Sophos Anti Virus 5 Users Manual For Windows 2000/XP/2003 User
2015-02-06
: Sophos Sophos-Sophos-Anti-Virus-5-Users-Manual-527898 sophos-sophos-anti-virus-5-users-manual-527898 sophos pdf
Open the PDF directly: View PDF .
Page Count: 72
User manual
Sophos Anti-Virus 5.0 for Windows 2000/XP/2003
Document version 1.0
Sophos Anti-Virus for Windows 2000/XP/2003
About this manual
This user manual explains how to use Sophos Anti-Virus for
Windows 2000/XP/2003, and how to configure
•virus scanning
•virus alerts
•disinfection
•logging
•updating.
The manual also provides help in resolving common problems.
Contents
About Sophos Anti−Virus.....................................................................................1
What is Sophos Anti−Virus?.........................................................................1
Sophos Anti−Virus window...........................................................................1
Sophos Anti−Virus system tray icon.............................................................3
What is on−access scanning?......................................................................3
What is an on−demand scan?......................................................................3
What is a right−click scan?...........................................................................4
Checking the computer is protected...................................................................5
Checking protection is on..............................................................................5
Turning protection on or off for the computer................................................5
Scanning items on demand..................................................................................7
What is an on−demand scan?......................................................................7
Scanning local disks.....................................................................................7
Setting up a scan..........................................................................................8
Scheduling a scan.........................................................................................9
Running a scan...........................................................................................10
Editing a scan.............................................................................................11
Scanning a single item.......................................................................................14
Scanning a single item................................................................................14
Restricting access rights....................................................................................15
Types of user..............................................................................................15
Changing membership of Sophos user groups...........................................16
Changing settings for multiple users................................................................17
Changing settings for all computers............................................................17
Changing settings for all users on the computer.........................................17
Configuring scanning.........................................................................................18
Changing types of file scanned...................................................................18
Excluding items from scanning...................................................................20
Changing when on−access scanning occurs..............................................23
Scanning inside archive files.......................................................................24
Scanning Macintosh files............................................................................27
Scanning all files.........................................................................................30
Configuring alerts...............................................................................................35
Desktop messaging....................................................................................35
Email alerting..............................................................................................36
Event logging..............................................................................................38
SNMP messaging.......................................................................................40
Sophos Anti−Virus for Windows 2000/XP/2003
Logging................................................................................................................42
Viewing the log for this computer................................................................42
Configuring the log for this computer..........................................................42
Viewing the log for an on−demand scan.....................................................43
Updating...............................................................................................................45
Updating immediately.................................................................................45
Setting up automatic updating....................................................................45
Setting a source for updates.......................................................................47
Setting an alternative source for updates...................................................48
Scheduling updates....................................................................................49
Updating via a proxy server........................................................................50
Limiting the bandwidth used.......................................................................51
Logging updates.........................................................................................52
Disinfection..........................................................................................................54
What is disinfection?...................................................................................54
Getting disinfection information...................................................................54
Setting up automatic disinfection................................................................55
Disinfecting on demand..............................................................................57
Disinfecting with a right−click scan.............................................................58
Recovering from virus side−effects.............................................................59
Managing quarantine items................................................................................60
What is Quarantine manager?....................................................................60
Dealing with viruses in quarantine..............................................................60
Configuring user rights for Quarantine manager.........................................62
Troubleshooting..................................................................................................64
System tray icon has a white cross.............................................................64
System tray icon is greyed out....................................................................65
Virus not disinfected....................................................................................65
Virus fragment reported..............................................................................66
Unable to access disk with infected boot sector.........................................66
Unable to access areas of Sophos Anti−Virus............................................67
Getting further help.....................................................................................67
Sophos Anti−Virus for Windows 2000/XP/2003
About Sophos Anti−Virus
This section includes the following.
What is Sophos Anti−Virus?• Sophos Anti−Virus window• Sophos Anti−Virus system tray icon• What is on−access scanning?• What is an on−demand scan?• What is a right−click scan?•
What is Sophos Anti−Virus?
