Yeah I do... I've never seen it disinfect a virus, the only option you have
is to move or delete any infected files.

The default setup does not do anything once a virus is found, and I don't
know if it does anything about the registry modifications viruses make.

I think its a poor program, yet they claim to have won many awards




"Frog" <FrogRemailer@bigfoot.com> wrote in message
news:Z474JH4D38134.3483796296@Gilgamesh-Frog.org...

"Billy K" <billycomp@hotmail.com> wrote in message
news:40b5b818@news.comindico.com.au...
It's my opinion that Sophos is a excellent AV product. Especially when
used for it's primary purpose of detecting viruses. As for disinfecting
viruses I can only offer that I do not subscribe to this philosophy. If
it's a virus, it's deleted. Plain and simple. No chances are taken.

According to an article on Sophos' website.

Independent research and test centre West Coast Labs has awarded Sophos
Anti-Virus for Windows (NT server, XP Professional and 2000 platforms),
version 3.79, its highest anti-virus certification: Anti-Virus Checkmark
Level 2. The award demonstrates Sophos's excellence in detecting and
disinfecting all known in-the-wild viruses.

http://www.sophos.com/companyinfo/ne...ckmark379.html


--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Mate, the guy who sang the praise of Sophos must have been a Greek... Sorry
mate but I am far from convinced the product does it's job.

The product does not protect my work environment from any viruses. I should
know because I sit there setting it up and am bewildered that viruses are
still hitting my environment.

I have AVG free edition installed and this detects viruses yet SOPHOS sits
there like a fat technician chomping on donuts !!!

Any technician recommending this product really needs to try something free
like AVG just to see how badly they are being jarded!!







"An Metet" <anmetet@freedom.gmsociety.org> wrote in message
news:d2c88f5b0abd8b35894754fc94dd226a@anonymous.po ster...

"Billy K" <billycomp@hotmail.com> wrote in message
news:40b6e61a$1@news.comindico.com.au...
Though I am not Greek may I suggest that you ensure that you are running
the latest SAV and signatures? As of fifteen minutes ago the current
SAV is 3.81 with 90301 signatures.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Sorry for before, I'm just an admin who is honestly very disapointed with a
product.

I work in an envirnoment that deals with other International firms mainly in
Asia. We use Sophos anti-virus on servers and clients. All updates come
through automatically from a share which is updated as soon as any updates
become available. We definately run current updates.

Every major virus to hit the net, we get it. Your right though, Sophos
detect all of these, however fails to deal with the virus accordingly.
Having the file deteled, moved, shredded, copied and etc is not really a
fantastic option. My question is, how do these files become infected in the
first place if Sophos was doing it's job.

We have a concern that Sophos will one day delete some important document
because we have it set to delete viruses. In the environment I work in we
get multiple viruses a week, we have to keep it on the highest possible
setting.

The disinfect option is just there for good looks. I've never had a file
disinfected. The interface with the 3 modes, Immediate, Scheduled, and IC
client is just not practicle. The same configuration must be made 3 times.

The SAV administration tool is OK, gets the IDE updates out there, but this
must be the only reason large organisations use SOPHOS. It does have easy
deployment.








"Don Kelloway" <dkelloway@commodon.com> wrote in message
newsmNtc.2929$Yd3.1129@newsread3.news.atl.earthl ink.net...

"Billy K" <billycomp@hotmail.com> wrote in message
news:40b8578f$1@news.comindico.com.au...
Every virus will get through a reactive virus scanner sooner or later.

If things are as bad as you say, you should maybe be looking at why you are
at such a high risk. No virus scanner is going to stop viruses, only
mitigate the damage and contain them.

Leythos wrote:

I am getting a bit fed-up with Leythos' "advice". In the best case it is off
topic (the OP was asking about Sophos, not opinions on security in
general), now it's outright misleading.

By definition a firewall has no mail filtering function. What you describe
above is an SMTP proxy + anti-virus filtering. They'll both work fine
without any firewall whatsoever, exactly as any firewall will work without
any proxies being involved.

Unfortunately an SMTP proxy will be effective only if you make sure your
users have no access to ANY other mail servers - which PHBs are less than
likely to accept ("I occasionally absolutely unconditionally NEED to look
at my private HotMail/AOL/Whatever account!").

In my experience Norton has repeatedly failed to identify viruses. Even
worse, their way of filtering mail raises serious questions about data
security and confidentiality. There are enough good anti-virus programs
that will update automatically (or on command) and filter well without
passing your confidential information through Symantec's servers, not to
mention their outrageous subscription fees.

BTW - in a proxy role Sophos can be quite effective: after all what you need
is just to identify the presence of a virus (in order to block the
attachement/message), not clean it.

Just means you were lucky. No anti-virus can catch 100% for the simple
reason that a virus needs to be seen and analysed before a signature can be
defined. Anyone who _guarantees_ to block 100% of incoming stuff is a good
candidate for buying prime beach-front property in northern Mali.

All of this completely ignores the at least as serious issues of worms and
trojans - which most anti-virus programs (including your beloved NAV) will
not identify at all.

