Sophos PTY Ltd. is an IT security company specialising in anti-virus products based in the UK. It is the only company in its class to maintain an active anti-virus team 24 hours a day through rolling shifts across its high tech laboratories in the USA, Canada, Australia, France, Japan, Germany, Italy and Hong Kong. Through their VoIP network they are also able to maintain a 24 hour technical helpdesk, to which calls are free to all licensed customers.

Because of their round-the-clock vigilance, and thousands of high tech honeypot servers designed to catch new viruses as they creep across the Internet, they are frequently the first to identify and protect against new threats.

The reason you probably havent heard of them is because they have no retail product. Sophos deals exclusively to corporate consumers through its channel partners, like my company.

Their flagship product, aptly named Sophos Anti-Virus, runs on many platforms unsupported by other companies, including Linux, Solaris, HP-UX, and Mac OS. On these platforms their products are able to identify and remove native viruses as well as ones built for other platforms. This prevents a Mac OS user from forwarding a virus to a Windows user and infecting them.

Although the user interface for Sophos Anti-Virus looks like something out of the eighties, this isnt important as SAV is primarily meant to be admined through a management product called SAV Admin. This is an exceptionally powerful and flexible management product as it allows system administrators to deep customise their configurations to radically change their behaviour, while allowing them to perform a silent install remotely. SAV Admin acts in tandem with another application called Enterprise Manager, which is used for managing the update process. A third application, SAV Reporter produces a nice zeitgeist.

What truly sets Sophos over and above the rest is their powerful SAV Interface, which is a freely available API developers can use to interface with the anti-virus engine to leverage its already powerful features. Being free, this has resulted in several very powerful open source products (including Sophie) that employ virus scanning technologies in non-standard ways, for instance in content filtering and mail scanning. You do require a licensed copy of SAV in order to use the SAVI, however Sophos are a nice bunch of people and dont mind a few geeks downloading the evaluation version and never registering. They encourage open source development, but dont provide support for SAVI beyond the application reference pages provided on their excellent web site. We use SAVI in our custom mail filtering product.

Sophos have their own product for mail filtering called PureMessage. PureMessage is written in ActivePerl and runs on Windows and Unix platforms. (Sophos purchased ActiveState and created a new team dedicated to their spam filtering software inside ActiveState's Vancouver offices.) It also uses propreitary hooks to integrate with groupware solutions like the evil Microsoft Exchange. PureMessage, like SpamAssassin, uses a complex set of rules to produce a 'score' for each item of potential spam, and has a powerful frontend for dictating what to do with an item tagged as such.

The default behaviour for PureMessage when it tags an item as spam is to quarantine it. Each day, it well send each user a digest outlining what items they have in quarantine that are pending their inspection. A user then connects to a web site served off the machine where PureMessage is running. The user then tells the server which message s/he would like delivered and which should be deleted as spam. The server updates its bayesian filtering rules based on the users choice. If enabled, it will send a copy of any false positives (or negatives) to the company's spam team so they can update the global ruleset.

Sophos products have less overhead and a faster turnaround time for updates than their competitors (specifically Symantec.) Their updates are also significantly smaller, but more frequent, than other companies. Our MTA has been the first to catch several new e-mail worms and each time a new IDE has been released by Sophos within hours of us submitting it. I strongly reccomend Sophos to any enterprise seeking a scalable anti-virus solution, or to any geek wanting a decent anti-virus engine to implement into his or her project.

web site: