More problems with Sophos SAVI (fixed)

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Wed May 21 13:25:14 IST 2003 

Julian et al

I have identified and fixed the problem. It appears that I modified
"sophoswrapper" a month or two ago when the IDE file structure changed.
Although not apparent at the time it caused "sweep" to revert to
searching the old format databases/files and this meant that later IDE
files such as "palyh-a.ide" were never used. It was still identifying
"older" viruses such as Yaha and the EICAR test virus.

Reverting back to the distributed "sophoswrapper" script and installing
and running MS-4.20-3 "sophos-autoupdate" has fixed the problem.   

It appears that we do not need libsavi.so in /usr/local/Sophos/lib as we
already have libsavi.so.3 in there (linked to the current version of
libsavi.3.*)? 

Quentin
---
PHONE: +44 191 222 8209    Computing Service, University of Newcastle
FAX:   +44 191 222 8765    Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

> -----Original Message-----
> From: Julian Field [mailto:mailscanner at ecs.soton.ac.uk] 
> Sent: 20 May 2003 19:31
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: More problems with Sophos SAVI
> 
> 
> At 16:52 20/05/2003, you wrote:
> >We run MS with both Sophos SAVI and McAfee UVSCAN. However I notice 
> >that for many days now  Sophos does not appear to finding _any_ 
> >viruses. We were running with SAVI 3.68 which I updated to 
> 3.69 today 
> >but with no improvement.
> 
> Check your Sophos/lib directory for a libsavi.so link to 
> libsavi.so.3. sophossavi won't work without it. I might need 
> to add that to the Sophos.install script.
> 
> 
> >A test of "sophoswrapper" on a file containing the EICAR test virus 
> >shows that the new version of "sweep" is working OK.
> >
> >We are running MS 4.10-1.
> >
> >Any hints as to how I might debug the MS + Sophos setup would be 
> >welcome.
> >
> >Quentin
> >---
> >PHONE: +44 191 222 8209    Computing Service, University of Newcastle
> >FAX:   +44 191 222 8765    Newcastle upon Tyne, United 
> Kingdom, NE1 7RU.
> >-------------------------------------------------------------
> ----------
> >-
> >"Any opinion expressed above is mine. The University can get 
> its own."
> 
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz 
> MailScanner thanks transtec Computers for their support
>

More information about the MailScanner mailing list