SECTION Q - Sophos Anti-Virus

1. How do I update Sophos Anti-Virus?

   Sophos sometimes changes the way they distribute updates, so you must be using a sufficiently recent version of the CEQURUX Firewall. You must use CEQURUX Firewall software version 4.1.13, or 4.3.0-SNAP-20030507, or something newer than that. If you have a sufficiently recent version of the firewall, and if you have enabled virus updates and filled in a username and password in the relevant setup screens in fwadmin, then the firewall should automatically update the anti-virus library and pattern files. You should also ensure that one or more of your internal users is subscribed to the Sophos alert mailing list. To check whether the updates are working, search for "updateSAVI_LIB", "updateSAVI_IDE" and "IDEfetchd" in the log file. For example, to search the past 30 days, use the following command (as root on the firewall):

   # report -te -S +30 | egrep 'updateSAVI_LIB|updateSAVI|IDE|IDEfetchd' | less

   You should see library updates every 20 days. They look like this, and include the version numbers:

   May 22 20:32:46 citadel IDEfetchd[10485]: Attempting to update SAVI library

   May 22 21:13:53 citadel updateSAVI_LIB[11908]: Installed new anti-virus library

   libsavi.so.3.2.05.034 and vdl-3.69.dat

   May 22 21:14:08 citadel updateSAVI_IDE[11943]: Installed ides.zip from http://ww

   w.uk.sophos.com/downloads/ide/ides.zip

   You should see fetches of individual IDE files from time to time, whenever Sophos sends an alert message to their mailing list. They look like this:

   May 23 17:13:50 citadel IDEfetchd[17078]: Attempting to fetch panjang.ide virus

   identity file

   May 23 17:14:37 citadel updateSAVI_IDE[17132]: Installed panjang.ide from http:/

   /www.uk.sophos.com/downloads/ide/panjang.ide

   May 23 17:14:38 citadel IDEfetchd[17149]: Fetch of panjang.ide virus identity fi

   le succeeded

   You should see fetches of the complete set of IDE files every 20 hours.

   They look like this:

   May 23 17:15:38 citadel IDEfetchd[17219]: Attempting to update SAVI IDE files

   May 23 17:15:50 citadel updateSAVI_IDE[17245]: Installed ides.zip from http://ww

   w.uk.sophos.com/downloads/ide/ides.zip

   To manually update just the pattern files without updating the library,

   use the following command (as root on the firewall):

   # /usr/local/bin/updateSAVI_IDE

   To manually update the library and pattern files, use the following

   command (as root on the firewall):

   # /usr/local/bin/updateSAVI_LIB

    

   
   
2. How do I check the Version Number?

   To check the library version number, use the following command:

   # ls /usr/local/lib/libsavi.so.*

   It will show several files with different numbers. The largest number is the important one. For example, if the above "ls" command gives the following output:

   /usr/local/lib/libsavi.so.2 /usr/local/lib/libsavi.so.2.2.99

   /usr/local/lib/libsavi.so.2.0 /usr/local/lib/libsavi.so.3

   /usr/local/lib/libsavi.so.2.2 /usr/local/lib/libsavi.so.3.2.05.034

   /usr/local/lib/libsavi.so.2.2.03.034

   We can thus see that the relevant library version number is "3.2.05.034".

    

    

    

   
   The End.