This is a plugin for the free command line interface of Sophos Anti-Virus. Included is an integrated updater, so you do not have to burn a new CD everytime for updates.
Source code of the AU3 files used in this plugin are included with the download. Please provide me proper credit if you decide to change any of my work.
I would love to hear about what you have changed or any comments/suggestions you may have.
- Updating IDEs is based on the CLI version. Sophos says they do not provide IDE updates for CLI versions greater then three months old. This plugin currently parses the CLI's readme file for the CLI version.
- You will need network support enabled to download IDE updates in BartPE.
- The "Auto ..." start menu selections/command line parameters will use the Default Scan profile.
- It is best to keep location/exclusion/extension statements simple. Combining too many different statements in one scan may lead to different results then expected. You'd be better to have multiple scans.
- When using SophosAV.exe in BartPE to add location/exclusion/extension statements, the program will check if the drive/file/folder statement returns anything. If nothing is returned, you will be asked if you want to really add it to the list.
- If a file is infected more than once (either with different viruses, or several cases of the same virus), you might need to run multiple scans to disinfect all virus infections.
- Using the Delete option with the Automatically clean up option could delete a file which could have been cleaned.
- Take care when removing files with an 'all files' scan. You might remove mailboxes with one infected email in them, or archive files containing only one infected file among many others.
- When you enable Scan all files, no extensions will be excluded, even if you do add them to the list.
- Scan inside archives must be enabled to scan any files inside archives, even if Scan all files is enabled.
- If the Scan specific locations option is enabled, and no locations are listed, Sophos will scan the entire computer.
- The MBR Scan only uses the options 'Ask for confirmation...' and 'Automatically clean up...' if they are checked.
- Default executable extensions scanned (July 2009): ASP, EXE, CHM, COM, SYS, OV?, DLL, DOC, DOT, XL?, CPL, SCR, 386, 3GR, FON, FOT, DRV, FLT, MOD, MSO, VXD, OCX, PDR, MPD, IFS, ADD, DMD, I13, PPT, PPS, POT, VB?, INI, MPP, MPT, HLP, HTA, HT?, SRC, SHS, SHB, PRC, HTML, PIF, WBK, LNK, BAT, SH, PL, EML, NWS, RTF, DBX, PDF, SWF, JS, JSE, CMD, ZIP, WSF, VS?, JPEG, JPG, WMF, CAB, XSN, ASX, JPZ, ANI, INF, MUI, DOCM, DOCX, PPTM, PPTX, XLSM, XLSX, WMA, PHP, No Extension
Default archive types supported (July 2009): ARJ, Z, TAZ, GZ, TGZ, RAR, TAR, ZIP, JAR, CAB, XSN, LHA, LZH, ??_, EXE, BIN, HQX, UUE, BZ2, TBZ, TBZ2, CHM, HXS, RPM, A
- Add the plugin through PE-Builder.
- Config the plugin through PE-Builder -- This will download and extract the newest Command Line Interface (~12mb) and Virus Identities (~600kb) to proper locations.
- Before closing the Config window, use the tool to edit the Default Scan settings to your preferences. You may also create additional scan profiles with this tool.
- Make sure the plugin is enabled in PE-Builder.
- Build and burn your CD!
July 19, 2009