SOPHOS Antivirus

Just wondered what the general consensus is about an Antivirus program
called SOPHOS?

We use the thing here at work, and it doesn't look that flash to me;
Doesn't even do a memory scan before doing a HD scan.

Is anybody out there using it? And if so, what do you think of it?


Thanks
Charles

Frog

Yeah I do... I've never seen it disinfect a virus, the only option you have
is to move or delete any infected files.

The default setup does not do anything once a virus is found, and I don't
know if it does anything about the registry modifications viruses make.

I think its a poor program, yet they claim to have won many awards




"Frog" <> wrote in message
news:...
> Just wondered what the general consensus is about an Antivirus program
> called SOPHOS?
>
> We use the thing here at work, and it doesn't look that flash to me;
> Doesn't even do a memory scan before doing a HD scan.
>
> Is anybody out there using it? And if so, what do you think of it?
>
>
> Thanks
> Charles
>
>

Billy K

"Billy K" <> wrote in message
news:...
> Yeah I do... I've never seen it disinfect a virus, the only option
you have
> is to move or delete any infected files.
>
> The default setup does not do anything once a virus is found, and I
don't
> know if it does anything about the registry modifications viruses
make.
>
> I think its a poor program, yet they claim to have won many awards
>

It's my opinion that Sophos is a excellent AV product. Especially when
used for it's primary purpose of detecting viruses. As for disinfecting
viruses I can only offer that I do not subscribe to this philosophy. If
it's a virus, it's deleted. Plain and simple. No chances are taken.

According to an article on Sophos' website.

Independent research and test centre West Coast Labs has awarded Sophos
Anti-Virus for Windows (NT server, XP Professional and 2000 platforms),
version 3.79, its highest anti-virus certification: Anti-Virus Checkmark
Level 2. The award demonstrates Sophos's excellence in detecting and
disinfecting all known in-the-wild viruses.

http://www.sophos.com/companyinfo/ne...ckmark379.html


--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Don Kelloway

On Thu, 27 May 2004, "Billy K" <> wrote:
>Yeah I do... I've never seen it disinfect a virus, the only option you have
>is to move or delete any infected files.

Thanks for the reply.
One thing I've noticed today at work, is that if you choose to do a full HD
scan, it doesn't scan the memory at all !!!!!
Doesn't even appear to have an option to select memory scanning either!

>
>The default setup does not do anything once a virus is found, and I don't
>know if it does anything about the registry modifications viruses make.

I suspect I have a virus on my work machine, yet Sophos isn't finding it


>I think its a poor program, yet they claim to have won many awards

Strange isn't it; I haven't run across anybody thats even heard of the
program.


Many thanks
Charles

An Metet

Mate, the guy who sang the praise of Sophos must have been a Greek... Sorry
mate but I am far from convinced the product does it's job.

The product does not protect my work environment from any viruses. I should
know because I sit there setting it up and am bewildered that viruses are
still hitting my environment.

I have AVG free edition installed and this detects viruses yet SOPHOS sits
there like a fat technician chomping on donuts !!!

Any technician recommending this product really needs to try something free
like AVG just to see how badly they are being jarded!!







"An Metet" <> wrote in message
news: ster...
> On Thu, 27 May 2004, "Billy K" <> wrote:
> >Yeah I do... I've never seen it disinfect a virus, the only option you
have
> >is to move or delete any infected files.
>
> Thanks for the reply.
> One thing I've noticed today at work, is that if you choose to do a full
HD
> scan, it doesn't scan the memory at all !!!!!
> Doesn't even appear to have an option to select memory scanning either!
>
> >
> >The default setup does not do anything once a virus is found, and I don't
> >know if it does anything about the registry modifications viruses make.
>
> I suspect I have a virus on my work machine, yet Sophos isn't finding it
>
>
> >I think its a poor program, yet they claim to have won many awards
>
> Strange isn't it; I haven't run across anybody thats even heard of the
> program.
>
>
> Many thanks
> Charles
>