Sophos Anti−Virus is software that detects viruses, worms and Trojans on your
computer or network. It can also disinfect infected items. In particular, it can
check each file you access for viruses• scan your computer or network for viruses• eliminate viruses• alert you when it finds a virus• keep a log of its activity• be updated to detect the latest viruses.•
Sophos Anti−Virus can be used in two ways:
via the Sophos Anti−Virus window• via the Sophos Anti−Virus system tray icon.•
Sophos Anti−Virus can perform three types of scanning:
on−access• on−demand• right−click.•
Sophos Anti−Virus window
To open the Sophos Anti−Virus window, right−click the Sophos Anti−Virus
system tray icon to display a menu.
Select Open Sophos Anti−Virus. The components of the window are described
below.
1
Toolbar
This contains buttons for getting help and navigating between the pages in the
right−hand pane of the Sophos Anti−Virus window.
Status
This contains the status of on−access scanning, the number of items in
Quarantine, the last time Sophos Anti−Virus was updated and the product version
number.
Help and information
This enables you to contact Sophos technical support, and access help with
Sophos Anti−Virus and information on viruses. To see more detailed information
about your version of Sophos Anti−Virus and your computer, click View product
information.
Activity summary
This appears when you run a scan, and contains information about any viruses
found.
Sophos Anti−Virus for Windows 2000/XP/2003 About Sophos Anti−Virus
2
Home page
This is displayed in the right−hand pane when you open the Sophos Anti−Virus
window. It includes the task list and the Available scans list. As you use the
Sophos Anti−Virus window, the content of the right−hand pane may change.
You can return to the home page by clicking the Home button.
The task list is displayed at the top of the home page. It enables you to scan local
disks, set up scans, manage infected items and configure Sophos Anti−Virus.
The Available scans list lists the scans that have been set up. From here, you
can run, edit or delete each scan, and view a summary of what happened the last
time the scan was run.
Sophos Anti−Virus system tray icon
The Sophos Anti−Virus system tray icon is always displayed, even if the Sophos
Anti−Virus window is closed. The appearance of the icon changes depending on
whether on−access scanning is active, whether Sophos Anti−Virus is updating
and whether Sophos Anti−Virus updated successfully last time.
If you pass the mouse over the icon, the tool tip displays the last time Sophos
Anti−Virus was updated.
If you right−click the icon, a menu is displayed. From here, you can
update Sophos Anti−Virus• configure updating• check the progress of an update• open the Sophos Anti−Virus window.•
What is on−access scanning?
On−access scanning intercepts files as they are accessed, and grants
access to only those that are virus free.
What is an on−demand scan?
An on−demand scan is a virus scan of the computer, or parts of the
computer, that you can run immediately or schedule to run at another time.
Sophos Anti−Virus for Windows 2000/XP/2003 About Sophos Anti−Virus
3
What is a right−click scan?
A right−click scan is a virus scan of selected item(s) in Windows Explorer,
that you can run by right−clicking the selection to display a menu, and
selecting Scan with Sophos Anti−Virus.
Sophos Anti−Virus for Windows 2000/XP/2003 About Sophos Anti−Virus
4
Checking the computer is protected
This section includes the following.
Checking protection is on• Turning protection on or off for the computer•
Checking protection is on
The computer is protected by on−access scanning.
On−access scanning intercepts files as they are accessed, and grants
access to only those that are virus free.
When on−access scanning is active, a blue shield is displayed in the system tray.
When on−access scanning is inactive, the shield is grey.
The status of on−access scanning is also indicated in the Sophos
Anti−Virus window under Status.
If your computer is on a network, on−access scanning has probably already been
configured. However, if you want to change the settings, refer to Configuring
scanning.
Turning protection on or off for the computer
If you turn protection off, Sophos Anti−Virus does not scan files that you
access for viruses.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
Click On−access scanning.2.
In the On−access scan settings for this computer dialog box, click the
Scanning tab.
3.
To turn on−access scanning on for the computer, select Enable
on−access scanning for this computer, and click OK. The Sophos
Anti−Virus system tray icon turns blue.
To turn on−access scanning off for the computer, deselect Enable
on−access scanning for this computer, and click OK. The Sophos
5
Anti−Virus system tray icon turns grey.
In the Sophos Anti−Virus window, the Status menu is updated.
