Sophos is a fully integrated cross platform network anti-virus application. Installed from a central server(s) it can be updated frequently in one easy operation, and then updates all workstations automatically. Sophos automatically e-mail users every time they discover any new viruses and provides new update files for your central installation. It has two main components:- Intercheck, a memory resident program which protects you as you work, and Sweep, which can be used for identifying and killing viruses in all files when needed or as a scheduled job.


Every time Sophos head office detect a new virus strain they will email registered users with details, notifying them that a new virus definition file is available to combat it. These files (with an IDE file extension) are posted on their web site at frequent intervals. However, be aware that downloading these file does not mean that the regular monthly update CD from Sophos should not be applied, since this also contains updates to the software itself and entries for the virus encyclopaedia.

On a PC with internet access, WinZip, and access to the network, run ‘Internet Explorer’ and go to the Sophos virus update page (, which may be set as the home page for your browser if you are using a server). Near the bottom of the page is a button marked 'Download Zip':- click on this to download all recently posted virus updates (if required, the updates can be downloaded individually from the table above this button).

You should also be aware which version of Sophos you are running—the initial installation at all Cranswick sites was v3.33, which should then be updated to version 3.34, 3.35 etc. by each monthly update CD. The zip file contained in the Sophos website assumes that you are running the latest version and only includes definitions that have appeared since. Therefore, depending on how often you update, it may be necessary to use links on the web page to get updates for previous versions. A little effort is required to keep track of updated IDE files, since once a monthly update from CD has been applied the IDE files should then be removed, as they are then included in the main package.

A window then appears saying 'Save File to Disk', click on ‘OK’, and then 'Save' if the path to the save location is correct (say 'Yes' to overwrite this file if asked). For convenience a folder called 'Sophos Virus Updates' or similar may have been created with a shortcut on the Desktop—if so this is where the save path should be pointing. Otherwise browse for the folder that you wish to download to and save it to there. Take note of the file name used if you do not delete old zip files after you have used them.

Once the download has completed shut down the internet connection and, depending where you downloaded to, double click on the 'Sophos virus updates' folder on the desk top or the alternative folder you used. Then double click on the zip file just downloaded and agree to the WinZip licence message that appears.

Once in WinZip click the 'Extract' button and choose a path to extract to, either to a temporary folder such as ‘Sophos Virus Updates’ or direct to the central installation. No matter what method is used the files must eventually be copied to the correct folder for the central installation. This location will depend on which type(s) of server and workstation operating systems are in use on your network:

Novell Server:-
NT Workstation (on NT network):-
   C:\Program Files\Sophos SWEEP for NT\NTinst\i386
Win 95/98 Workstation (on NT network):-
   C:\Program Files\Sophos SWEEP\W95inst

Extract or copy the new IDE files to these locations to upload files to the server (again say 'Yes' whenever it asks to overwrite a file). You may have to update more than one location depending on the mix of operating systems on your network. Close Winzip and the 'Sophos virus updates' folder as necessary. The server must then be told that the new IDE’s are there and that workstations should be updated the next time they log on. This is done in different ways for each type of server:

Novell Server:-
The Sweep module must be stopped and then started again. To do this go to the system console (if this is not on the screen at the server, press [CTRL-ESC] and then the number corresponding to system console on the menu that appears) and type ‘unload sweep’ to stop Sophos. Then type ‘load sophos –ds’ to start it again with the new definitions.
NT Sever:-
Go to a DOS prompt and type ‘setup /update’ in the appropriate directory for each client type. This has probably been simplified for you by a batch file on the server desktop called ‘update.bat’ or similar - just double click this icon(s) and click on ‘Done’ where appropriate for the same effect. This lets the server know that new virus definitions have arrived and to update all client machines.

Sophos Anti-Virus Guidance Notes
Click here to return to MT Support Index