./configure 'CFLAGS=your flags'
PATHyou may need to provide some options manually.
-rwxr-x--- root sweep /usr/local/sbin/get_ides.sh
This description assumes
are the user and group name
used by sophos and courier. It also assumes that /usr/local/sbin/get_ides.sh
is hardcoded in
run_get_ides, as is by default. Then you need to add the
setuid bit to the other two executables. Some minimal
-rwsr-x--- root courier /usr/local/bin/run_get_ides -rwsr-xr-x courier courier /usr/local/sbin/avfilter_sig
Edit .mailfilter of the alerts' recipient
getting inspiration from the distributed
etc/dotmailfilter. Using -D uid/gid (with
the numbers you get from
id sweep) run_get_ides will
set the given values as soon as it has read the command line options.
It has to be root for doing that.
It will then run
get_ides.sh, which will run a copy
of itself via
lockmail. If updates are available, the
copy will finally run
avfilter_sig, which needs the
permission in order to signal
Test the above works by sending a message to the alerts' recipient.
run_get_ides writes critical errors on the mail syslog when it cannot run. Errors that don't depend on local setup are written in the message subject and body.
UPDATE v2.8: Sophos' updatealert seems to still allow subscriptions. However, they don't send alerts. The knowledgebase article that used to explain how that list works, article/31130.html, has gone. The article for non-Windows updates, article/10378.html, is outdated, as it mentions unexisting IDE digests. I'd advise non-Windows users to look for another AV provider.
run_get_ides from a cron job seems to work. The
-s 304 switch is new of version 2.8,
to skip any reporting in case the result is "304: not modified". For example, in a crontable entry like so:
# check sophos every 30 minutes (sophos/sophos = 123/456: run `id sophos` to find out) */30 * * * * root /usr/local/bin/run_get_ides -t 600 -D 123/456 -s 304 noretry >> /some/daily/report
avfilter.conf; install should leave any existing file unchanged and only put
avfilter.conf.dist. Since version 2.5 the
mode = allflag is specified in the configuration file.
filterctl start avfilter
get_ides.sh new. The virus database version is cached, so you need the new parameter to initialize it, as well as after upgrading
make install delivers the following:
bindir-whatever you configured it to be,
run_get_ides-utility to run
sbindir-whatever you configured it to be,
avfilter_sig-utility to send a signal to avfilter
courier/etc/filters-the actual name depends on courier configuration
avfilter.conf.dist-the proposed configuration
avfilter.conf-unaltered if already exists
courier/libexec/filters-the actual name depends on courier configuration
avfilter-the filter executable
A daily cleanup job should include purging mail for users that don't do it themselves. The alert user is one of those, which is why this topic is here. The following example makes several assumptions: just grab the idea and suit it to you needs.
# set DAYS HOMEDIR pairs set \ 365 example.com/user1 \ 15 example.com/user2 while test $# -gt 1 do DAYS="$1" NEWMAILDIR="/path/to/homedirs/$2/Maildir/new" if [ -d "$NEWMAILDIR" ]; then find "$NEWMAILDIR" -type f -mtime +$DAYS \ -name '*servername*' -print0 |\ xargs -0r rm -f fi shift 2 done
Please check Sophos documentation for running
-so option for linking.
You don't need InterCheck to run avfilter, so you may also
-ni -nidc unless you want it for some other reason.
Note on glibc version: glibc is obviously the GNU libc.
libc5 was not GNU; glibc 2.0 was the first
GNU libc on Linux and it has been called libc6 for coherence.
You may run
libc.so.6 as an executable to learn
its GNU version number,
which is probably above 2.2.
When you install a new version, you're not actually overwriting the shared library, but installing a new one. (Very old libraries are deleted by SAV
install.sh.) Therefore you may install it while avfilter is running, but you must then stop and re-start avfilter to make it link with the new library. The sequence of commands might be as follows:
./install.sh -so and whatever other options
courierfilter startto restart filtering
get_ides.sh newto get updates for the new virus database
courierfilter stop, receiving new mail is deferred with the
423 Mail filters temporarily unavailable response until
courierfilter starts again. Note that when
courierfilter start returns, the filters are guaranteed to have completed their installation, which for avfilter includes loading the virus data base. See
courierfilter(8)for further details.
Your mileage and your objectives may vary. Every few months, you should also run
avfilter --config to learn about new options that Sophos may have introduced and add any to