Billy K

"Billy K" <> wrote in message
news:40b6e61a$...
> Mate, the guy who sang the praise of Sophos must have been a Greek...
Sorry
> mate but I am far from convinced the product does it's job.
>
> The product does not protect my work environment from any viruses. I
should
> know because I sit there setting it up and am bewildered that viruses
are
> still hitting my environment.
>
> I have AVG free edition installed and this detects viruses yet SOPHOS
sits
> there like a fat technician chomping on donuts !!!
>
> Any technician recommending this product really needs to try something
free
> like AVG just to see how badly they are being jarded!!
>
>

Though I am not Greek may I suggest that you ensure that you are running
the latest SAV and signatures? As of fifteen minutes ago the current
SAV is 3.81 with 90301 signatures.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Don Kelloway

Sorry for before, I'm just an admin who is honestly very disapointed with a
product.

I work in an envirnoment that deals with other International firms mainly in
Asia. We use Sophos anti-virus on servers and clients. All updates come
through automatically from a share which is updated as soon as any updates
become available. We definately run current updates.

Every major virus to hit the net, we get it. Your right though, Sophos
detect all of these, however fails to deal with the virus accordingly.
Having the file deteled, moved, shredded, copied and etc is not really a
fantastic option. My question is, how do these files become infected in the
first place if Sophos was doing it's job.

We have a concern that Sophos will one day delete some important document
because we have it set to delete viruses. In the environment I work in we
get multiple viruses a week, we have to keep it on the highest possible
setting.

The disinfect option is just there for good looks. I've never had a file
disinfected. The interface with the 3 modes, Immediate, Scheduled, and IC
client is just not practicle. The same configuration must be made 3 times.

The SAV administration tool is OK, gets the IDE updates out there, but this
must be the only reason large organisations use SOPHOS. It does have easy
deployment.








"Don Kelloway" <> wrote in message
newsmNtc.2929$ ink.net...
>
> "Billy K" <> wrote in message
> news:40b6e61a$...
> > Mate, the guy who sang the praise of Sophos must have been a Greek...
> Sorry
> > mate but I am far from convinced the product does it's job.
> >
> > The product does not protect my work environment from any viruses. I
> should
> > know because I sit there setting it up and am bewildered that viruses
> are
> > still hitting my environment.
> >
> > I have AVG free edition installed and this detects viruses yet SOPHOS
> sits
> > there like a fat technician chomping on donuts !!!
> >
> > Any technician recommending this product really needs to try something
> free
> > like AVG just to see how badly they are being jarded!!
> >
> >
>
> Though I am not Greek may I suggest that you ensure that you are running
> the latest SAV and signatures? As of fifteen minutes ago the current
> SAV is 3.81 with 90301 signatures.
>
> --
> Best regards, from Don Kelloway of Commodon Communications
> Visit http://www.commodon.com to learn about the "Threats to Your
> Security on the Internet".
>
>

Billy K

"Billy K" <> wrote in message
news:40b8578f$...
> Sorry for before, I'm just an admin who is honestly very disapointed with
a
> product.
>
> I work in an envirnoment that deals with other International firms mainly
in
> Asia. We use Sophos anti-virus on servers and clients. All updates come
> through automatically from a share which is updated as soon as any updates
> become available. We definately run current updates.
>
> Every major virus to hit the net, we get it. Your right though, Sophos
> detect all of these, however fails to deal with the virus accordingly.
> Having the file deteled, moved, shredded, copied and etc is not really a
> fantastic option. My question is, how do these files become infected in
the
> first place if Sophos was doing it's job.
>
> We have a concern that Sophos will one day delete some important document
> because we have it set to delete viruses. In the environment I work in we
> get multiple viruses a week, we have to keep it on the highest possible
> setting.
>
> The disinfect option is just there for good looks. I've never had a file
> disinfected. The interface with the 3 modes, Immediate, Scheduled, and IC
> client is just not practicle. The same configuration must be made 3
times.
>
> The SAV administration tool is OK, gets the IDE updates out there, but
this
> must be the only reason large organisations use SOPHOS. It does have easy
> deployment.

Every virus will get through a reactive virus scanner sooner or later.

