Sophie is a daemon which uses 'libsavi' library from Sophos anti-virus vendor. On startup, Sophie initializes SAVI (Sophos Anti-Vi
Sophie is a daemon which uses 'libsavi' library from Sophos anti-virus vendor.
On startup, Sophie initializes SAVI (Sophos Anti-Virus Interface), loads virus patterns into memory, opens local UNIX domain socket, and waits for someone to connect and instructs it which path to scan. Since it is loaded in RAM, scanning is very fast. Of course, speed of scanning also depends on SAVI settings and size of the file.
Sophie was initially created for use with Virge, a mail virus/attachment scanning tool. Because of that, not all SAVI features are implemented in Sophie. My intention was not to create a tool that does the same job as sweep (Sophos tools), but to make fast and efficient tool that can detect virus - but not remove it or make XLS report on it (heh - this was a stupid joke, I presume ;).
At this point, some of the features (that have been requested) are implemented. Some are not, and might never be. So, please, when asking me to add things in Sophie, keep in mind that Sophie was created for Virge, not to be used as a virus scanning tool for a workstation.
This is how Sophie works:
Initializes SAVI inteface, and loads virus patterns
Creates a local UNIX socket (/var/run/sophie, by default)
Waits for someone to connect to the socket, and send path(s) on the local filesystem which need to be scanned
Sophie then forks a process, scans the path(s), and if virus is found, it stops scanning and returns result (1:virusname)
If no viruses were found, it just returns 0
Sophie then goes back to sleep...
Since virus patterns are always in memory, scanning is fast (fast in 'startup', not fast in 'execution' :) and takes much less resources. For one 'run', it probably doesn't make a difference if you will use Sophie of Sweep. However, if you have a program (local mail delivery agent, for example) that needs to scan every few seconds/minutes - things are way different.
The 'difference' I am talking about is not in scanning itself - when scanning is in progress, Sophie is little involved in it. Scanning speed depends on the SAVI setup, and on the size of the file being scanned (and if it is an archive, there might be hundreds, even thousands of files inside). However, the initialization of the engine is what count in this case.
What's New in This Release:
tags virus patterns are implemented scanning tool created for tool that sophie then sophie savi etc sophie sophie was with savi savi settings loads virus initializes savi
Download Sophie 3.04rc2
Other software in this category
- Desktop Environment
- Science and Engineering
- Text Editing&Processing