Fwd: Sophos Error message

Martin Sapsed m.sapsed at bangor.ac.uk
Mon Mar 3 17:15:59 GMT 2008 

Isn't it bad form replying to your own messages??

Martin Sapsed wrote:
> We've got the same problem using solaris.sparc.tar.Z (V4.27) and rolled 
> back to 4.26 to make it go away. I'm guessing from Howard's tar file 
> that he's also using a pre-V6 version.
> 
> I suspect that something subtle has changed between 4.26 and 4.27 on 
> Unix, which is tripping up SAVI?
> 
> Anyone else still using V4 on *ix?

Just noticed this in the release notes for 4.27 - might this have 
anything to do with it?

* Additional threat data file

   The threat data contains an additional threat data file, sus01.vdb. This
   file contains data about suspicious files.

   If you install using install.sh, this file is installed automatically as
   part of the threat data. However, if you use your own installation 
procedure
   (for example, if you use SAV Interface), you must ensure that you install
   the file to the same location as the rest of the threat data. (The 
default
   location is /usr/local/sav.)

   In future, threat data may include additional threat data files 
(including
   suspicious threat data). Therefore, Sophos recommends that custom
   installation is changed to treat all files of the form 
[a-z]*[0-9]*.vdb as
   threat data and install them appropriately.

Ah-hah!

The sus01.vdb file is in /usr/local/Sophos/lib along with the rest of 
the .vdb's but isn't symlinked across to the ide folder which is created 
with a date stamp. Looks like the bit of sophos-autoupdate which 
currently symlinks vdl*.vdb needs amending to suit the options above? 
Unfortunately I never got around to learning perl or I'd suggest 
something...

Regards,

Martin

-- 
Martin Sapsed
Microcomputer Support Manager
IT Services                          "Who do you say that I am?"
Bangor University                          Jesus of Nazareth


-- 
Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi,
gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig
gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y
neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar
unwaith a dilëwch y neges. Os na fwriadwyd anfon y neges atoch chi,
rhaid i chi beidio â defnyddio, cadw neu ddatgelu unrhyw wybodaeth a
gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i
hanfonodd yn unig  ac nid yw o anghenraid yn cynrychioli barn
Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu
bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu
100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn
nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract
rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa
Cyllid Prifysgol Bangor.  www.bangor.ac.uk

This email and any attachments may contain confidential material and
is solely for the use of the intended recipient(s).  If you have
received this email in error, please notify the sender immediately
and delete this email.  If you are not the intended recipient(s), you
must not use, retain or disclose any information contained in this
email.  Any views or opinions are solely those of the sender and do
not necessarily represent those of the Bangor University.
Bangor University does not guarantee that this email or
any attachments are free from viruses or 100% secure.  Unless
expressly stated in the body of the text of the email, this email is
not intended to form a binding contract - a list of authorised
signatories is available from the Bangor University Finance
Office.  www.bangor.ac.uk

More information about the MailScanner mailing list