Jamf Nation Community

acampuzano · ‎03-25-2015

Our laptops are currently running OSX 10.9 with Sophos v9.1 and we need to upgrade to Sophos 9.2. Running the 9.2 install alone does not work. Sophos needs to be uninstalled first and then run the install. I have tried Composer by capturing, running the uninstall (9.1) and then running the install but it didn't seem to work. Is there a way to run the uninstaller through a policy? Casper Admin does not let me upload the uninstaller because it is a .app. Any thoughts?

rtrouton · ‎03-25-2015

I've written a post that describes how I'm building a Sophos 9.2.x installer. It's available via the link below:

https://derflounder.wordpress.com/2015/02/26/deploying-sophos-enterprise-anti-virus-for-mac-9-2-x/

I've incorporated a preinstall script that uninstalls existing copies of Sophos 8.x and 9.x before proceeding to install Sophos 9.2.x.

CasperSally · ‎03-25-2015

@rtrouton thanks for chiming in. Will bookmark that for sure for when I rebuild our installer in the next few months.

@acampuzano our clients updated themselves to 9.2.4 (but they were 9 something already as of this summer). Not sure if that helps you, but maybe there's a console setting that will upgrade your clients as well?

acampuzano · ‎03-25-2015

Thanks @rtrouton I will take a look at the article.

@CasperSally Our users are not admin on the laptops, therefore unable to upgrade themselves. The setting for an upgrade through the console is only available for Windows.

CasperSally · ‎03-25-2015

@acampuzano

Our users aren't admins. On the Sophos console, under update managers, OSX is set to 9 Recommended which updates clients to whatever version Sophos deems a recommended.

Maybe your sophos update manager needs an update (this is from Feb when 9.2.3 was recommended)
https://www.sophos.com/support/knowledgebase/121824.aspx

acampuzano · ‎03-27-2015

@CasperSally Thank you! That worked!!!!

jamestoher · ‎04-28-2015

@acampuzano

I've built a payload-free package in JAMF Composer with a postinstall script. The script mounts the Sophos Enterprise Console network share, and runs the installer from there. It's a flat package set to require root authorisation and root volume only, signed so that Gatekeeper doesn't get in the way, and no spaces in it's name to avoid any trouble there. I'm still testing, but it works well so far on network segments which can see the Sophos share. You could scope a policy so that it installs when your laptops are on-net.

Earlier I used a similar package to deploy a copy of the present Sophos ESCOSX directory to a temporary folder, but mounting the share directly seems like less maintenance.

I'm using Expect to enter the password for the share, but you could simply include the password in the mount address, assuming it doesn't include certain special characters and you don't mind people seeing the password listed when they run mount.

Here is the postinstall script I'm using:

#!/bin/bash
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

# Sophos Anti-Virus 9.2.x Enterprise install application
# Based on  https://www.sophos.com/en-us/support/knowledgebase/14179.aspx
# and https://derflounder.wordpress.com/2015/02/26/deploying-sophos-enterprise-anti-virus-for-mac-9-2-x/
# James Toher 2015-04-28

share=""
domain=`/usr/sbin/dsconfigad -show | grep "Active Directory Domain" | awk '{print tolower($NF)'}`
result=1
tempdir="/private/tmp/sav.$$"

function clean_up {
    /usr/sbin/diskutil unmount $tempdir &&
    /bin/rmdir "${tempdir}"
}

trap clean_up SIGHUP SIGINT SIGTERM EXIT

function with_password {
    expect <<CMD
    spawn $2
    expect "*assword*:"
    send "${1}
"
    expect EOF
CMD
}

function removeSophosAV8 {

    # Uninstall existing copy of Sophos 8.x by checking for the
    # Sophos Antivirus uninstaller package in /Library/Sophos Anti-Virus.  
    if [ -d "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
        /usr/sbin/installer -pkg "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /
    elif [ -d "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
        /usr/sbin/installer -pkg "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /    
    fi

}

function removeSophosAV9 {

    # Uninstall existing copy of Sophos 9.x by checking for the InstallationDeployer tool 
    if [ -x /Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer ]; then
        /Library/Application Support/Sophos/opm/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove
    fi

}


if [ $domain == "domain1.fqdn" ]; then

    share="//SERVER-1-REALM;sophos-readonly-account@server1.domain1.fqdn/SophosUpdate/CIDs/S000/ESCOSX"
    savpwd="your_password_here"


fi


if [ -n "$share" ]; then

    # Mount network share from Sophos enterprise console
    mkdir -p $tempdir
    with_password "${savpwd}" "mount -t smbfs -o nobrowse $share $tempdir" || exit $result

    # Unload the Sophos user agent as the logged in user
    joe=`stat -f %Su /dev/console`
    if [ -n "$joe" ]; then
        sudo -u $joe /bin/launchctl unload /Library/LaunchAgents/com.sophos.uiserver.plist
    fi

    # Uninstall any earlier version
    removeSophosAV8
    removeSophosAV9

    # Install Sophos Anti-Virus 9.x 
    message="Sophos Anti-Virus $install failed"

    /usr/bin/logger "Sophos Anti-Virus $install starting..."
    ${tempdir}/"Sophos Installer.app"/Contents/MacOS/tools/InstallationDeployer --install && result=0
    [ $result -eq 0 ] && message="Sophos Anti-Virus $install completed successfully"

    /usr/bin/logger "$message"

fi

exit $result

apizz · ‎07-21-2015

Just wanted to add the updated derflounder article on packaging Sophos Anti-Virus 9.2.x:

Sophos Enterprise Packaging Revisited

Thanks so much for the instructions!

bentoms · ‎07-21-2015

& here is Yet another Sophos Enterprise Anti-Virus 9.2.x post

apizz · ‎07-22-2015

Thanks, @bentoms !

Jamf Nation Community

Sophos v9.2 Install