At last some reasonable advice: do not allow indiscriminate outgoing
connections (your users will scream bloody murder at this point: "Are you
out of your mind? No IM and no Kazaa?"), use a filtering proxy for outgoing
HTTP, disable all ActiveX (again a less than popular thing), disable
executable content (HTTP downloading).
--
Mailman

"Billy K" <billycomp@hotmail.com> wrote in message
news:40b8578f$1@news.comindico.com.au...
Though I understand what you're saying, I can't offer any comment other
than to say that I do not subscribe to the philosophy of fixing virus
infected attachments. If it's a virus, it's deleted. Plain and simple.
My reasoning behind this is that I only rely on an AV product for it's
detection abilities and nothing more.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

I work for a reseller of Sophos antivirus (not going to mention any names).
I use it day in day out at lots of different companies, varying in size.

And yes, its hopeless:
a) The program itself - server and client - are very unstable, they crash a
lot, having problems updating, are a nightmare to fix when they go wrong,
and generally not reliable enough.
b) As for its detecting virusses, it appears to get most but ONLY it is up
to working and up to date - the problem is it fails so often that you
generally find virusses find their way into your network. (By the way there
is a setting to scan 'normal' or 'extensive', i always set it to extensive,
but the default - 'normal' might not pick them all up)
c) When you install it, BY DEFAULT it doesnt take any action when it finds
a virus. It finds it, tells you about it, and does nothing. True you can
change a setting so it either deletes, shreds, or moves it, but this is a
pain if you have more than say 10 PCs. There is an option to change it from
the server console on the corporate edition but guess what - it rarely
works!!
d) The virus signatures (defininitions in NAV terms) only update once a
month, compared to all the other antivirus products that seem to update each
week or more.
e) Sophos technical support are rubbish, usually after 45 minutes on the
phone, we give up with them and e v e n t u a l l y fix the problem
ourselves.





"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b22f610d02f7a8498a5a0@news-server.columbus.rr.com...

From: "m" <mattd_email@yahoo.co.uk>

| I work for a reseller of Sophos antivirus (not going to mention any names).
| I use it day in day out at lots of different companies, varying in size.
|
| And yes, its hopeless:
| a) The program itself - server and client - are very unstable, they crash a
| lot, having problems updating, are a nightmare to fix when they go wrong,
| and generally not reliable enough.


Depends upon how stable the PC is/was when the software was installed. In all the years I
have monitored AV News groups, yours is the first real Sophos complaint while have read
gundreds on NAV.


| b) As for its detecting virusses, it appears to get most but ONLY it is up
| to working and up to date - the problem is it fails so often that you
| generally find virusses find their way into your network. (By the way there
| is a setting to scan 'normal' or 'extensive', i always set it to extensive,
| but the default - 'normal' might not pick them all up)


Many AV software are configurable. For example, all file type or selected file types and
scan archive files. Both settings can influence teh catch rate of the AV application.


| c) When you install it, BY DEFAULT it doesnt take any action when it finds
| a virus. It finds it, tells you about it, and does nothing. True you can
| change a setting so it either deletes, shreds, or moves it, but this is a
| pain if you have more than say 10 PCs. There is an option to change it from
| the server console on the corporate edition but guess what - it rarely
| works!!


YMMV -- you experience tthis, other may not.


| d) The virus signatures (defininitions in NAV terms) only update once a
| month, compared to all the other antivirus products that seem to update each
| week or more.


Not True. There is an a engine update per month and daily (and I can tell if it is done
multiple times per day) there are WEB IDE updates.


| e) Sophos technical support are rubbish, usually after 45 minutes on the
| phone, we give up with them and e v e n t u a l l y fix the problem
| ourselves.


When NAI bought McAfee their support went down the tubes. Now that McAfee has sold of the
Sniffer didvision and is cconcentrating on core compentenbcies, their support is improving.
Symantec's support has always SUCKED ! Actually, good support is hard to find and in short
supply these days.

Dave

PS: If you /*REALLY*/ want to discuss this, post your findings in; alt.comp.virus



| "Leythos" <void@nowhere.com> wrote in message
| news:MPG.1b22f610d02f7a8498a5a0@news-server.columbus.rr.com...


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"m" wrote:

I don't agree.

Mine has never crashed. However, they've recently updated the whole
software package and I don't know how this performs. I'm still using
the 3.x version which is supported until the end of the year.

Same can be said for all AV progs.

Well it seems to work well enough on our network with thousands of PCs,
but we also have other protection in place like stripping executables
from email. I can only recall one infection (localised and quickly
dealt with) in some years.

No. they're updated as and when necessary, often several times a day.

Can't speak for phone support, but whenever I've sent fresh malware
samples by email they've responded quickly by sending me a definition
file (IDE).

m wrote:
We used it for over 4 yrs now - it never crashed our server!

The virus detecter is only as good as the latest "signature" - same for
ALL virus buster!!

There are reasons for doing it - this is where the system administrator
comes in!

Please read your manual or call Sophos! Our "signature" file is updated
every hour (if there is one - system checks the Sophos server for
updates, and they do work 24 hours!)
Are you in change of the system, or you just a user? Someone in "your"
work place needs to have their skills updated!