Latest Sophos: possible problem with missing symbol in library

Mike Brudenell pmb1 at york.ac.uk
Tue Aug 28 10:33:57 IST 2007 

Greetings -

A colleague just sent me a security advisory about Sophos Anti-Virus  
and how until the very latest release a few days ago it had an issue  
that could allow a remote DoS attack on your server:

     http://www.sophos.com/support/knowledgebase/article/28407.html

So I decided to use MajorSophos to upgrade our Sophos installation  
for MailScanner on our Solaris 10 boxes a bit earlier than usual.   
This seemed to go OK and left us with:

     Current Sophos version information follows:
     Product version : 4.21.0 Released : 03 September 2007

However MailScanner is refusing to start its children up.  Running in  
debug mode shows these errors:

In Debugging mode, not forking...
Can't load '/opt/york/lib/perl5/site_perl/5.8.0/sun4-solaris/auto/ 
SAVI/SAVI.so' for module SAVI: ld.so.1: /opt/york/bin/perl: fatal:  
relocation error: file /opt/york/lib/perl5/site_perl/5.8.0/sun4- 
solaris/auto/SAVI/SAVI.so: symbol SOPHOS_CLSID_SAVI2: referenced  
symbol not found at /opt/york/lib/perl5/5.8.0/sun4-solaris/ 
DynaLoader.pm line 229.
at /opt/york/MailScanner/lib/MailScanner/SweepViruses.pm line 431
Compilation failed in require at /opt/york/MailScanner/lib/ 
MailScanner/SweepViruses.pm line 431.

I tried upgrading the SAVI.pm Perl module but that wouldn't install  
either, failing its test suite for the same problem.

Googling has revealed that the SOPHOS_CLSID_SAVI2 symbol has gone  
AWOL from the Sophos libraries before, back in 2002-ish:

     http://www.vanja.com/listarc/vtools/2002-November/000909.html

One of the articles in the above conversation suggested using nm to  
check the libsavi.so file for the symbol.

On a server still running the un-upgraded Sophos I see:

     % nm -D libsavi.so | fgrep -i CLSID
     [37]    |   2256560|      16|OBJT |GLOB |0    |14     | 
SOPHOS_CLSID_SAVI2
     %

but on the system with the upgraded Sophos I instead get:

     % nm -D /opt/york/Sophos/lib/libsavi.so | fgrep CLSID
     %

So it looks like it may indeed be missing: a problem that may cause  
the very latest Sophos not to work with the SAVI.pm module.  Is  
anyone else seeing this?
(And if you haven't upgraded Sophos yet, be careful if you try it!)

Cheers,
Mike B-}

-- 
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

More information about the MailScanner mailing list