Home > Mac administration, Mac OS X, Packaging, Scripting, Sophos > Deploying Sophos Anti-Virus for Mac OS X 9.x

Deploying Sophos Anti-Virus for Mac OS X 9.x

For the past few major releases, Sophos used a standard installer package to install both their free and paid antivirus solution. With the release of Sophos Anti-Virus 9.x though, Sophos changed how their antivirus solution for Macs was installed by switching to using an application to install it. For their customers using Sophos Enterprise Console, Sophos will still provide a installer metapackage, but all other customers now need to use the application to install Sophos Anti-Virus 9.x on Macs.

Screen Shot 2014-02-20 at 1.40.31 PM

Curiously, Sophos went to some lengths to make their install application look like a standard installer package.

Screen Shot 2014-02-20 at 1.44.33 PM

Screen Shot 2014-02-20 at 1.46.25 PM

This extended to the point of naming the actual application as Installer, which is the same name as Apple’s Installer.

Screen Shot 2014-02-20 at 1.45.41 PM

Screen Shot 2014-02-20 at 1.47.37 PM

This switch away from using installer packages was a problem for Mac admins who wanted to deploy Sophos 9.x, but did not have Sophos’ enterprise console. After doing some research and reading a very helpful thread on JAMF Nation, it looks like it is possible to repackage Sophos 9.x for deployment. For more details, see below the jump.

Sophos’ application can be run from the command line using the InstallationDeployer tool, which includes both install and remove switches. Here’s how to install and uninstall Sophos 9.x using the free Sophos Home Edition installer application:


/path/to/Sophos\ Anti-Virus\ Home\ Edition.app/Contents/MacOS/InstallationDeployer --install


/Library/Application\ Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer --remove

With these commands, it’s possible to add the Sophos install application to an installer package and run the needed command(s) as a postinstall script.

Once I had this information and understood what was going on, here’s how I repackaged Sophos Anti-Virus Home Edition 9.x so that it could be deployed via an installer package.



The Sophos 9.x install application

1. Set up a new Packages project and select Raw Package.

Screen Shot 2014-02-20 at 2.07.07 PM

2. In this case, I’m naming the project Sophos Anti-Virus 9.0.7

Screen Shot 2014-02-20 at 2.07.28 PM

3. Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4 – Configuring a project.)

In this example, I’m not changing any of the options from what is set by default.

Screen Shot 2014-02-20 at 2.07.44 PM

4. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown.

To accomplish this, I’m choosing the following options in the Settings section:

In the Post-Installation Behavior section, set On Success: to Do Nothing

In the Options section, check the box for Require admin password for installation.

Screen Shot 2014-02-20 at 2.08.26 PM

5. Click on the Scripts tab in your Packages project.

Screen Shot 2014-02-20 at 3.13.44 PM

6. Select the Sophos install application and drag it into the Additional Resources section of your Packages project.

Screen Shot 2014-02-20 at 2.19.36 PM

7. The last piece is telling the Sophos install application to run. For this, you’ll need a postinstall script. Here’s the one I’m using:


# Determine working directory
install_dir=`dirname $0`

# Uninstall existing copy of Sophos 8.x by checking for the
# Sophos Antivirus uninstaller package in /Library/Sophos Anti-Virus.
# If present, the uninstallation process is run.
if [ -d "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
     ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
     /usr/sbin/installer -pkg "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /
elif [ -d "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
     ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
     /usr/sbin/installer -pkg "/Library/Application Support/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /    
   ${LOGGER} "Sophos Anti-Virus 8.x Uninstaller Not Present"

# Uninstall existing copy of Sophos 9.x by checking for the InstallationDeployer application
# in /Library/Application Support/Sophos/he/Installer.app/Contents/MacOS. If present, the 
# uninstallation process is run.

if [[ -f "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" ]]; then
   ${LOGGER} "Sophos AV present on Mac. Uninstalling before installing new copy."
   "/Library/Application Support/Sophos/he/Installer.app/Contents/MacOS/InstallationDeployer" --remove
   ${LOGGER} "Sophos Anti-Virus 9.x Uninstaller Not Present"

# Install Sophos Anti-Virus 9.x 

$install_dir/"Sophos Anti-Virus Home Edition.app/Contents/MacOS/InstallationDeployer" --install
exit 0

8. Once you’ve got the postinstall script built, run the following command to make the script executable:

sudo chmod a+x /path/to/postinstall

9. Once completed, add the postinstall script to your Packages project.

Screen Shot 2014-02-20 at 2.38.12 PM

10. Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3 – Creating a raw package project and Chapter 10 – Building a project.)

