Sophos first impressions

Julian Field mailscanner at ecs.soton.ac.uk
Wed Jan 22 16:49:17 GMT 2003 

At 15:37 22/01/2003, you wrote:
>The problem I experience, which is indicated below, is if I run the sweep
>program manually on the command line and try to scan several files that I
>know have viruses in them.  Sweep comes back always indicating that there
>are no viruses in the files.  However, sending the same files through email
>so that sweep can be ran against them via MailScanner works just fine.  I
>even went as far as taking the command line arguments that MailScanner uses
>to run sweep and did that myself, and it still doesn't help any.  Maybe I
>need to set some environment variables or something... in any the case,
>MailScanner obviously knows how to do the scanning better than I do :-)

Try using "sophos-wrapper" instead of just "sweep" for starters. And also
MailScanner adds a whole bunch of command-line arguments that make sure it
checks everything.

>One other thing to point out... If I put a bunch of viruses in the same
>directory and also include the various EICAR testing files, sweep does
>indeed report the EICAR files as containing the EICAR virus, but reports
>that none of the other files has any viruses.

That's probably because it is not finding its virus data library files.

>It is obvious from reading the Sophos documentation that the way they
>want it to be installed is nothing close to the way MailScanner wants it
>to be installed.

Take a look at the sophos-wrapper script, and you will see what it sets up.

>I haven't called Sophos about it yet, and I do know
>that they primarily use MailScanner for their testing of virus scanning
>in emails

Do they now? What about their new MailMonitor product? They became a lot
less friendly to MailScanner after they launched MailMonitor, I don't think
the bosses liked staff recommending their competition.

>--On Wednesday, January 22, 2003 3:07 PM +0000 "Spicer, Kevin"
><Kevin.Spicer at BMRB.CO.UK> wrote:
>
>>>
>>>The current discussion on virus scanners made me want to try
>>>Sophos.  So
>>>I went to www.sophos.com and downloaded an evaluation version of their
>>>antivirus software for Linux.
>>>
>>>When the installation came I had to peek at sophos-autoupdate to see
>>>that I needed to install it this way:
>>>./install.sh -d /usr/local/Sophos -s ide -ni -v
>>>
>>>I then ran sophos-autoupdate but it complained that it
>>>couldn't get the
>>>version.  I then realized that the autoupdate script looks
>>>into the lib
>>>directory for its vdl files that I installed into the ide directory.
>>>
>>>I modified sophos-autoupdate to point it to the right
>>>directory for the
>>>vdl files and all worked OK.
>>
>>You don't need to modify anything but you should have installed Sophos
>>using the script supplied with MailScanner - undo the changes you made
>>and remove your existing Sophos install.  then follow the instructions
>>here...
>>http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml#sophos
>>
>>
>>
>>BMRB International
>>http://www.bmrb.co.uk
>>+44 (0)20 8566 5000
>>_________________________________________________________________
>>This message (and any attachment) is intended only for the
>>recipient and may contain confidential and/or privileged
>>material.  If you have received this in error, please contact the
>>sender and delete this message immediately.  Disclosure, copying
>>or other action taken in respect of this email or in
>>reliance on it is prohibited.  BMRB International Limited
>>accepts no liability in relation to any personal emails, or
>>content of any email which does not directly relate to our
>>business.
>
>
>--
>+-----------------------------------------------------------------------+
>      Scott W. Adkins                http://www.cns.ohiou.edu/~sadkins/
>   UNIX Systems Engineer                  mailto:adkinss at ohio.edu
>        ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
>+-----------------------------------------------------------------------+
>     PGP Public Key available at
> http://www.cns.ohiou.edu/~sadkins/pgp/</x-flowed>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list