If things are as bad as you say, you should maybe be looking at why you are
at such a high risk. No virus scanner is going to stop viruses, only
mitigate the damage and contain them.

Martin

In article <40b8578f$>,
says...
> Every major virus to hit the net, we get it. Your right though, Sophos
> detect all of these, however fails to deal with the virus accordingly.
> Having the file deteled, moved, shredded, copied and etc is not really a
> fantastic option. My question is, how do these files become infected in the
> first place if Sophos was doing it's job.

You need to look at two things right away:

Firewall - use a firewall that allows for SMTP attachment filtering.
This one feature can eliminate 99% of the virus infected inbound email
to your system. This only works if you have your own email server(s),
but I'm assuming that you do.

Anti-Virus - get Norton AV corporate edition and use it. Setup the
updates for every 4 hours on the server and have the server push the
updates to the desktops. We have Symantec AV Corporate edition setup to
FORCE updates and scan's of users computers. You can even install (push)
the AV software to every desktop using the remote installer (right from
the server).

Using these two methods we've eliminated ALL (100%) of inbound virus
attachments from all the companies we manage.

After you do the above, you need to look at HTTP filtering, filtering
what sites users are permitted to access, and blocking ALL outbound
access that is not strictly for business needs. You can even block IM
and those sharing apps that people like to run from their computers to
connect to home.




--
--

(Remove 999 to reply to me)

Leythos

Leythos wrote:

> You need to look at two things right away:
>
> Firewall - use a firewall that allows for SMTP attachment filtering.
> This one feature can eliminate 99% of the virus infected inbound email
> to your system. This only works if you have your own email server(s),
> but I'm assuming that you do.

I am getting a bit fed-up with Leythos' "advice". In the best case it is off
topic (the OP was asking about Sophos, not opinions on security in
general), now it's outright misleading.

By definition a firewall has no mail filtering function. What you describe
above is an SMTP proxy + anti-virus filtering. They'll both work fine
without any firewall whatsoever, exactly as any firewall will work without
any proxies being involved.

Unfortunately an SMTP proxy will be effective only if you make sure your
users have no access to ANY other mail servers - which PHBs are less than
likely to accept ("I occasionally absolutely unconditionally NEED to look
at my private HotMail/AOL/Whatever account!").

> Anti-Virus - get Norton AV corporate edition and use it. Setup the
> updates for every 4 hours on the server and have the server push the
> updates to the desktops. We have Symantec AV Corporate edition setup to
> FORCE updates and scan's of users computers. You can even install (push)
> the AV software to every desktop using the remote installer (right from
> the server).

In my experience Norton has repeatedly failed to identify viruses. Even
worse, their way of filtering mail raises serious questions about data
security and confidentiality. There are enough good anti-virus programs
that will update automatically (or on command) and filter well without
passing your confidential information through Symantec's servers, not to
mention their outrageous subscription fees.

BTW - in a proxy role Sophos can be quite effective: after all what you need
is just to identify the presence of a virus (in order to block the
attachement/message), not clean it.

> Using these two methods we've eliminated ALL (100%) of inbound virus
> attachments from all the companies we manage.

Just means you were lucky. No anti-virus can catch 100% for the simple
reason that a virus needs to be seen and analysed before a signature can be
defined. Anyone who _guarantees_ to block 100% of incoming stuff is a good
candidate for buying prime beach-front property in northern Mali.

All of this completely ignores the at least as serious issues of worms and
trojans - which most anti-virus programs (including your beloved NAV) will
not identify at all.

> After you do the above, you need to look at HTTP filtering, filtering
> what sites users are permitted to access, and blocking ALL outbound
> access that is not strictly for business needs. You can even block IM
> and those sharing apps that people like to run from their computers to
> connect to home.

At last some reasonable advice: do not allow indiscriminate outgoing
connections (your users will scream bloody murder at this point: "Are you
out of your mind? No IM and no Kazaa?"), use a filtering proxy for outgoing
HTTP, disable all ActiveX (again a less than popular thing), disable
executable content (HTTP downloading).
--
Mailman

Mailman