Testing the installer

Once the package has been built, test it by taking it to a test machine that does not have Sophos and install it. The end result should be that Sophos Anti-Virus installs properly.

Note: If you’re installing the free Home Edition, it should be fully configured on installation and set to communicate back to Sophos for antivirus updates. If you’re installing a customized installer that communicates to an internal server for updates, you may need to do some configuration to point it to your internal server. Sophos has a KBase article on how to do this available here.

  1. cashxx
    February 21, 2014 at 3:25 pm

    If this was the home edition being pushed out that would be breaking licensing wouldn’t it? Home Edition is for single use only I believe.

    • February 21, 2014 at 3:59 pm

      I used Home Edition in this example because it was free and I could test it easily. I would not recommed using Home Edition at a business because that’s not what it’s meant for.

      It appears that the governing EULA here is Sophos’ End User License Agreement for Consumers:


      The relevant section is this one:



      3.1 LICENSE TERM. This End-User License Agreement starts when you download the Licensed Product and shall continue until terminated as provided in Clause 9 below.

      Your obligations under this End-User License Agreement in respect of the intellectual property and confidential information of Sophos shall survive any expiry or termination of this End-User License Agreement.

      3.2 RIGHTS. We grant to you a non-exclusive right to:

      3.2.1 use the Licensed Product, subject to the terms and conditions contained within this End-User License Agreement, for your own non commercial purposes (the “Purpose”);

      3.2.2 install, use, access, display and run one copy of the Licensed Product on a single computer, such as a workstation, terminal or other device;

      3.2.3 except as provided in Clause 3.2.4 below, which relates only to the Documentation, make one copy of the Licensed Product or any part thereof for backup purposes provided that you reproduce our proprietary notices on any such backup copy of the Licensed Product. Such restriction shall not prevent you from backing up or archiving your data; and/or

      3.2.4 use, copy or reproduce in whole or in part the Documentation for the purposes specifically permitted by this End-User License Agreement only.

  2. March 3, 2014 at 6:04 pm

    Oh man thanks very useful!! Now I can deploy our sophos client with munki 😀

  3. Tim Kimpton
    April 1, 2014 at 8:26 am

    Also home edition is no good for your SEC because there is no RMS!

  4. July 16, 2014 at 2:44 pm

    Thanks for sharing this! We’ve been long awaiting a clean way to install our standalone with munki.
    We are, however, having trouble with the “`dirname $0`” line. The script fails with something like “dirname usage” error within the install.log. Seems like it’s a syntax thing, but we’ve not been able to find the magic string. Any thoughts?

    • July 16, 2014 at 3:04 pm


      Would you please post the log somewhere, along with the script you’re using (even if it’s identical to the one in this post)? I want to take a look at both to see where the issue is coming in.

      Also, my script was written for Sophos Home Edition. Are you using Sophos Home, Enterprise or Cloud?

  5. Tim Kimpton
    August 29, 2014 at 6:30 am

    Enterprise. I spoke with Sophos tech support at the time and they confirmed, in an Enterprise it would not work because the Home Edition does not have RMS.

    The script is great for Home Edition. But the Home Edition will never ever talk to SEC!

  6. Tim Kimpton
    August 30, 2014 at 2:36 pm

    It seems it is not possible to create an install using the official Enterprise Sophos Version 9 installer mpkg with the preconfigured auto updated details.

    Only way is to create a stand alone installer, but then that doesn’t have RMS and so its not going to work properly in the Enterprise because the clients will not talk to the SEC.

    Sophos really screwed up big time for SAV in the Enterprise for the Macss 😦

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: