Classnotes | UNIX03 | RecentChanges | Preferences Sophie is a daemon which uses libsavi, the Sophos Anti Virus Interface library distributed by Sophos. You can obtain Sophie from here:
On startup, Sophie intializes the SAVI library and loads the virus identities into memory. It then opens a local UNIX socket and waits for connections. Other applications make connections to this socket and pass data into Sophie informing of a path to scan. Because the virus identities are already loaded into RAM, scanning of this file is very fast. Since Sophie does not worry about what to do with this file afterward (delete it, quarantine it, etc.), once it has determined if the file is viral or not, it once again sits and waits for another path to scan.
Sophie was not intended to replace Sweep. Instead, it simply acts as a quick litmus test as to whether a given file is viral or not. (Well, it's quicker than Sweep, but if the file is large it will still take a while.)
All of this means that there will be significantly less overhead for running Sophie over Sweep. With Sweep, each time it is run it will have to reload the IDE files. It will also have to know what to do with a viral file if found. This means that it is hard to kludge it into a mail gateway such as ours. It would take an already resource intensive setup and make it even more intensive. By adding Sophie to the mix, we only slightly increase the workload that the system has to do to scan a message.
Configuring Sophie
There are two configuration files for Sophie: sophie.cfg and sophie.savi.
sophie.cfg
This is the main configuration file for Sophie. Many of the items in this file will be reloaded by Sophie when it is send a hang-up (SIGHUP) signal, others will require a full reload. Inside the source archive for Sophie is an example file (under 'etc'). Let's take a quick look at some of the options it has:
This is the UNIX socket file which clients can connect to. If you do not change this, be sure to make a note of it as Amavisd will need it.
# User to run Sophie as
#
# Change requires: RESTART
user: mail
# Group to run Sophie as
#
# Change requires: RESTART
group: mail
These are the user and group to run Sophie as. It would generally be safe to run this under a parent group for both Sophos and Sophie.
There are many other options, which have reasonable explanations in the basic config file included with Sophie.
sophie.savi
This is the file which defines how Sophie initializes the SAVI library. Chances are you will not want to change any of these unless you know what you are doing (or, unless I tell you to ;-)
Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions Last edited October 4, 2003 2:07 am (diff) Search: