Sophos first impressions

Scott Adkins adkinss at OHIO.EDU
Wed Jan 22 15:37:09 GMT 2003 

I disagree with the answer that was given... I too have a similar problem,
though, the autoupdate script seems to work fine for me... I can see new
IDE files getting downloaded regularly.

The problem I experience, which is indicated below, is if I run the sweep
program manually on the command line and try to scan several files that I
know have viruses in them.  Sweep comes back always indicating that there
are no viruses in the files.  However, sending the same files through email
so that sweep can be ran against them via MailScanner works just fine.  I
even went as far as taking the command line arguments that MailScanner uses
to run sweep and did that myself, and it still doesn't help any.  Maybe I
need to set some environment variables or something... in any the case,
MailScanner obviously knows how to do the scanning better than I do :-)

One other thing to point out... If I put a bunch of viruses in the same
directory and also include the various EICAR testing files, sweep does
indeed report the EICAR files as containing the EICAR virus, but reports
that none of the other files has any viruses.

Trussing the sweep process does show a couple things, such as that it is
looking for the IDE files in a /usr/local/sav directory, but doesn't find
them.  I thought that maybe this was why it couldn't find any viruses.
Symbolically linking /usr/local/sav to /usr/local/Sophos/sav did not help
me any, so I am going to look at other options.

It is obvious from reading the Sophos documentation that the way they
want it to be installed is nothing close to the way MailScanner wants it
to be installed.  I haven't called Sophos about it yet, and I do know
that they primarily use MailScanner for their testing of virus scanning
in emails (they didn't even really know about MimeDefang at the time we
talked to them last month, and said they would look into that one), so
they probably know what is up with the above problems...

Scott

--On Wednesday, January 22, 2003 3:07 PM +0000 "Spicer, Kevin" 
<Kevin.Spicer at BMRB.CO.UK> wrote:

>>
>> The current discussion on virus scanners made me want to try
>> Sophos.  So
>> I went to www.sophos.com and downloaded an evaluation version of their
>> antivirus software for Linux.
>>
>> When the installation came I had to peek at sophos-autoupdate to see
>> that I needed to install it this way:
>> ./install.sh -d /usr/local/Sophos -s ide -ni -v
>>
>> I then ran sophos-autoupdate but it complained that it
>> couldn't get the
>> version.  I then realized that the autoupdate script looks
>> into the lib
>> directory for its vdl files that I installed into the ide directory.
>>
>> I modified sophos-autoupdate to point it to the right
>> directory for the
>> vdl files and all worked OK.
>
> You don't need to modify anything but you should have installed Sophos
> using the script supplied with MailScanner - undo the changes you made
> and remove your existing Sophos install.  then follow the instructions
> here...
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml#sophos
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.


-- 
 +-----------------------------------------------------------------------+
      Scott W. Adkins                http://www.cns.ohiou.edu/~sadkins/
   UNIX Systems Engineer                  mailto:adkinss at ohio.edu
        ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
 +-----------------------------------------------------------------------+
     PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 231 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030122/ab923820/attachment.bin

More information about the MailScanner mailing list