Sophos Anti−Virus retains the settings you make here, even after you reboot
the computer. If you have turned on−access scanning off, it remains inactive
until you turn it on again.
Sophos Anti−Virus for Windows 2000/XP/2003 Checking the computer is protected
6
Scanning items on demand
This section includes the following.
What is an on−demand scan?• Scanning local disks• Setting up a scan• Scheduling a scan• Running a scan• Editing a scan•
What is an on−demand scan?
An on−demand scan is a virus scan of the computer, or parts of the
computer, that you can run immediately or schedule to run at another time.
Scanning local disks
To run a scan of all disk drives, including boot sectors, on the computer, do as
follows.
In the home page of the Sophos Anti−Virus window, click Scan local disks.
A progress dialog box is displayed and the Activity summary appears in the
Sophos Anti−Virus window.
If any viruses are found, click More and refer to Disinfection.
To stop scanning, click Stop scan.
For information on setting up, scheduling, running and configuring a scan, refer to
the rest of this section and Configuring scanning.
7
Setting up a scan
In the home page of the Sophos Anti−Virus window, click Set up a new
scan to display the scan setup page.
1.
In the Scan name text box, type a name for the scan.2.
In the Items to scan panel, select the drives and folders you want to scan.
To do this, click the check box to the left of each drive or folder. To learn
about the icons that appear in the check boxes, refer to Representation of
items to scan.
Drives or folders that are unavailable (because they are offline
or have been deleted) are displayed in a strikethrough font.
They are removed from the Items to scan panel if they are
deselected or there is a change in the selection of their parent
drive or folder(s).
To configure the scan further, click Configure this scan. (Refer to
Configuring scanning for more information.)
To schedule the scan, click Schedule this scan. (Refer to Scheduling a
scan for more information.)
You can't manually run a scan that you have scheduled. Scheduled
scans are displayed in the Available scans list with a clock icon.
Click Save to save the scan or Save and start to save and run the scan.
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
8
Representation of items to scan
In the Items to scan panel, different icons are displayed in the check box next to
each item, depending on which items will be scanned. These icons are shown
below with explanations.
The item and all sub−items are not selected for scanning.
The item and all sub−items are selected for scanning.
The item is partially selected: some sub−items are not selected for scanning.
The item and all sub−items are excluded from this particular scan.
The item is partially excluded: some sub−items are excluded from this particular
scan.
The item and all sub−items are excluded from all on−demand scans, because of
an on−demand exclusion that has been set up.
Scheduling a scan
To schedule a scan that you are setting up or editing, do as follows.
You can't manually run a scan that you have scheduled. Scheduled scans are
displayed in the Available scans list with a clock icon.
In the right−hand pane of the Sophos Anti−Virus window, click Schedule
this scan.
1.
In the Schedule scan dialog box, select Enable schedule.2.
Select the day(s) on which the scan should run.
Add the time(s) by clicking Add.
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
9
If necessary, remove or edit a time by selecting it and clicking Remove or
Edit, respectively.
Type a user name and password. The scheduled scan runs with the
access rights of that user.
Click OK.
Running a scan
To run a scan that has been set up, do as follows.
In the home page of the Sophos Anti−Virus window, in the Available scans list,
select the scan you want to run. Click Start.
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
10
You can't manually run a scan that you have scheduled. Scheduled scans are
displayed in the Available scans list with a clock icon.
A progress dialog box is displayed and the Activity summary appears in the
Sophos Anti−Virus window.
If any viruses are found, click More and refer to Disinfection.
To stop scanning, click Stop scan.
For information on setting up, scheduling and configuring a scan, refer to the rest
of this section and Configuring scanning.
Editing a scan
To edit a scan that has been set up, do as follows.
In the home page of the Sophos Anti−Virus window, in the Available
scans list, select the scan you want to edit. Click Edit to display the scan
setup page.
1.
To rename the scan, in the Scan name text box, type a name for the scan.2.
To change which items to scan, in the Items to scan panel, select or
deselect the drives and folders you want to scan. To do this, click the check
box to the left of each drive or folder. To learn about the icons that appear
in the check boxes, refer to Representation of items to scan.
Drives or folders that are unavailable (because they are offline
or have been deleted) are displayed in a strikethrough font.
