EMU-IS: Sophos Anti-Virus Software

Sophos Anti-Virus Software

EMU uses Sophos Anti-Virus to provide protection from viruses on all servers, faculty/staff, and lab computers. We regularly update Sophos with new virus definitions, allowing Sophos to detect new viruses.

Sophos works differently - "finds" virus infected files does but not "cure" them: The Sophos product works differently than most other anti-virus products in that it finds viruses but does not attempt to cure them. It will, however, prevent virus-infected files from being opened or written to disk, thereby drastically reducing the ability of a virus to spread itself.

Desktop Computers

If Sophos detects a virus infected file, you will no longer be allowed to open or view the file. Please contact the Help Desk at x4357 if Sophos tells you that you have a virus.

Sophos and other anti-virus companies have provided various utilties to aid in cleaning viruses, so if your machine is affected we will hopefully be able to "cure" it.

Network Servers

If you attempt to read an already infected file from a network drive: If a user attempts to read a file that is infected by a virus, an alert message will pop up and the file will be immediately moved to a quarantined directory on the server where it will be visible only by network administrators. See subsequent section on quarantined files.

If you attempt to write an infected file to a network drive: If a user attempts to write an infected file to a network drive a message will pop up stating that the file contains a virus. The process of writing the file to the network drive will abort and the infected file will be written, instead, to a quarantined directory on the server where it will be visible only by network administrators. For Macintosh users a second message indicating a failure to write the file may also appear (it will likely be an obscure message with a reference to '-50' with the message). If you receive the virus warning message and are unsure about what to do, call the Help Desk (x4357) for assistance.

Quarantined files: The Sophos software does not attempt to "cure" virus infected files. Instead, it identifies infected files and then either shreds (i.e. deletes) them or moves them to a quarantined area on the server visible only by network administrators. We have configured Sophos to use the "quarantine" option so that we have some idea of what files were found, where they originated and when they were found. Even though the files still exist on the server, it will be impossible to access them. If, however, the file is of extreme importance to the user and there are no other copies of the file available, there may be some "extreme" procedures available to retrieve a copy of the file from a previous backup tape on the server. Contact the Help Desk if you need to discuss this option.

Works with all computers: The Sophos software is the most widely implemented anti-virus software in Europe today. It is sold ONLY to institutions. It has been widely implemented with versions that run on many computer platforms, including Macintosh and Linux.

If you have any questions, please don't hesitate to contact the Help Desk.