Fwd: Sophos Error message

Jeffrey Goh jeff at lightspeed.com.sg
Mon Mar 10 14:11:34 GMT 2008 

Hmm. I managed to fix this by changing the sophos-autoupdate in mailscanner to include sus??.vdb.
I'm still using the 4.xx SAVI files, which are a lot smaller (16 vs 96MB), since I only run mailscanner/SAVI on these machines.

My mods in green. The code's not real elegant, IMHO, but my perl's a little rusty, so I took the easy way out, and simply copied
the two lines above.

# Add the new vdl*.vdb files if they are there
foreach $number (1..99) {
  $string = "vdl" . sprintf("%02d", $number) . ".vdb";
  symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string";
*  $string = "sus" . sprintf("%02d", $number) . ".vdb";
  symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string";*
}

>From the sav-install/README.TXT

    * Using and updating threat data

    Threat data consists of the files vdl.dat, vdl??.vdb, *sus??.vdb*,
    and *.ide.

    The file vdl.dat is the main threat data file, which is updated monthly.
    This file is complemented by additional files vdl??.* (which contain
    further
    threat data) and other additional files sus??.* (which contain data
    about
    suspicious files). All these files are stored in the directory
    specified by
    the option "SAV virus data directory" in the file /etc/sav.conf. By
    default,
    the directory is /usr/local/sav.

    vdl.dat is actually a symlink to the file vdl.4.xx in the same
    directory.

    For major threat alerts, the threat data has to be updated in between
    monthly releases of vdl.dat. In that case, IDE files are issued,
    containing
    additional threat identities. These must be stored in the same
    directory as
    vdl.dat.

Cheerio,
- jeff

===
I failed to get to the bottom of this one and re-cloned the machine, as 
it was faster to do :-)
Check your /etc/ld.so.conf and hose /opt/sophos-av, 
/usr/local/lib/libsav*, /etc/sav* for starters, then reinstall the 
latest version of version 6.
Make sure you haven't got any sav processes running.
service sav-protect stop
service sav-web stop
service sav-rms stop
chkconfig --del sav-web
chkconfig --del sav-protect
chkconfig --del sav-rms
Delete all /usr/local/Sophos* files. Do an "ldconfig" to flush the lib 
cache. Delete /usr/local/bin/savscanm and /usr/bin/savscan.

Once you've deleted all the old one and reinstalled the new one, try 
"savscan" on a file or two first to see if that works. If it does, then 
rebuild perl-SAVI as well.

Good luck!

Howard Robinson wrote:
>/ Hello again
/>/ I am still having problems with the error below.
/>/ I have had a good look at the web and it seems that it would be better to uninstall Sophos then start again.
/>/ Is there a recommended way of doing this with out it having a knock on effect with MailScanner?
/>/
/>/
/>/   
/>>>>/ "Howard Robinson" <Howard at harper-adams.ac.uk <http://lists.mailscanner.info/mailman/listinfo/mailscanner>> 22/02/2008 16:59 >>>
/>>>>/         
/>/ Dear list
/>/ I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's routine /usr/sbin/Sophos.install
/>/
/>/ It appeared to run through okay but seemed fast!
/>/ Anyway on restarting MailScanner I get the following in the Maillog and emails refused to move in or out.
/>/
/>/ "SophosSAVI ERROR:: getting version: One of the files in a split-virus data set could not be located (557)"
/>/
/>/ Any ideas
/>/  I had a quick look at WIKI but nothing appeared  to be relevant .
/>/
/>/ In the end I had to rem out sophos from list of virus scanners used to get email flowing again. Two others are still there and so we are not unprotected but I like Sophos and usually it updates ok 
/>/
/>/ Any help appreciated.
/>/
/>/ Thanks
/>/ Howard Robinson,
/>/ (Senior Technical Development Officer),
/>/ Harper Adams University College,
/>/ Edgmond,
/>/ Newport,
/>/ Shropshire ,
/>/ TF10 8NB.
/>/
/>/ Tel. Direct 01952 815253
/>/ Tel. Switch Board 01952 820280
/>/ Fax 01952 814783
/>/ Email hrobinson at harper-adams.ac.uk <http://lists.mailscanner.info/mailman/listinfo/mailscanner> 
/>/ Web www.harper-adams.ac.uk 
/>/
/>/
/>/ --
/>/ MailScanner mailing list
/>/ mailscanner at lists.mailscanner.info <http://lists.mailscanner.info/mailman/listinfo/mailscanner> 
/>/ http://lists.mailscanner.info/mailman/listinfo/mailscanner 
/>/
/>/ Before posting, read http://wiki.mailscanner.info/posting 
/>/
/>/ Support MailScanner development - buy the book off the website!
/>/
/>/   
/
Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/cbcc02e4/attachment.html

More information about the MailScanner mailing list