti-virus-on-mac.html

I pre-configure the Sophos installer application to include the download credentials to get updates direct from Sophos. As a reminder I don't have a Windows server to run Sophos Enterprise Console and hence cannot distribute updates internally.

I realise some people here need to deploy the Enterprise Console managed version and when I did last use this in a previous job where I had a Windows server to run it on it used to be the case that when a migration from one major version of SAV to another was taking place you could chose which to subscribe to to get updates to host on your server. Either you would replace your soon to be obsolete one and only have the new one, or you would create an additional separate folder - aka. CID. I would presume a similar process still occurs so you might want to look at whether a 9.2.2 based option is now available.

Greetings all. We've always had issues with our Mac Sophos clients, and our install base was an inconsistent and rather unprotected mess. When we set up a new Sophos server, we decided to use this as an opportunity to remove the messed up installations on our Macs and have our clients all configured consistently and talking to the new Enterprise Console. I was having issues getting Sophos 9.1.8 deployed; the installer would run as a policy from Casper but the autoupdate settings would not be properly populated in a consistent manner. I was referred to the guide already referenced here:

https://derflounder.wordpress.com/2014/09/02/deploying-sophos-enterprise-anti-virus-for-mac-os-x-9-x...

I modified that approach for our environment and it has been working great so far.

A couple notes on our environment:

• Most of our Macs already have Sophos 9.x installed. The few that have no Sophos installed or still have Sophos 8 installed are excluded from our policy and will be remediated separately.
• We've been using Iceberg to make our packages, so some options and what-not may be a little different

OK, so first we created an installer with our Enterprise Console with the appropriate settings we want. We then took a clean machine and manually ran this installer so that everything was configured properly. We then grabbed the following files to distribute later:

• /Library/Preferences/com.sophos.sau.plist
• /Library/Sophos Anti-Virus/Sophos.keychain

We then created a new project in Iceberg on an admin machine. We configured it to copy our Enterprise installer and the two files we harvested into a non-obvious local folder on the drive. For argument sake we'll call it /Library/MrFluffyKins. We then added the following preflight script which invokes the existing Sophos removal tool on clients and then deletes old files that had been used by Sophos:

#!/bin/sh

# ** REMOVE SOPHOS ANTI-VIRUS ***
# 2015-01-28 cforte

# Remove Current Install
/Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove

# Timer to delay next steps until the removal process completes
sleep 30

# Delete Sophos Files
rm -fr /Library/Sophos Anti-Virus
rm -fr /Library/Application Support/Sophos
rm -fr /Library/Application Support/Sophos Anti-Virus
rm -f /Library/Preferences/com.sophos.*

exit 0

We then added the following postflight script which runs the installer we dumped on the local drive, copies the update files we had grabbed earlier, and relaunches Sophos:

#!/bin/sh
#!/bin/bash
# Reinstall Sophos Anti-Virus
# 2015-02-11 cforte
# Postflight script for a package that copies the installer to the /Library/MrFluffyKins folder and invokes the appropriate flags to install Sophos properly and copies settings files to appropriate locations

# Install cached package
installer -pkg '/Library/MrFluffyKins/Sophos Anti-Virus.mpkg' -target /

# Timer to give time for installation processes to complete before moving on
sleep 45

# Remove incorrect update files
rm -f /Library/Sophos Anti-Virus/Sophos.keychain
rm -f /Library/Preferences/com.sophos.sau.plist

# Move update settings files to their appropriate locations
mv -f /Library/MrFluffyKins/Sophos.keychain /Library/Sophos Anti-Virus/
mv -f /Library/MrFluffyKins/com.sophos.sau.plist /Library/Preferences/

# Relaunch Sophos to load new settings
/bin/launchctl unload /Library/LaunchDaemons/com.sophos.configuration.plist
/bin/launchctl load /Library/LaunchDaemons/com.sophos.configuration.plist 

exit 0

When building the package, I had to make sure that it was set to run with elevated privileges. To be safe, I also set permissions on the installer and settings files dumped in the MrFluffyKins folder so that everyone had read/execute rights. After building that and deploying it as a policy in Casper, it has been working on machines from OS X 10.6 - 10.10.

I had the same thought as @lisacherie and decided to script it. That was working great with the pkg installer from the previous version. I just had to update our script to work with the app installer. Here it is in case someone else finds it useful. We aren't hardcoding the update settings; instead, we're using the grouppath.plist to specify a group in which to enroll in the Enterprise Console. That group's settings determine primary and secondary update servers, definition update frequency, etc.

#!/bin/sh

# InstallSophos.sh

# Mount Sophos share
echo "Mounting SOPHOSAV..."
jamf mount -server "sophos.mydomain.com" -share "SophosUpdate" -type "smb" -username "username" -password "password"

# Copy package to machine
echo "Copying package to local directory..."
cp -R "/Volumes/SophosUpdate/CIDs/S000/ESCOSX/Sophos Installer.app" /tmp/
cp -R "/Volumes/SophosUpdate/CIDs/S000/ESCOSX/Sophos Installer Components" /tmp/


# Unmount Sophos share
echo "Unmounting SOPHOSAV..."
jamf unmountServer -mountPoint /Volumes/SophosUpdate

# Add install data for Mac group in Enterprise Console
echo "Setting group path info..."
groupPath="/tmp/Sophos Installer Components/RMS/grouppath.plist"
echo '<?xml version="1.0" encoding="UTF-8"?>' > $groupPath
echo '<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">' >> $groupPath
echo '<plist version="1.0">' >> $groupPath
echo '<dict>' >> $groupPath
echo '<key>GroupPath</key>' >> $groupPath
echo '<string>SOPHOSMac</string>' >> $groupPath
echo '</dict>' >> $groupPath
echo '</plist>' >> $groupPath

# Install package
echo "Installing Sophos app..."
"/tmp/Sophos Installer.app/Contents/MacOS/tools/InstallationDeployer" --install

# Trigger initial auto update
echo "Performing initial auto update..."
sleep 15
/usr/bin/sophosupdate

# Remove tmp files
rm -rf "/tmp/Sophos Installer.app"
rm -rf "/tmp/Sophos Installer Components"

exit 0

I find that sometimes that initial Auto Update doesn't work because it takes time for the Enterprise Console's group settings to apply to the client. Usually a reboot seems to fix this. If any one knows of a way to expedite this process, please share!

@jagress how did you handle existing installations of Sophos Clients? was this only for machines that didn't have it?

@wmateo I first run an uninstall script.

I think there are some examples in this thread. Though I had some issues with the Sophos uninstaller not working 100% over the summer, so I ended up scripting my own.