Sophos SAVDI interface

[Eric Yiu]

On Fri, 7 Mar 2014, Stef Morrell wrote:

> Hi Eric,
>
> On 07 March 2014 01:24 Eric Yiu wrote:
>> No need.  You can update your savupd.sh to change from
>> linux.intel.libc6.glibc.2.2.tar.Z to linux.amd64.glibc.2.3.tar.Z,
>
> Yes and I have been doing that as a stopgap.
>
>> But this new of sophos v4 lib (both 32 or 64bit version) have a bug
>> of non-stop when it is fork from child.  So you need to fine tune
>> SweepViruses.pm that kill itself  and need to add "kill 15, $$" after
>> calling "SophosSAVI($subdir, $disinfect);"
>
> Two problems here:
>
> 1 - Perl-SAVI won't compile under 64-bit at all, so the only option is to use sweep, which is very inefficient.

You have to do the compile with a few tricks:

1. at sophos lib, ln -s libsavi.so.2 libsavi.so
2. export CC="gcc -m64"
3. edit Makefile.PL, add your sophos lib to LIBS, ie
     'LIBS'      => ['-L/opt/local/lib -R/opt/local/lib 
-L/opt/sophos-av/lib -lsavi'],

4. # diff sav_if/s_comput.h.old sav_if/s_comput.h
644a645
> # define __i386__

perl Makefile.PL
make
make install

There will be a few minor warning at make but that will be fine



>
> 2 - Sophos v4 on demand scanner is being retired by Sophos on 30th April (http://www.sophos.com/en-us/support/knowledgebase/119018.aspx - click the Linux tab) and will receive no further updates from that date.
>
> I spoke to a very clueful guy at Sophos support yesterday. They advised me to switch up to v9, which is fine but obviously it's not ideal to call savscan each time, hence my interest in SAVDI.
>
> Stef
>

You can ask Sophos to get it with password python style wget download but 
I can tell you they are the same lib sav ide structure.  I am also testing 
the download but I am complainting to Sophos the virus update is not as
as fast as savupd.sh, sometimes one or two hours delay.  And also it 
download without unzip the packed ides out, which I have to wrap a perl
to do it (I am not good at python)

Hope it can help.

Eric