Fwd: Sophos Error message
Julian Field
MailScanner at ecs.soton.ac.uk
Mon Mar 3 17:53:07 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Sapsed wrote:
> Isn't it bad form replying to your own messages??
>
> Martin Sapsed wrote:
>> We've got the same problem using solaris.sparc.tar.Z (V4.27) and
>> rolled back to 4.26 to make it go away. I'm guessing from Howard's
>> tar file that he's also using a pre-V6 version.
>>
>> I suspect that something subtle has changed between 4.26 and 4.27 on
>> Unix, which is tripping up SAVI?
>>
>> Anyone else still using V4 on *ix?
>
> Just noticed this in the release notes for 4.27 - might this have
> anything to do with it?
>
> * Additional threat data file
>
> The threat data contains an additional threat data file, sus01.vdb.
> This
> file contains data about suspicious files.
>
> If you install using install.sh, this file is installed
> automatically as
> part of the threat data. However, if you use your own installation
> procedure
> (for example, if you use SAV Interface), you must ensure that you
> install
> the file to the same location as the rest of the threat data. (The
> default
> location is /usr/local/sav.)
>
> In future, threat data may include additional threat data files
> (including
> suspicious threat data). Therefore, Sophos recommends that custom
> installation is changed to treat all files of the form
> [a-z]*[0-9]*.vdb as
> threat data and install them appropriately.
>
> Ah-hah!
>
> The sus01.vdb file is in /usr/local/Sophos/lib along with the rest of
> the .vdb's but isn't symlinked across to the ide folder which is
> created with a date stamp. Looks like the bit of sophos-autoupdate
> which currently symlinks vdl*.vdb needs amending to suit the options
> above? Unfortunately I never got around to learning perl or I'd
> suggest something...
>
> Regards,
>
> Martin
>
I have improved sophos-autoupdate so that it links across the sus files
as well as the vdl files.
It will be in the next release (due tomorrow).
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.1 (Build 2523)
Comment: Use Thunderbird Enigmail to verify this message
Charset: ISO-8859-1
wj8DBQFHzDsFEfZZRxQVtlQRAlC3AKDjSjrbSB4jszA9GPrvtTRvwm8tfgCeK88s
S/n/vbLMtAQqKsY0t0xH4Vc=
=XI2y
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list