SOPHOS ANTI-VIRUS GUIDANCE NOTES

 

WHAT IS SOPHOS ANTI-VIRUS?

Sophos is a fully integrated cross platform network anti-virus application. Installed from a central server(s) it can be updated frequently in one easy operation, and then updates all workstations automatically. Sophos automatically e-mail users every time they discover any new viruses and provides new update files for your central installation.It has two main components:- Intercheck, a memory resident program which protects you as you work, and Sweep, which can be used for identifying and killing viruses in all files when needed or as a scheduled job.

TO UPDATE SOPHOS VIRUS DEFINITIONS:

On the NT server run ‘Internet Explorer’ and go to the Sophos virus update page http://www.sophos.com/downloads/ide, which may be set as the home page for your browser). Near the bottom of the page is a button marked 'Download Zip':- click on this to download all recently posted virus updates (if required the updates can be downloaded individually from the table above this button). A window then appears saying 'Save File to Disk', click on ‘OK’, and then 'Save' if the path to the save location is correct (say 'Yes' to overwrite this file if asked). For convenience a folder called 'Sophos Virus Updates' has been created with a shortcut on the Desktop—this is where the save path should be pointing. Once the download has completed shut down the internet connection and double click on the 'Sophos virus updates' folder on the desk top. Then double click on the zip file and agree to the WinZip licence message that appears. Once in WinZip click the 'Extract' button and 'Extract to C:\Program Files\Sophos SWEEP for NT\NTinst\i386' to upload files to the server (again say 'Yes' whenever it asks to overwrite a file). Close Winzip and the 'Sophos virus updates' folder. Then double-click on the 'Update.bat' icon on the Windows Desktop to update the server, clicking on 'done' when it finishes. This lets the server know that new virus definitions have arrived and to update all client machines.

TO UPDATE SOPHOS VIRUS

Intercheck — This program is loaded automatically when you boot up your machine, and runs as an icon to the right on the Taskbar. It checks every file you access as you are working and any files used in the background by application software.
Sweep — This is the main interface used for virus checking and cleaning. It sweeps your PC for viruses when you boot up and at scheduled intervals (the default being at 21:00 every day—individual users should alter this to suit
their working habits). The scheduled jobs will only take place if the PC is switched on, and if the Sweep program is running (if it is running in the background an icon should appear on the taskbar as shown).
Start the Sweep interface by clicking on ‘Start’, ‘Programs’, ‘Sophos Anti-virus’, ‘Sophos Anti-virus’ which will open the window shown to the left. Any sweep operation can be stopped or started using the large ‘Stop’ and ‘Go’ icons. The area at the bottom of the window shows a log of activity including error messages and viruses found. The ‘Immediate’ and ‘Scheduled’ tabs allow setting up of scheduled sweeps and selecting files for immediate checking, such as sweeping a suspect floppy disk.
Options can be set separately for immediate and on-demand sweeps as shown in the window to the left. These dictate how viruses are dealt with when found—the defaults should be ‘Disinfect boot sectors’, Disinfect documents’ and ‘Move infected files (to a specified directory)’. This means any viruses which cant be cleaned automatically will be moved to the specified quarantine directory, so that if they occur in a vital file a manual clean can be attempted before the file is deleted.

WHAT TO DO WHEN A VIRUS IS FOUND:

If Intercheck finds a virus as you are working, it will not allow you to access the file containing the virus. Therefore it will not allow you to open an infected document, or to run an infected program file. It will then display a warning message to this effect. If Sweep finds a virus it will display a similar message, and also add an entry to the on-screen log at the bottom of the Sweep window with the name of the virus. Hopefully Sophos will be able to deal with the majority of viruses automatically, especially if the central server installation is updated regularly. However, when a virus is found it may ask for confirmation from the user on what action to take before it cleans the virus (this is especially important in the case of program files, since cleaning them may change the file, in which case it should be deleted and replaced). It may also come across viruses which it is not possible to clean automatically, in which case it will refer you to its virus library for instructions specific to that virus. In this case you should contact your System Administrator for further assistance.

Click here to view Sophos Anti-Virus Updates
Click here to return to MT Support Index