Setting up Sophos Antivirus for Linux

Most people use ClamAV for their server anti virus, some still question the need to have antivirus on their servers. On that point, its true there is very few virus / malware out there for Linux. If it comes from your server and the user is running Windows for example it can infect them. Its also your reputation to think about.

Although Sophos claim 1GB as the minimum RAM requirements, it does run on a 512mb Digital Ocean droplet without issue.

Setting up

To get started go to here to download

1) Extract the file you download and upload the folder to your server using SFTP.

2) Connect to your server over SSH and elevate to root.

3) Change to the sophos folder using cd sophos-av/

4) Run (with root privileges) ./

5) Sophos AV will install, follow the prompts ensuring you select the free option

If you have a supported operating system that Sophos provides pre compiled kernal modules for you are finished. If you don't have a OS that has pre compiled binaries like myself who uses Debian follow these steps:

If you don't have a standard OS supported by Sophos

Again ensure you are running with root privileges:
1) Ensure make is installed with apt-get install make

2) Ensure the extra header packages are installed to allow the custom module to compile correctly apt-get install linux-headers-$(uname -r)

3) Install the modules and let it compile by running: /opt/sophos-av/engine/talpa_select select

4) Restart the service using /etc/init.d/sav-protect restart

Sophos Logo

LetsEncrypt with Nginx running Ghost

After buying / getting certificates for a number of years for this site i've recently moved to letsencrypt.

One of the biggest issues I found in setting it up was that certbot needed to create the well known artefact over a non secure connection. This makes sense so not to be in a chicken and egg scenario.

The answer in the end was to split off the secure and non secure requests into two nginx server blocks. this then allowed the following to be aliased.

location /.well-known {
    root /var/www/tls;

The alias is important as the file can't be created by node and needs to look like it's part of the site. In effect is running node and is a standard web folder.

Protecting your domain

A lot of people own a domains either for business or personal use. Few people stop to consider the security of their domain. When you think about it though if someone got hold of it they would have control over everything from sending e-mails as yourself to resetting passwords. Here are some things to consider, in summary:

  • Choose a well established registrar
  • Use two factor authentication
  • Restrict account access to certain IP addresses (may not be practical)
  • Use auto renew and keep an up-to-date card on file

You can still take advantage of offers but if you keep a card on file you know you won't loose your domain if you forget for some reason.

UTM Backup and Restore from the command line

You can easily restore a backup of your UTM from the command line by using the following command:

backup.plx -i <backup_file>

You can also view a list of backups with the following command:

backup.plx -l

To create a backup simply run:


I found this handy when experimenting with different configurations.

Unlock Ghost Accounts without resetting the password

If you remember your password but the account is already locked you can unlock it at the database level. I have demonstrated this using MySQL.

The first step is to work out the user id that is locked, this statement will show you all the accounts that are locked:

SELECT id , name, email, status FROM users WHERE STATUS = "locked";  

Find the user that you want to unlock and run the script ensuring you use the ID that is shown in the results above for the one you want to unlock. In the example below we are unlocking the user with id of 1.

Update users set  status='active' where id="1";  

Clear SSH Key Cache in OS X

Sometimes you can clear a key in OS X however it will hold onto it in memory. This is due to OS X holding onto the keys with a time to live forever unless the user logs out or the system is rebooted. You can view the keys in memory by using the following command:

ssh-add -l

You can also clear it manually by using the following command:

ssh-add -D

VMWARE Sound fix for Windows 95 / 98 / ME

I know Windows 95 is over 21 years old but I had some legacy software I wanted to try out. When using VMWARE Fusion or workstation there are well documented issues with the sound not working. All the guides I read just reported the same issue I got, they tried to download the drivers but got a blue screen. After much troubleshooting I realised the issue is down to a IRQ conflict.

blue screen

The first thing to do is to shut the virtual machine down. Open up the folder where the virtual machine is stored. Right click the Virtual Machine and click "Show package contents"

Show package

Within this folder will be a file called <machine name>.vmx - right click this file and edit it with a text editor. I used BBEdit in this example.

edit file

From here a file will appear. You need to look for the pci lines highlighted below and delete them:

PCI present

Now replace with the following lines, included below for easy copy and paste and demonstrated in the screen shot below:

pciBridge0.present = "false"
pciBridge1.present = "false"
pciBridge2.present = "false"
pciBridge3.present = "false"
pciBridge4.present = "false"
pciBridge5.present = "false"
pciBridge6.present = "false"
pciBridge7.present = "false"

correct lines

Save the file and start the virtual machine. A found new hardware box will appear, cancel it for now.
sound showing

Next install the sound drives using the tools from the creative website, you need the Sound Blaster PCI 128. The hardware will install and not blue screen, part way through you may be asked to reboot, press no and reboot when the setup has finished.

Drivers installing

Once the virtual machine reboots you should hear the welcome sound! The same principle should also work with Windows 98 and Millennium Edition just make sure you download the right drivers.

Opening Lotus Word Pro files

My wife had a load of old stories she wrote in Lotus word pro in the late 90's. She had them on a floppy disk and never thought she would see them again. After getting them off the floppy I used a Windows 2000 virtual machine and got a free tool called Lotus KeyView. I could not get it to run in Windows 10.

Image of Lotus Key View

Lotus KeyView was official Lotus software and allows you to open Lotus Word Pro files and copy and pate them into other programmes in my case Word as well as print them. You can download it here:

Nespresso Machine Service Manuals

When buying most things I always like to hold a repair / service manual. I thought some of these manuals may be useful for others so have included them here as it took a lot of googling to find them. Most my family have nespresso machines which is why there are different models below. Hope they are useful.

Krups Cube Nespresso Service Manual

Nespresso U (C and D models) Service Manual

Nespresso Pixie Service Manual

Delonghi Lattissima Plus Service Manual

Quick Tip - Tomato - Creating a Guest Wifi Network

Creating a guest wifi in Tomato is easy. Just follow these screen shots: To begin:

  1. Login to the Tomato Control Panel
  2. Click Network under basic settings and add a new lan connection as the screen shot shows:
    tomato lan
  1. Go to VLAN under advanced and create a new one linking it to the new LAN. You will have to restart the router after this operation.

Tomato vlan

  1. Add a new virtual wifi interface

tomato wifi

Job done!