Sophos first impressions

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Wed Jan 22 15:02:46 GMT 2003


The current discussion on virus scanners made me want to try Sophos.  So
I went to and downloaded an evaluation version of their
antivirus software for Linux.

When the installation came I had to peek at sophos-autoupdate to see
that I needed to install it this way:
./ -d /usr/local/Sophos -s ide -ni -v

I then ran sophos-autoupdate but it complained that it couldn't get the
version.  I then realized that the autoupdate script looks into the lib
directory for its vdl files that I installed into the ide directory.

I modified sophos-autoupdate to point it to the right directory for the
vdl files and all worked OK.

I then tried to run it on some files in my quarantine directory and it
said that no files were infected:
/usr/lib/MailScanner/sophos-wrapper */*
SWEEP virus detection utility
Version 3.65, January 2003 [Linux/Intel]
Includes detection for 79017 viruses, trojans and worms
Copyright (c) 1989,2003 Sophos Plc,

System time 09:36:31, System date 22 January 2003

Quick Sweeping

5 files swept in 0 seconds.
No viruses were discovered.
End of Sweep.

This is strange because McAfee says otherwise:
uvscan */*
        Found the W32/Yaha.k virus !!!
        Found the W32/Yaha.k virus !!!

Did I do something wrong with the installation?  I also tried to unzip in the ide directory but it still didn't find any
virus in my test files.

I tested some other files and Sophos seems to detect Yaha.e but not

>>> Virus 'W32/Klez-H' found in file courrier/20030122/h0M6eL810031/height.scr
>>> Virus 'W32/Yaha-E' found in file courrier/20030122/h0M7DW814236/screensaverforu.scr

Is Sophos really good or is it lagging in virus definition?

Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list