Terminal and Sophos for me

Recently, I have played around with Sophos and the command line tools that come with the product. If we, as sysadmins, can script the updates, installations, and scans of systems without interrupting the user, then everyone is happy. The user is not disrupted and sysadmins are compliant in protecting our users and organization. 

There are plenty of scripts written by people and documentation provided by Sophos to perform silent installations and uninstallations of Sophos Anti-Virus. Sophos has the process documented on their support page. Here is a sample of the some of the commands that you can use to uninstall the product:

This will uninstall unmanaged versions

sudo /Library/Application\ Support/Sophos/opm-sa/ --remove

This will uninstall managed versions


sudo /Library/Application\ Support/Sophos/opm/ --remove


sudo /Library/Application\ Support/Sophos/opm/ --remove

Knowing  this information is great if you want to uninstall Sophos via the command line because a user cannot find the Remove Sophos Antivirus stored in:

/Library/Sophos\ Anti-Virus/Remove\ Sophos\

For those who would like to automate this process you can utilize a script written by Rich Trouton.

Another handy tool that Sophos includes with their product is a command line tool. This tool details:

  • Version
  • Virus data version
  • Virus definitions
  • Perform Scans

These are just a few options that one can utilize on the command line. The Sophos binary is:


Here are some options that you can run from the command line:

-sc [*] : Scan dynamically compressed executables
-f [ ] : Full scan
-extensive [ ] : Scan complete contents of files
-di [ ] : Disinfect infected items
-s [*] : Run silently (do not list files swept)
-c [*] : Ask for confirmation before disinfection/deletion
-b [*] : Sound bell on virus detection
-all [*] : Scan all files
-rec [*] : Do recursive scan
-remove [ ] : Remove infected objects
-dn [ ] : Display file names as they are scanned
-ss [ ] : Don't display anything except on error or virus
-eec [ ] : Use extended error codes
-ext=extension,.. : Specify additional extensions to SWEEP
-p= : Write to logfile
-idedir= : Read IDEs from alternative directory
-exclude : Exclude the following objects from scanning
-include : Include the following objects in scanning
-v : Display complete version information
-vv : Display complete version information and details on
-h : Display this help and exit

The command line tool will also let you scan inside compressed files. If your organization utilizes Sophos as the corporate Anti-virus, I would suggest automated scans of the system, compressed files, adware/PUAs, especially after Apple released their Adware documentation.  The binary also allows an administrator to perform scans on extensions that may not be as common or included within a Sophos scan. Finally, being able to determine the Sophos Version & Virus definition version can help with reporting and enforcing the latest patches on your client machines.