Linux HOWTOs

About | Home | Search


HOWTO: sophie
Description: A anti-virus daemon that uses libsavi from Sophos
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything


# sophie
# ======
# Sophie is a daemon that uses the libsavi library from Sophos (you have to
# buy Sophos for it's virus database and engine).  I haven't used it in a
# few years since finishing with two clients that used it.  I tried to
# contact Sophos and a Sophos distributor about licensing it myself, but
# didn't get any response.  So, I have no plans for updating this in the
# future, but I will try to at least keep the home page and download URLs set
# to valid ones.
#
# HEY YOU - LOOK HERE: I don't use Sophie any more.  This is for the
# unbelievable number of people that have written to me about it after
# supposedly reading the paragraph above.  I'll be happy to fix broken URLs
# and update notes to reflect new versions that are available, but I won't
# be updating the sophos-update.pl script (except to fix bugs) or the
# versions of Sophie that are covered below.

# As of the last time I updated this, the latest version of Sophie is
# 3.04  The last version that I have actually tried is 3.04rc1, which
# is the version shown below.

# Create the directories to put everything into
mkdir -p -m 0700 ~/installed/sophie ~/src/sophie


# Sophos SAVI
# ===========
# Go to www.sophos.com and download the evaluation of Sophos for Linux
# (or of course the regular version if you've licensed it) and put it in ~
# Watch out for that incredibly vague filename: linux.intel.libc6.tar.Z...
# (don't leave it there and forget what it is <g>)  If you don't use
# Linux, mentally adjust the filename accordingly.
# Running the install script as shown below may not work with older versions
# of sophos, it has added/changed some options recently.

cd ~/src/sophie
test -d ./sav-install && rm -r ./sav-install
tar xzvf ~/linux.intel.libc6.tar.Z
cd sav-install
test $UID = 0 && chown -R root:root .

# Become root to install it
su
test -d /usr/local/sav && ( cd /usr/local/sav ; rm -f *.ide vdl-*.dat )
find /usr/local/lib -type f -name "libsavi.so.*" -exec rm {} \;
./install.sh -ni -so
ldconfig

# Become yourself again
exit

cd
mv -f linux.intel.libc6.tar.Z installed/sophie/


# sophie 3.04rc1
# ==============
cd
test -f installed/sophie/sophie-3.04rc1.tar.bz2 &&
 mv installed/sophie/sophie-3.04rc1.tar.bz2 .
test ! -f sophie-3.04rc1.tar.bz2 &&
 wget http://www.vanja.com/tools/sophie/sophie-3.04rc1.tar.bz2

# Verify tarball w/ gpg:
( gpg --list-keys C13149EA > /dev/null 2>&1 ||
 lynx -dump http://www.vanja.com/pgpkey.txt | gpg --import - ) &&
 wget http://www.vanja.com/tools/sophie/sophie-3.04rc1.tar.bz2.asc &&
 gpg --verify sophie-3.04rc1.tar.bz2.asc && rm sophie-3.04rc1.tar.bz2.asc

cd sophie
find -type d -maxdepth 1 -name "sophie-*" -exec rm -r {} \;
tar xjvf ~/sophie-3.04rc1.tar.bz2
cd sophie-3.04rc1
test $UID = 0 && chown -R root:root .

# Patch it to fix another bug:
wget -nc http://englanders.cc/pub/linux/patches/notmine/sophie_scandir.diff &&
 patch < sophie_scandir.diff

./configure
make

# Become root to install it
su
test ! -f /usr/local/etc/sophie.savi && cp etc/sophie.savi /usr/local/etc/
test ! -f /usr/local/etc/sophie.cfg && cp etc/sophie.cfg /usr/local/etc/
cp sophie.8 /usr/local/man/man8/

# If you're upgrading a version that's already running, kill sophie, cp it,
# then start it.  Something like this should do it:
#killall sophie ; sleep 1 ; killall -9 sophie ; \
#cp sophie /usr/local/sbin/ ; /usr/local/sbin/sophie -D

# If sophie is not running:
cp sophie /usr/local/sbin/

# Become yourself again
exit

cd
rm -f installed/sophie/sophie-*.tar.*
mv sophie-3.04rc1.tar.bz2 installed/sophie/

# For a sample sophie.cfg that'll work with MIMEDefang (last updated for
# version 3.03), look here:
# http://englanders.cc/pub/misc/sophie.cfg

# Skip down to the bottom for a script that'll download virus signatures


# sophie 1.44
# ===========
# Sophie uses the libsavi library that comes with the Sophos package above

cd
test -f installed/sophie/sophie-1.44.tar.bz2 &&
 mv installed/sophie/sophie-1.44.tar.bz2 .
test ! -f sophie-1.44.tar.bz2 &&
 wget http://www.vanja.com/tools/sophie/sophie-1.44.tar.bz2

# Verify tarball w/ gpg:
( gpg --list-keys C13149EA > /dev/null 2>&1 ||
 lynx -dump http://www.vanja.com/pgpkey.txt | gpg --import - ) &&
 wget http://www.vanja.com/tools/sophie/sophie-1.44.tar.bz2.asc &&
 gpg --verify sophie-1.44.tar.bz2.asc && rm sophie-1.44.tar.bz2.asc

cd sophie
find -type d -maxdepth 1 -name "sophie-*" -exec rm -r {} \;
tar xjvf ~/sophie-1.44.tar.bz2
cd sophie-1.44
test $UID = 0 && chown -R root:root .

# If you're _not_ going to run sophie with MIMEDefang just run a plain old
# ./configure

# If you are going to run sophie with MIMEDefang, something like this
# should work.  Replace /ram/MIMEDefang with your MD spool directory
# (yours may be /var/spool/MIMEDefang) and --with-user/group should point
# to the user that MD runs as (yours may be defang)
./configure \
 --with-socketfile=/ram/MIMEDefang/sophie \
 --with-pidfile=/ram/MIMEDefang/sophie.pid \
 --with-user=mdefang \
 --with-group=mdefang

make

# Become root to install it
su

# If you're upgrading a version that's already running, kill sophie, cp it,
# then start it.  Something like this should do it:
#killall sophie ; sleep 1 ; killall -9 sophie ; \
#cp sophie /usr/local/sbin/ ; /usr/local/sbin/sophie -D

# If sophie is not running:
cp sophie /usr/local/sbin/

# Become yourself again
exit

cd
rm -f installed/sophie/sophie-*.tar.*
mv sophie-1.44.tar.bz2 installed/sophie/


# If you don't already have one, this Perl script (open it for settings) can
# be used to update the virus signatures:

# Become root to install it
su

cd /usr/local/sbin
wget -N http://englanders.cc/pub/linux/misc/sophos-update.pl
chmod 700 sophos-update.pl
perl -MCPAN -e shell
install Archive::Zip
install LWP::Simple
exit

## Sample cron job to run it at 3:02am
# 2 3 * * *       /usr/local/sbin/sophos-update.pl

# If you run a recent version of Slackware, rather than adding something
# like that line above to root's crontab you can create a /etc/cron.daily
# script:
cat <<EOF > /etc/cron.daily/sophos-update.sh
#!/bin/sh
/usr/local/sbin/sophos-update.pl
EOF
chmod 700 /etc/cron.daily/sophos-update.sh

# Become yourself again
exit

Back to the list


Last updated: Tue, 07 Aug 2018 12:06:17 -0400
Jason Englander <jason at englanders dot us>