Sophie is a daemon which uses 'libsavi' library from Sophos anti-virus vendor.
On startup, Sophie initializes SAVI (Sophos Anti-Virus Interface), loads virus patterns into memory, opens local UNIX domain socket, and waits for someone to connect and instructs it which path to scan. Since it is loaded in RAM, scanning is very fast. Of course, speed of scanning also depends on SAVI settings and size of the file.
Sophie was initially created for use with Virge, a mail virus/attachment scanning tool. Because of that, not all SAVI features are implemented in Sophie. My intention was not to create a tool that does the same job as sweep (Sophos tools), but to make fast and efficient tool that can detect virus - but not remove it or make XLS report on it (heh - this was a stupid joke, I presume ;).
At this point, some of the features (that have been requested) are implemented. Some are not, and might never be. So, please, when asking me to add things in Sophie, keep in mind that Sophie was created for Virge, not to be used as a virus scanning tool for a workstation.
This is how Sophie works:
Initializes SAVI inteface, and loads virus patterns
Creates a local UNIX socket (/var/run/sophie, by default)
Waits for someone to connect to the socket, and send path(s) on the local filesystem which need to be scanned
Sophie then forks a process, scans the path(s), and if virus is found, it stops scanning and returns result (1:virusname)
If no viruses were found, it just returns 0
Sophie then goes back to sleep...
Since virus patterns are always in memory, scanning is fast (fast in 'startup', not fast in 'execution' :) and takes much less resources. For one 'run', it probably doesn't make a difference if you will use Sophie of Sweep. However, if you have a program (local mail delivery agent, for example) that needs to scan every few seconds/minutes - things are way different.
The 'difference' I am talking about is not in scanning itself - when scanning is in progress, Sophie is little involved in it. Scanning speed depends on the SAVI setup, and on the size of the file being scanned (and if it is an archive, there might be hundreds, even thousands of files inside). However, the initialization of the engine is what count in this case.
What's New in This Release:
· etc/sophie.savi is now set with SAVI default. Names/values are set as to default SAVI settings from SetConfigDefaults(pSAVI) call.
· 28 new SAVI options added to etc/sophie.savi file. Options were taken with SAVI 3.77.
· Check for nanosleep before including rt library
· "Grp" options fix in sophie_init.c. Thanks to Markus Stumpf for spotting it.
Product's homepage
Find us on Google+
