Sophos Not Retrieving new ide's

Julian Field mailscanner at
Fri Feb 28 14:42:00 GMT 2003

Have you got a
If so, please
         cd /usr/lib/MailScanner
         mv sophos-wrapper.rpmnew sophos-wrapper

For some reason your current sophos-wrapper isn't the version that handles
the "-IsItInstalled" command-line switch. I mentioned this on the downloads
page, and there's even a little script there to do all the relevant
renaming for you.

At 14:23 28/02/2003, you wrote:
>My Cron log shows the following entry every hour.
>This seems to be the only entry referring to cron.hourly.
>*******start of cron entry*********
>Feb 28 09:01:00 ctmail CROND[1498]: (root) CMD (run-parts /etc/cron.hourly)
>*******end of cron entry**********
>I looked in /etc/cron.hourly and there are 2 scripts:
>I also get an email from the Cron Daemon every hour which is pasted below.
>I appologize for the large post guys.
>Again, the ide's are now up to date as I had run the autoupdate script
>manually this morning.
>*********start of pasted email**********
>SWEEP virus detection utility
>Version 3.66, February 2003 [Linux/Intel]
>Includes detection for 79566 viruses, trojans and worms
>Copyright (c) 1989,2003 Sophos Plc, <>
>System time 09:01:01, System date 28 February 2003
>Command line qualifiers are: -IsItInstalled
>IDE directory is: /usr/local/Sophos/ide
>Using IDE file van-a.ide
>Using IDE file aro-a.ide
>Using IDE file lovgated.ide
>Using IDE file oror-r.ide
>Using IDE file ekiam-a.ide
>Using IDE file lovgatea.ide
>Using IDE file lovgateb.ide
>Using IDE file gibe-d.ide
>Using IDE file axam-a.ide
>Using IDE file cian-c.ide
>Using IDE file igloo15.ide
>Using IDE file tkbot-a.ide
>Using IDE file seeker-c.ide
>Using IDE file dload-bo.ide
>Using IDE file manife-a.ide
>Using IDE file slanreta.ide
>Using IDE file sadhound.ide
>Using IDE file netspree.ide
>Using IDE file opaservl.ide
>Using IDE file ororfam.ide
>Using IDE file sahay-a.ide
>Using IDE file oror-l.ide
>Using IDE file opaservj.ide
>Using IDE file moon-b.ide
>Using IDE file replog-f.ide
>Using IDE file sobig-a.ide
>Using IDE file avril-b.ide
>Invalid option '-IsItInstalled'
>The following options may be prefixed with 'n' to invert their meaning
>(for example, '-nsc' is the inverse of '-sc'). [*] indicates the option
>is the default:
>   -sc     [*] : SWEEP inside dynamically compressed executables
>   -f      [ ] : Full SWEEP
>   -di     [ ] : Disinfect infected items
>   -s      [*] : Run silently (do not list files swept)
>   -c      [*] : Ask for confirmation before disinfection/deletion
>   -b      [*] : Sound bell on virus detection
>   -all    [ ] : SWEEP all files
>   -rec    [*] : Do recursive SWEEP
>   -remove [ ] : Remove infected objects
>   -dn     [ ] : Display names of files as they are scanned
>   -ss     [ ] : Don't display anything except on error or virus
>   -eec    [ ] : Use extended error codes
>   -ext=XXX,.. : Specify additional extensions to SWEEP
>   -p=<file>   : Write to logfile <file>
>   -v          : Display complete version information and exit
>   -h          : Display this help and exit
>The following options are related to archives and other special file types:
>   -zip      [ ] : SWEEP inside ZIP archives
>   -gzip     [ ] : SWEEP inside GZIP compressed files
>   -arj      [ ] : SWEEP inside ARJ archives
>   -cmz      [ ] : SWEEP inside Unix-compressed files
>   -tar      [ ] : SWEEP inside TAR archives
>   -rar      [ ] : SWEEP inside RAR archives
>   -cab      [ ] : SWEEP inside Microsoft Cabinet files
>   -archive  [ ] : All of the above
>   -loopback [ ] : SWEEP inside loopback-type files
>   -tnef     [ ] : SWEEP inside TNEF files
>The following options may be prefixed with 'no-' to invert their meaning
>(for example, '--no-reset-atime' is the inverse of '--reset-atime'.  [*]
>indicates the option is the default:
>   --reset-atime          [*] : Reset file access time after SWEEPing
>The following options are Unix-specific, and may be prefixed with 'no-'
