Sophos Anti-Virus
By Jay
Munro
April 22, 2003
|
- Product: Sophos Anti-Virus
- Direct Price: For 25 users, support included, $1,425 per year
- Company Info: Sophos Inc., 781-973-0110, www.sophos.com
Editor Rating: 
Unlike the other companies in this roundup, Sophos focuses solely on
corporations, offering no consumer products whatsoever. The
company's suite of products for small to large businesses is
designed around the Sophos Anti-Virus engine and excels at hands-off
operation. Though it delivers all the pieces you need for corporate
virus protection, it doesn't offer much in the way of control or
reporting options for administrators.
Sophos sets itself apart by sending a monthly CD containing not
only the latest virus definitions but product updates, too. Interim
updates and software are available from the company's Web site. It
also differentiates itself with free phone support. Consulting
services are available at extra cost. Documentation is also
superior, with a detailed booklet for each product.
The basic scanner for both server and desktop, Sophos Anti-Virus
(SAV) configures itself automatically, and it was tied for first
place on our performance degradation test. Installing SAV on a
server limits it to on-demand scanning—a performance decision.
Compared with Symantec's on-access scanner, the Sophos scanner
has few configuration choices. Patented InterCheck technology uses
pattern scanning and file checksums to recognize clean files on
repeated scans, which speeds up scanning over time. A big perk is
that all your employees can use Sophos Anti-Virus at home for no
extra charge.
SAVAdmin does a good job at central monitoring and deployment,
giving you a tree view of the network, a live status report of
installed software, task scheduling, and remote management. A
spreadsheet view lets you quickly see software and definition-file
versions and a Central Install Directory (CID) for each workgroup or
domain. SAVAdmin lets you install or update software, force virus
scans, or modify the CID. Reporting, however, is minimal: You can
either view log files or copy and paste them to a text editor.
There's no central alert mechanism.
Working with SAVAdmin, the Sophos Enterprise Manager is an MMC
(Microsoft Management Console) 1.2 snap-in that handles housekeeping
duties for the CID. It watches for new versions on the Sophos Web
site and downloads them to the Central Installation Directory.
Sophos MailMonitor for Exchange 2000 provides both real-time and
on-demand virus protection for e-mail servers. You can add custom
text tags to the subject line of scanned, cleaned, infected, or
encrypted e-mail. The module's Quarantine manager lets
administrators disinfect, delete, or deliver infected files, or send
them to the Sophos labs. Getting MailMonitor up and running was
somewhat irksome. We had to add it manually to the MMC interface and
create a shortcut. But the installation guide clearly explains how
to do this.
MailMonitor for SMTP is a mail relay for scanning on generic mail
servers. New to this version is improved protection from third-party
mail relaying, corrupted mail messages, mail bombs, or ZIP files of
death (archives that decompress to an enormous size and deplete disk
space). Installation is quick using the wizard, but ease stops
there. You have to configure relayed local domains and enable the
database by editing configuration files.
Sophos takes a bare-bones approach. Designed for set-and-forget
installation with few configuration options, Sophos Anti-Virus will
frustrate adminstrators looking for more control over their
environments. Scant logging and reporting, the absence of a
Web-based interface, and separate management consoles are further
drawbacks. But the included unlimited technical support and free
home-use licenses are welcome perks.
