Sophos makes anti-virus protection more manageable
- By Eric Hammond
- Jul 25, 1999
The recent high-profile outbreaks of the "Melissa" and "ExploreZip" viruses underscore the need for vigilant virus protection on every machine on an enterprise network. Vigilance is more than simply slapping a virus-protection package on a machine as it comes through the door and then forgetting about it; it means installing virus protection and ensuring that it is up-to-date and functioning properly.
Sophos Inc. offers a virus-protection solution with that requirement in mind in its Sophos Anti-Virus (SAV) product. SAV can be configured to meet a variety of needs in a variety of situations, including use on servers, clients and stand-alone machines.
SAV consists of two components—InterCheck and Sweep—that work together to provide virus protection. InterCheck ensures that every file accessed on a system is scanned for viruses by maintaining a list of virus-scanned files. If a system attempts to access a new file or one that has changed since it was scanned, InterCheck uses Sweep to scan the file for problems and then allows or denies access to the file. Administrators have a choice of three basic configurations:
* Deploying Sweep and the InterCheck server on a server and the InterCheck client on the clients. (Once installed on a server, the software can be deployed via log-in scripts to clients.)
* Deploying Sweep and InterCheck on the clients.
* Deploying SWEEP by itself to provide scanning only.
By offering this flexibility, Sophos allows administrators to pick the best configurations for their environments. You can maintain a central list of scanned files so that additional scanning on other workstations is minimized. You can offload scanning to servers to ease the burden on workstations, or vice versa. You also can deploy a stand-alone Sophos installation for machines that are not on a network.
SAV supports a wide variety of server platforms, including Microsoft Corp.'s Windows 3.1, Windows 95/98 and Windows NT, as well as Novell Inc.'s NetWare, several flavors of Unix, Compaq Computer Corp.'s OpenVMS and IBM Corp.'s OS/2. The Unix and OpenVMS versions of Sophos scan PC files stored on these systems for viruses. SAV client platforms include Windows 3.1, 95/98 and NT and Apple Computer Inc.'s Macintosh.
We configured SAV on a Windows NT server. We were able to set up SAV and get it running quickly. Although the multiple configurations of SAV can make setting it up a bit confusing, the excellent documentation and informative installer made the process simple.
After we loaded the software, Inter-Check scanned a new or changed file the first time it was accessed. After that, it would check files when they were opened again to see if the files had been changed and needed to be scanned again.
Sophos includes many options for alerting administrators to the presence of a virus. On Windows NT, these include the Event Log, Simple Mail Transfer Protocol mail and network communications. The options enable an administrator to track which viruses are found on the network and what paths the viruses are taking to get on to the network.
As new updates to Sophos become available, they can be deployed automatically to the clients on the network. This is a nice feature, but we would like to see more functionality for ensuring that clients are running Sophos. As it is, only the Windows NT version of the server will tell you which clients are running the software.If the recent outbreak of viruses has you rethinking your virus-protection strategy, Sophos' combination of ease of use and centralized management and reporting of virus protection make it worthy of your consideration.
-- Hammond is a Denver-based free-lance writer. He can be reached at firstname.lastname@example.org.
Sophos Anti-VirusSophos Inc.(781) 932-0222www.sophos.com
Price and Availability: The Sophos Anti-Virus server license is available on the open market starting at $595.
Remarks: If you're looking for an enterprise virus protection package with centralized reporting and management features, Sophos should be on your short list.