>to invert their meaning (for example, '--no-follow-symlinks' is the
>inverse of '--follow-symlinks'). [*] indicates the option is the default:
>   --follow-symlinks      [*] : SWEEP the object pointed to by symbolic links
>   --stay-on-filesystem   [ ] : Attempt not to leave the starting filesystem
>                                (i.e. do not traverse mount points)
>   --stay-on-machine      [*] : Attempt not to leave the starting machine
>                                (i.e. do not traverse remote mount points)
>   --skip-special         [*] : Do not scan 'special' objects (/dev, /proc,
>                                /devices etc.)
>   --backtrack-protection [*] : Prevent repetition of work ('backtracking')
>                                due to symbolic links
>   --preserve-backtrack   [*] : Preserve the backtracking information for
>                                the duration of this run
>   --examine-x-bit        [ ] : Check files with an execute bit set
>   --show-file-details    [ ] : Show file ownership and permissions when
>                                displaying filenames
>   --quarantine           [ ] : (Simple form of --quarantine option)
>                                If file is infected with virus, attempt to
>                                change file owner to user running SWEEP, and
>                                permissions to -r-------- (0400)
>   --quarantine:<uid=nnn>,<user=username>,
>                <gid=nnn>,<group=groupname>,<mode=ppp>
>                          [ ] : (Detailed form of --quarantine option)
>                                If file is infected with virus, attempt to
>                                change file ownership, group ownership, and
>                                permissions to those specified as
>                                uid/username, gid/groupname, and mode.
>   --args-file=<file>         : Read command line arguments (both options and
>                                directory/filenames) from file, taking
>                                arguments from the command line again when
>                                the end of the file is reached. A value of -
>                                for <file> specifies taking input from stdin.
>                                A small number of command line options may
>                                not be used within an args file, namely:-
>                                -eec, -neec, -p=, -s, -ns, -dn, -ndn.
>                                These can only be specified from the command
>                                line.
>The following options are specific to Linux and FreeBSD only.
>   -mbr      [ ] : SWEEP master boot records on all (physical) hard disks
>   -bs=X,... [ ] : SWEEP boot sector of each drive listed
>   -bs       [ ] : SWEEP boot sectors on all (logical) drives
>You need to have superuser rights in order to scan boot sectors.
>********end of pasted email**********
>Steve Evans wrote:
>>What do your logs tell you?  Does it show the Sophos update script being
>>run at all?
>>Steve Evans
>>SDSU Foundation
>>(619) 594-0653
>>-----Original Message-----
>>From: Ryan Pitt [<mailto:ryan at MARINOCRANE.COM>mailto:ryan at MARINOCRANE.COM]
>>Sent: Friday, February 28, 2003 5:43 AM
>>The autoupdate feature for Sophos does not seem to be working for me.
>>It appears to me that the sophos-autoupdate script is not being run at
>>any specific interval.
>>I updated MailScanner and Sophos 3 days ago.  The ide's had not been
>>updated for those 3 days until I ran the autoupdate script manually this
>>Please could someone tell me where this script is supposed to be called
>>from and what to look for?
>>My setup is:
>>RH 7.2
>>MailScanner 4.12-2
>>Sophos 3.66
>>Thank you
>>Ryan Pitt
>This message has been scanned for viruses and dangerous content by
>and is believed to be clean.

Julian Field
MailScanner thanks transtec Computers for their support
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list