For the past few major releases, Sophos used a standard installer package to install both their free and paid antivirus solution. With the release of Sophos Anti-Virus 9.x though, Sophos changed how their antivirus solution for Macs was installed by switching to using an application to install it. For their customers using Sophos Enterprise Console, Sophos will still provide a installer metapackage, but all other customers now need to use the application to install Sophos Anti-Virus 9.x on Macs.
Curiously, Sophos went to some lengths to make their install application look like a standard installer package.
This extended to the point of naming the actual application as Installer, which is the same name as Apple’s Installer.
This switch away from using installer packages was a problem for Mac admins who wanted to deploy Sophos 9.x, but did not have Sophos’ enterprise console. After doing some research and reading a very helpful thread on JAMF Nation, it looks like it is possible to repackage Sophos 9.x for deployment. For more details, see below the jump.
Sophos’ application can be run from the command line using the InstallationDeployer tool, which includes both install and remove switches. Here’s how to install and uninstall Sophos 9.x using the free Sophos Home Edition installer application:
Install:
/path/to/Sophos\ Anti-Virus\ Home\ Edition.app/Contents/MacOS/InstallationDeployer --install
Uninstall:
/Library/Application\ Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer --remove
With these commands, it’s possible to add the Sophos install application to an installer package and run the needed command(s) as a postinstall script.
Once I had this information and understood what was going on, here’s how I repackaged Sophos Anti-Virus Home Edition 9.x so that it could be deployed via an installer package.
Prerequisites:
The Sophos 9.x install application
1. Set up a new Packages project and select Raw Package.
2. In this case, I’m naming the project Sophos Anti-Virus 9.0.7
3. Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4 – Configuring a project.)
In this example, I’m not changing any of the options from what is set by default.
4. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown.
To accomplish this, I’m choosing the following options in the Settings section:
In the Post-Installation Behavior section, set On Success: to Do Nothing
In the Options section, check the box for Require admin password for installation.
5. Click on the Scripts tab in your Packages project.
6. Select the Sophos install application and drag it into the Additional Resources section of your Packages project.
7. The last piece is telling the Sophos install application to run. For this, you’ll need a postinstall script. Here’s the one I’m using:
#!/bin/bash
LOGGER="/usr/bin/logger"
# Determine working directory
install_dir=`dirname $0`
# Uninstall existing copy of Sophos 8.x by checking for the
# Sophos Antivirus uninstaller package in /Library/Sophos Anti-Virus.
# If present, the uninstallation process is run.
if [ -d "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
/usr/sbin/installer -pkg "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /
elif [ -d "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
/usr/sbin/installer -pkg "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /
else
${LOGGER} "Sophos Anti-Virus 8.x Uninstaller Not Present"
fi
# Uninstall existing copy of Sophos 9.x by checking for the InstallationDeployer application
# in /Library/Application Support/Sophos/he/Installer.app/Contents/MacOS. If present, the
# uninstallation process is run.
if [[ -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]]; then
${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
"/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" --remove
else
${LOGGER} "Sophos Anti-Virus 9.x Uninstaller Not Present"
fi
# Install Sophos Anti-Virus 9.x
$install_dir/"Sophos Anti-Virus Home Edition.app/Contents/MacOS/InstallationDeployer" --install
exit 0
8. Once you’ve got the postinstall script built, run the following command to make the script executable:
sudo chmod a+x /path/to/postinstall
9. Once completed, add the postinstall script to your Packages project.
10. Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3 – Creating a raw package project and Chapter 10 – Building a project.)
Testing the installer
Once the package has been built, test it by taking it to a test machine that does not have Sophos and install it. The end result should be that Sophos Anti-Virus installs properly.
Note: If you’re installing the free Home Edition, it should be fully configured on installation and set to communicate back to Sophos for antivirus updates. If you’re installing a customized installer that communicates to an internal server for updates, you may need to do some configuration to point it to your internal server. Sophos has a KBase article on how to do this available here.
