Symantec AntiVirus for Linux: How to Compile Auto-Protect Kernel Modules under Ubuntu


Article ID: 177819


Updated On:


Endpoint Protection


After following the instructions in the article How to install Symantec AntiVirus for Linux on Ubuntu, Auto-Protect is not enabled. 

Some kernels are supported by the install packages supplied with Symantec AntiVirus for Linux (SAVFL), and Auto-Protect will function immediately.  Some are not and require an extra, manual step.  (See System requirements for Symantec AntiVirus for Linux 1.0 for details on kernels currently supported.)  As of SAVFL version 1.0.8, it is possible to compile and install Auto-Protect kernel modules for Linux versions that are not otherwise supported by Symantec.



For details, consult the README that comes in the source tarball (e.g. ap-kernelmodule-1.0.10-26.tar.gz) for Auto-Protect.

The steps for Ubuntu can be summarized as follows:

  • Install the development tools for your particular Ubuntu version:

    sudo apt-get install linux-headers-$(uname -r) build-essential

  • Extract the source tarball.
  • For SAVFL 1.0.8 only, the file must be modified because there is an if-then statement that is not properly constructed:

    if [ "$kernelVerNumber" -gt "132632" ] ; then   #kernel version >= 2.6.24
              buildFlags="$buildFlags UBUNTU=1"

    Change the -gt to -ge, and the if-then statement will work as described in the comment.

    For newer builds (1.0.9 and higher), this modification is not needed.
  • Run as follows from a terminal window, where /path/to/expanded/folder is where is located, i.e. /home/user/Desktop/ap-kernelmodule-1.0.10-26:

    cd /path/to/expanded/folder
    sudo ./ --kernel-dir /lib/modules/$(uname -r)/build

    A message will be displayed indicating that the build was successful. 

  • Copy the kernel modules (as directed in README) to /opt/Symantec/autoprotect/ and restart the system (or restart autoprotect and rtvscand daemons).

    sudo cp ./bin.ira/* /opt/Symantec/autoprotect
    sudo /etc/init.d/autoprotect restart
    sudo /etc/init.d/rtvscand restart


Auto-Protect should function normally after this operation is complete.  Downloading an eicar test file will trigger a detection. 

Technical Information
If the if-then statement is not modified as described, you may get an error similar to the following when running (Ubuntu 8.04 -- Hardy):

CFLAGS was changed in "/home/admin/Desktop/sav-linux-1.0.8-17/ap-kernelmodule-1.0.8-17/symev/Makefile". Fix it to use EXTRA_CFLAGS.