Sophos Anti-Virus for UNIX/Linux: Sophie reports all files scanned as corrupt
Some users of the open-source SAVI daemon program 'Sophie' have reported problems when using it with the latest version of Sophos
This is caused by some new thread-protection mechanisms that were introduced to make the virus engine more thread-safe. In certain situations, Sophie will initialize SAVI as the 'root' user and then switch to a different user ID. Access control for thread-synchronization objects causes problems.
A frequent symptom of this problem is that SAVI reports every file it attempts to scan as corrupt.
What to do
Users should upgrade to the latest version of Sophie (3.04). This version can be downloaded from
http://www.clanfield.info/sophie/sophie-3.04.tar.gz
This updated version changes the way Sophie starts up. The main process creates the socket and the pidfile. It then forks a new master process under the less privileged uid and gid. This process creates the SAVI instance and monitors the socket for connections. As a result, you will now always see at least two Sophie processes running.
If you need more information or guidance, then please contact technical support.
- Article ID: 13102
- Created: 19 May 2005
- Last updated: 14 Oct 2008
