Classnotes | UNIX03 | RecentChanges | Preferences Showing revision 1 Sophie is a daemon which uses libsavi, the Sophos Anti Virus Interface library distributed by Sophos. You can obtain Sophie from here:
On startup, Sophie intializes the SAVI library and loads the virus identities into memory. It then opens a local UNIX socket and waits for connections. Other applications make connections to this socket and pass data into Sophie informing of a path to scan. Because the virus identities are already loaded into RAM, scanning of this file is very fast. Since Sophie does not worry about what to do with this file afterward (delete it, quarantine it, etc.), once it has determined if the file is viral or not, it once again sits and waits for another path to scan.
Sophie was not intended to replace Sweep. Instead, it simply acts as a quick litmus test as to whether a given file is viral or not. (Well, it's quicker than Sweep, but if the file is large it will still take a while.)
All of this means that there will be significantly less overhead for running Sophie over Sweep. With Sweep, each time it is run it will have to reload the IDE files. It will also have to know what to do with a viral file if found. This means that it is hard to kludge it into a mail gateway such as ours. It would take an already resource intensive setup and make it even more intensive. By adding Sophie to the mix, we only slightly increase the workload that the system has to do to scan a message.
