Sophos Anti-Virus for UNIX release notes ---------------------------------------- Contents -------- Version numbers New in this version Known problems Additional information Information from previous versions Technical support Copyright For details on installing and using Sophos Anti-Virus, see the file Install.txt. Version numbers --------------- Sophos Anti-Virus : 4.34.0 Threat detection engine : 2.79.0 Threat data : 4.34, October 2008 New in this version ------------------- * Sophos Anti-Virus is now available for FreeBSD version 7 (i386 and AMD64). * (DEF 21371) There is a new command-line option, -move=, to specify that infected files should be moved to a quarantine directory. This complements the existing --quarantine option, and can be used in situations where changing file permissions to prevent access is not possible. For example: sweep -move= would cause Sophos Anti-Virus to scan the files included in and move any infected files to . Sophos Anti-Virus asks you for confirmation before it moves a file. However, as with the options -remove and --quarantine, you can use the option -nc to specify that Sophos Anti-Virus should go ahead without asking for confirmation. * The threat detection engine and threat data have been updated. Known problems -------------- * Temporary loss of desktop gnome panel (DEF 16689) On some versions of Solaris version 10 on Intel, running sweep on the directory vfolders (under the directory /etc/gnome-vfs-2.0 (or similar)) may cause the desktop gnome panel to terminate and then restart. You can avoid this happening by doing one of the following: * Use the command-line option --no-reset-atime=/etc/gnome-vfs-2.0/vfolders. This stops sweep resetting the access time (atime) of the directory vfolders and files inside it, but not that of other directories and files. Note that using this option may affect the behaviour of archivers running on your computer. * Exclude the directory /etc/gnome-vfs-2.0/vfolders (or similar) from your scan, using the command-line option -exclude. * Upgrading InterCheck Server on HP-UX If you are using InterCheck Server for HP-UX and it is already running on your system, you must use the -ssi (Stop and Start InterCheck) option when you install a newer version of InterCheck Server, or the installation will fail. * Format of dates in earlier versions of TurboLinux Earlier versions of TurboLinux than version 7 may not display Japanese dates correctly (e.g.using English for the month name). * Using ldconfig on FreeBSD and Linux systems with old libsavi.so.2.2* files On FreeBSD and Linux, if you run the installation script with the -nrm (do not remove old libraries and virus data) option, and a SAV Interface version 2 library was installed (libsavi.so.2.2.*), then this will not be removed. If you then run ldconfig, you will find that the symlink from libsavi.so.2 is incorrect. You can either remake this link manually, or rerun the installation script, which will remake it for you. * SAV Interface applications on HP-UX If your SAV Interface application gives unresolved symbols when linking against the HP-UX SAV Interface library, you should ensure that your SAV Interface application code contains the statement #define INITGUID in one of the source files, prior to the line including the file csavi3c.h. The SAV Interface demo program supplied with the SAVI Developer Toolkit illustrates this. * Sophos Anti-Virus on AIX and SAV Interface on AIX On AIX, it is possible for the memory allocation functions to return memory addresses that don't exist, usually when the computer is running low on memory. If these memory addresses are subsequently accessed, the computer may terminate the application. Sophos recommends setting the PSALLOC environment variable to the value "early", before running Sophos Anti-Virus on AIX or SAV Interface applications on AIX, i.e. PSALLOC=early Setting PSALLOC to "early" causes the memory allocation functions to only allocate memory that exists. This may cause your computer to run slower, because further checks are carried out on memory as it is allocated. * SAV Interface applications on Solaris/SPARC If you are compiling a SAV Interface application on Solaris/SPARC, and using gcc to compile or link, you may need to ensure that the gcc library functions are included. You can do this by explicitly linking your application against the gcc library. In addition, you should ensure that the command-line option to link against the gcc library occurs on the linker options line BEFORE the option to link against the libsavi library. For example, the linker options line should look something like: -l gcc -lsavi or -l gcc_s -lsavi as opposed to: -lsavi If you don't explicitly link aginst gcc you may experience problems with your SAV Interface application when it starts up: it may immediately crash. If you are producing code which may work in environments where there isn't a gcc library, you may need to statically link gcc. Additional information ---------------------- * Archive scanning Sophos Anti-Virus for UNIX is able to scan for viruses inside archive files such as ZIP, ARJ, RAR, TAR, GZIP, BinHex, MacBinary and COMPRESS. If an archive file contains another archive (e.g. a GZIPped TAR archive, or a ZIP within a ZIP within a ZIP), the nested archives can be scanned recursively. This feature is not switched on by default. If you turn it on, you will be asking Sophos Anti-Virus to do more work, and if you have numerous complex archives, Sophos Anti-Virus may take noticeably longer to run. Please bear this in mind when scheduling unattended scans. UNIX ELF files are scanned either when their file extension is in the executables list, or if '-all' is specified. Scanning of InstallShield CAB files is not enabled by default. To enable scanning of these files use -opt=ISCabinet (NB case-sensitive). For a full list of archive types scanned use: sweep -vv * SAV Interface This version of Sophos Anti-Virus includes support for SAV Interface, an extended third-party programming interface. For information concerning this interface please contact Sophos for documentation. * SAV Interface and multi-threaded applications Developers of multi-threaded SAV Interface client applications must ensure that, for each SAVI object, there is never more than one thread executing a SAV Interface function. This can be achieved, for example, by creating a separate SAVI object for each thread in the application. Versions 3 and later of the SAV Interface library have been enhanced to allow the threat data to be reloaded by a running SAVI object. Threat data is shared between the SAVI objects in a single process. In an application containing multiple SAVI objects, reloading threat data on one of the SAVI objects will thus affect all of the others. On Linux/Intel/libc6 (glibc 2.2 only), Solaris/Intel and Solaris/SPARC implementations of the SAV Interface library, threads running on other SAVI objects are now automatically blocked while threat data is reloaded. On all other platforms, the designer of the client application must explicitly ensure that all scanning activity on all SAVI objects/threads is halted for the duration of the reload. Information from previous versions ---------------------------------- 4.33.0 * Sophos Anti-Virus is now available for Linux on Itanium. * (DEF 24213) SAV Interface for Linux on Octeon (32 and 64 bit) now supports the use of threading with SAV Interface applications. The loading and reloading of threat data via SAV Interface is protected. Technical support ----------------- For technical support, visit www.sophos.com/support. If you contact technical support, provide as much information as possible, including the following: * Sophos software version number(s) * Operating system(s) and patch level(s) * The exact text of any error messages Copyright --------- Copyright © 2005-2008 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner. Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.