Jason Englander <jason at englanders dot us>
Linux HOWTOs
HOWTO: sophie
Description: A anti-virus daemon that uses libsavi from Sophos
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything
# sophie
# ======
# Sophie is a daemon that uses the libsavi library from Sophos (you have to
# buy Sophos for it's virus database and engine). I haven't used it in a
# few years since finishing with two clients that used it. I tried to
# contact Sophos and a Sophos distributor about licensing it myself, but
# didn't get any response. So, I have no plans for updating this in the
# future, but I will try to at least keep the home page and download URLs set
# to valid ones.
#
# HEY YOU - LOOK HERE: I don't use Sophie any more. This is for the
# unbelievable number of people that have written to me about it after
# supposedly reading the paragraph above. I'll be happy to fix broken URLs
# and update notes to reflect new versions that are available, but I won't
# be updating the sophos-update.pl script (except to fix bugs) or the
# versions of Sophie that are covered below.
# As of the last time I updated this, the latest version of Sophie is
# 3.04 The last version that I have actually tried is 3.04rc1, which
# is the version shown below.
# Create the directories to put everything into
mkdir -p -m 0700 ~/installed/sophie ~/src/sophie
# Sophos SAVI
# ===========
# Go to www.sophos.com and download the evaluation of Sophos for Linux
# (or of course the regular version if you've licensed it) and put it in ~
# Watch out for that incredibly vague filename: linux.intel.libc6.tar.Z...
# (don't leave it there and forget what it is <g>) If you don't use
# Linux, mentally adjust the filename accordingly.
# Running the install script as shown below may not work with older versions
# of sophos, it has added/changed some options recently.
cd ~/src/sophie
test -d ./sav-install && rm -r ./sav-install
tar xzvf ~/linux.intel.libc6.tar.Z
cd sav-install
test $UID = 0 && chown -R root:root .
# Become root to install it
su
test -d /usr/local/sav && ( cd /usr/local/sav ; rm -f *.ide vdl-*.dat )
find /usr/local/lib -type f -name "libsavi.so.*" -exec rm {} \;
./install.sh -ni -so
ldconfig
# Become yourself again
exit
cd
mv -f linux.intel.libc6.tar.Z installed/sophie/
# sophie 3.04rc1
# ==============
cd
test -f installed/sophie/sophie-3.04rc1.tar.bz2 &&
mv installed/sophie/sophie-3.04rc1.tar.bz2 .
test ! -f sophie-3.04rc1.tar.bz2 &&
wget http://www.vanja.com/tools/sophie/sophie-3.04rc1.tar.bz2
# Verify tarball w/ gpg:
( gpg --list-keys C13149EA > /dev/null 2>&1 ||
lynx -dump http://www.vanja.com/pgpkey.txt | gpg --import - ) &&
wget http://www.vanja.com/tools/sophie/sophie-3.04rc1.tar.bz2.asc &&
gpg --verify sophie-3.04rc1.tar.bz2.asc && rm sophie-3.04rc1.tar.bz2.asc
cd sophie
find -type d -maxdepth 1 -name "sophie-*" -exec rm -r {} \;
tar xjvf ~/sophie-3.04rc1.tar.bz2
cd sophie-3.04rc1
test $UID = 0 && chown -R root:root .
# Patch it to fix another bug:
wget -nc http://englanders.cc/pub/linux/patches/notmine/sophie_scandir.diff &&
patch < sophie_scandir.diff
./configure
make
# Become root to install it
su
test ! -f /usr/local/etc/sophie.savi && cp etc/sophie.savi /usr/local/etc/
test ! -f /usr/local/etc/sophie.cfg && cp etc/sophie.cfg /usr/local/etc/
cp sophie.8 /usr/local/man/man8/
# If you're upgrading a version that's already running, kill sophie, cp it,
# then start it. Something like this should do it:
#killall sophie ; sleep 1 ; killall -9 sophie ; \
#cp sophie /usr/local/sbin/ ; /usr/local/sbin/sophie -D
# If sophie is not running:
cp sophie /usr/local/sbin/
# Become yourself again
exit
cd
rm -f installed/sophie/sophie-*.tar.*
mv sophie-3.04rc1.tar.bz2 installed/sophie/
# For a sample sophie.cfg that'll work with MIMEDefang (last updated for
# version 3.03), look here:
# http://englanders.cc/pub/misc/sophie.cfg
# Skip down to the bottom for a script that'll download virus signatures
# sophie 1.44
# ===========
# Sophie uses the libsavi library that comes with the Sophos package above
cd
test -f installed/sophie/sophie-1.44.tar.bz2 &&
mv installed/sophie/sophie-1.44.tar.bz2 .
test ! -f sophie-1.44.tar.bz2 &&
wget http://www.vanja.com/tools/sophie/sophie-1.44.tar.bz2
# Verify tarball w/ gpg:
( gpg --list-keys C13149EA > /dev/null 2>&1 ||
lynx -dump http://www.vanja.com/pgpkey.txt | gpg --import - ) &&
wget http://www.vanja.com/tools/sophie/sophie-1.44.tar.bz2.asc &&
gpg --verify sophie-1.44.tar.bz2.asc && rm sophie-1.44.tar.bz2.asc
cd sophie
find -type d -maxdepth 1 -name "sophie-*" -exec rm -r {} \;
tar xjvf ~/sophie-1.44.tar.bz2
cd sophie-1.44
test $UID = 0 && chown -R root:root .
# If you're _not_ going to run sophie with MIMEDefang just run a plain old
# ./configure
# If you are going to run sophie with MIMEDefang, something like this
# should work. Replace /ram/MIMEDefang with your MD spool directory
# (yours may be /var/spool/MIMEDefang) and --with-user/group should point
# to the user that MD runs as (yours may be defang)
./configure \
--with-socketfile=/ram/MIMEDefang/sophie \
--with-pidfile=/ram/MIMEDefang/sophie.pid \
--with-user=mdefang \
--with-group=mdefang
make
# Become root to install it
su
# If you're upgrading a version that's already running, kill sophie, cp it,
# then start it. Something like this should do it:
#killall sophie ; sleep 1 ; killall -9 sophie ; \
#cp sophie /usr/local/sbin/ ; /usr/local/sbin/sophie -D
# If sophie is not running:
cp sophie /usr/local/sbin/
# Become yourself again
exit
cd
rm -f installed/sophie/sophie-*.tar.*
mv sophie-1.44.tar.bz2 installed/sophie/
# If you don't already have one, this Perl script (open it for settings) can
# be used to update the virus signatures:
# Become root to install it
su
cd /usr/local/sbin
wget -N http://englanders.cc/pub/linux/misc/sophos-update.pl
chmod 700 sophos-update.pl
perl -MCPAN -e shell
install Archive::Zip
install LWP::Simple
exit
## Sample cron job to run it at 3:02am
# 2 3 * * * /usr/local/sbin/sophos-update.pl
# If you run a recent version of Slackware, rather than adding something
# like that line above to root's crontab you can create a /etc/cron.daily
# script:
cat <<EOF > /etc/cron.daily/sophos-update.sh
#!/bin/sh
/usr/local/sbin/sophos-update.pl
EOF
chmod 700 /etc/cron.daily/sophos-update.sh
# Become yourself again
exit
|
Last updated: Tue, 07 Aug 2018 12:06:17 -0400 Jason Englander <jason at englanders dot us> |
|