Sophos first impressions

Julian Field mailscanner at
Wed Jan 22 16:49:17 GMT 2003

At 15:37 22/01/2003, you wrote:
>The problem I experience, which is indicated below, is if I run the sweep
>program manually on the command line and try to scan several files that I
>know have viruses in them.  Sweep comes back always indicating that there
>are no viruses in the files.  However, sending the same files through email
>so that sweep can be ran against them via MailScanner works just fine.  I
>even went as far as taking the command line arguments that MailScanner uses
>to run sweep and did that myself, and it still doesn't help any.  Maybe I
>need to set some environment variables or something... in any the case,
>MailScanner obviously knows how to do the scanning better than I do :-)

Try using "sophos-wrapper" instead of just "sweep" for starters. And also
MailScanner adds a whole bunch of command-line arguments that make sure it
checks everything.

>One other thing to point out... If I put a bunch of viruses in the same
>directory and also include the various EICAR testing files, sweep does
>indeed report the EICAR files as containing the EICAR virus, but reports
>that none of the other files has any viruses.

That's probably because it is not finding its virus data library files.

>It is obvious from reading the Sophos documentation that the way they
>want it to be installed is nothing close to the way MailScanner wants it
>to be installed.

Take a look at the sophos-wrapper script, and you will see what it sets up.

>I haven't called Sophos about it yet, and I do know
>that they primarily use MailScanner for their testing of virus scanning
>in emails

Do they now? What about their new MailMonitor product? They became a lot
less friendly to MailScanner after they launched MailMonitor, I don't think
the bosses liked staff recommending their competition.

>--On Wednesday, January 22, 2003 3:07 PM +0000 "Spicer, Kevin"
><Kevin.Spicer at BMRB.CO.UK> wrote:
>>>The current discussion on virus scanners made me want to try
>>>Sophos.  So
>>>I went to and downloaded an evaluation version of their
>>>antivirus software for Linux.
>>>When the installation came I had to peek at sophos-autoupdate to see
>>>that I needed to install it this way:
>>>./ -d /usr/local/Sophos -s ide -ni -v
>>>I then ran sophos-autoupdate but it complained that it
>>>couldn't get the
>>>version.  I then realized that the autoupdate script looks
>>>into the lib
>>>directory for its vdl files that I installed into the ide directory.
>>>I modified sophos-autoupdate to point it to the right
>>>directory for the
>>>vdl files and all worked OK.
>>You don't need to modify anything but you should have installed Sophos
>>using the script supplied with MailScanner - undo the changes you made
>>and remove your existing Sophos install.  then follow the instructions
>>BMRB International
>>+44 (0)20 8566 5000
>>This message (and any attachment) is intended only for the
>>recipient and may contain confidential and/or privileged
>>material.  If you have received this in error, please contact the
>>sender and delete this message immediately.  Disclosure, copying
>>or other action taken in respect of this email or in
>>reliance on it is prohibited.  BMRB International Limited
>>accepts no liability in relation to any personal emails, or
>>content of any email which does not directly relate to our
>      Scott W. Adkins      
>   UNIX Systems Engineer                  mailto:adkinss at
>        ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
>     PGP Public Key available at

Julian Field
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list