Compile Auto-Protect kernel modules for Symantec AntiVirus for Linux 1.0

Article:TECH132773  |  Created: 2010-01-27  |  Updated: 2015-02-18  |  Article URL
Article Type
Technical Solution


You want to know how to compile the Auto-Protect kernel module for Symantec AntiVirus for Linux (SAVFL), and any additional steps that need to be followed.



Technical Information
This guide assumes you already have the SAV and SAVAP packages installed on your system, and are needing to compile the kernel modules for your system to enable AutoProtect for a kernel version that is not supported by the pre-compiled modules. It is also assumed that you have the ap-kernelmodule file but have not uncompressed it yet. The ap-kernelmodule file is located in the downloaded SAVFL file (Example sav-linux-1.0.10-26.tar.gz).



You must install gcc and the linux kernel source for the linux kernel you want to build the AutoProtect modules for. The table below contains what packages to install for your distribution in addition to the gcc package.

Distro Kernel Package to install Special Build Command
CentOS kernel-devel
Debian linux-headers-2.6-ARCH (see note) ./ --kernel-dir /usr/src/linux-headers-$(uname -r)
Fedora kernel-devel ./ --kernel-dir /usr/src/kernels/$(uname -r)
SuSE kernel-source ./ --kernel-dir /lib/modules/$(uname -r)/build
Open Enterprise Server kernel-source  
Redhat (and other RHEL-based releases such a CentOS, Scientific Linux, et al)
kernel-devel ./ --kernel-dir /lib/modules/$(uname -r)/build
see also TECH197524
Ubuntu <= 9.10 linux-source ./ --kernel-dir /lib/modules/$(uname -r)
Ubuntu >= 10.04 linux-source ./ --kernel-dir /usr/src/linux-headers-$(uname -r)
VMware ESX

When you use $(uname -r) in the build command, the kernel modules you build will be for the kernel you are currently running. ($(uname -r) is a variable that gets replaced by the currently running kernel version) If you are trying to build for a for a different kernel version, you will need to replace $(uname -r) with the version you want to build for. You will also need to ensure that you have the kernel source installed for the version you are trying to build for.

The packages listed in the table above will install the latest kernel source available from your repository. If you are not running the latest available kernel in your distribution, you will need to ensure that you download the same kernel source as the kernel you are running, and replace $(uname -r).

Debian does not provide a generic linux-headers package. Instead, you must download the correct architecture type by specifying it when the linux-headers are downloaded. The packages available are (as of Debian 5.0.4)

Ubuntu 10.10:
Installing linux-source on Ubuntu 10.10 does not appear to install the linux-headers as well. To remedy this, please also install the correct version of the Linux headers packages (eg. linux-headers-generic, linux-headers-generic-pae, linux-headers-server, linux-headers-virtual)

Building the modules

Note: The build will need to be done with root privileges. This guide was created using SAVFL 1.0.9, but should work with 1.0.8 and later.

  1. In the same directory as ap-kernelmodule-1.0.9-13.tar.gz, uncompress the file
    tar xvzf ap-kernelmodule-1.0.9-13.tar.gz
  2. Change into the uncompressed directory
    cd ap-kernelmodule-1.0.9-13
  3. Run the build command (if there is a special build command in the table above, use that)
  4. After the build completes, you should see "Congratulations, build was successful!", if you do not see this please review the output of the build command for any error messages. If the build was successful, continue.
  5. Change into the directory with the newly built AutoProtect kernel modules
    cd bin.ira
  6. Move the newly built AutoProtect kernel modules into the autoprotect directory
    mv * /opt/Symantec/autoprotect/
  7. Restart the autoprotect and rtvscand services
    /etc/init.d/autoprotect restart
    /etc/init.d/rtvscand restart
  8. Check that AutoProtect is enabled
    /opt/Symantec/symantec_antivirus/sav info -a


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices