This package installs on Unix servers—whether file, print, or Web—to serve virus-free files to Windows clients. It can also be installed on Unix workstations. We tested it on a Red Hat 6.2 Linux server. Sophos runs on a number of platforms including Windows 9x/NT/2000, and different flavors of Unix like Digital, AIX, FreeBSD, SCO, and Solaris. It also includes a server program called InterCheck server, which collects virus reports from all Windows clients that are running Sophos Antivirus. 

When installing on Linux, you have to choose between two tarballs,  depending on the version of libc libraries (libc5 or libc6) being used on the target system. We used the libc6 version on our Red Hat 6.2 system. The installation, though not GUI-based, was a simple execution of an included script that we got after untarring the tarball. Some environment variables, like PATH, LD_LIBRARY_PATH, and MANPATH need to be set up prior to the installation. This process is well documented in the manual and the install script flashed warning messages for the same. The install script installs both  InterCheck Server and Sweep—the virus scanner.

On Linux, Sweep is executed from the command line (no GUI again). It has about 22 command line options for scanning all types of files, scanning within archives (TAR, ZIP, or GZIP), removing the virus if found, and some Unix-specific options like following symbolic links, staying on the same machine (and not scanning mounted remote file systems). Sweep, by default, just scans executable files, unless you pass a parameter for some other action such as cleaning or removing. Some option parameters we tried out were ‘–all’ to scan everything but doesn’t look within archives, ‘-archive’ to scan within compressed files, and ‘-di’ to disinfect only macro viruses. Sweep can recognize only Windows viruses, and not Unix or Linux ones. 

We tested the -archive option by putting a virus-infected file within Linux-specific archives like TAR, GZIP, and BZ2. Sweep was able to detect the virus and reported the name of the infected file within the TAR and GZIP archives. It was, however, unable to detect the virus in the BZIP2 archive. Sweep can disinfect only macro-virus infected files. For other virus-infected files, it gives the option of deleting the file if invoked with the ‘-remove’ switch. No scheduler program for Linux, which could let you run Sweep periodically, has been included in the package, though this can be done using the Linux Cron daemon. 

The InterCheck server on Linux, unlike the Windows version, doesn’t have on-access virus scanning. On-access virus scanning is equivalent to real-time virus protection. InterCheck does central reporting of viruses that are detected on Windows machines on the network. For this to work, the InterCheck server files must be accessible to the Windows client (which is running Sophos Antivirus) over the network, which can be done using the Samba package on Linux. There’s no GUI client available on Linux for configuring the Intercheck Server, so this has to be done manually by editing a configuration file. However, GUI clients are available for Windows and DOS, which can be used to configure the InterCheck Server running on Linux. 

Updating virus definition files also has to be done manually by downloading the updated files (simple ASCII files) from the Sophos website, placing them in a separate directory, and setting an environment variable to point to that directory. There’s no facility like LiveUpdate in Norton AntiVirus that can automatically connect and update the anti-virus program. 

Shekhar Govindarajan at PCQ Labs