They are removed from the Items to scan panel if they are
deselected or there is a change in the selection of their parent
drive or folder(s).
To configure the scan further, click Configure this scan. (Refer to
Configuring scanning for more information.)
To schedule the scan, click Schedule this scan. (Refer to Scheduling a
scan for more information.)
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
11
You can't manually run a scan that you have scheduled. Scheduled
scans are displayed in the Available scans list with a clock icon.
Click Save to save the scan or Save and start to save and run the scan.
Representation of items to scan
In the Items to scan panel, different icons are displayed in the check box next to
each item, depending on which items will be scanned. These icons are shown
below with explanations.
The item and all sub−items are not selected for scanning.
The item and all sub−items are selected for scanning.
The item is partially selected: some sub−items are not selected for scanning.
The item and all sub−items are excluded from this particular scan.
The item is partially excluded: some sub−items are excluded from this particular
scan.
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
12
The item and all sub−items are excluded from all on−demand scans, because of
an on−demand exclusion that has been set up.
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
13
Scanning a single item
This section includes the following.
Scanning a single item•
Scanning a single item
You can scan a single item by performing a right−click scan.
A right−click scan is a virus scan of selected item(s) in Windows Explorer,
that you can run by right−clicking the selection to display a menu, and
selecting Scan with Sophos Anti−Virus.
Open Windows Explorer. To do this, at the taskbar, click
Start|Programs|Accessories|Windows Explorer.
1.
Select the file(s), folder(s) and/or disk drives you want to scan.2.
Right−click the selection to display a menu, and select Scan with Sophos
Anti−Virus.
3.
A progress dialog box is displayed.
If any viruses are found, click More and refer to Disinfection.
To stop scanning, click Stop scan.
For information on configuring a scan, refer to Configuring scanning.
14
Restricting access rights
This section includes the following.
Types of user• Changing membership of Sophos user groups•
Types of user
Sophos Anti−Virus restricts access to certain parts of the software to certain types
of user. This security is based on the user groups that have been set up in
Windows on this computer. When Sophos Anti−Virus is installed, each user is
assigned to one of the Sophos user groups depending on their Windows user
group, as follows.
Members of the Windows Administrators group are assigned to the
SophosAdministrator group.
•
Members of the Windows Power Users group are assigned to the
SophosPowerUser group.
•
Members of the Windows Users group are assigned to the SophosUser
group.
•
Any user who is not assigned to one of the Sophos user groups, including Guest
users, can perform only
on−access scanning• scans run from a right−click menu.•
Members of the SophosUser group can perform the above functions and
access the Sophos Anti−Virus window• set up and run on−demand scans• configure scans run from a right−click menu• manage, with limited privileges, quarantined items.•
Members of the SophosPowerUser group have the same rights as members of
the SophosUser group with the addition of greater privileges in Quarantine
manager.
Members of the SophosAdministrator group can use or configure any part of
Sophos Anti−Virus.
15
Changing membership of Sophos user groups
To change the Sophos user group for a user, you must do as follows. (Refer to
your Windows documentation if necessary.)
Use Windows to move the user from one Sophos user group to another.1.
When that user logs on to Windows again, they should find that their
access rights have changed accordingly.
2.
Sophos Anti−Virus for Windows 2000/XP/2003 Restricting access rights
16
Changing settings for multiple users
This section includes the following.
Changing settings for all computers• Changing settings for all users on the computer•
Changing settings for all computers
To configure Sophos Anti−Virus on workstations from a central location on the
network, refer to the Sophos Enterprise Console help.
Changing settings for all users on the computer
To configure Sophos Anti−Virus for all users on the computer, in the home page
of the Sophos Anti−Virus window, click Configure Sophos Anti−Virus. From
the Configure page, you can change the following settings.
On−access scanning• On−demand extensions and exclusions• User rights for Quarantine manager• Messaging• Log for this computer• Updating•
You need to be a Sophos Administrator to change these settings.
17
Configuring scanning
This section includes the following.
Changing types of file scanned• Excluding files from scanning• Changing when on−access scanning occurs• Scanning inside archive files• Scanning Macintosh files• Scanning all files•
Changing types of file scanned
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
To change the settings for on−access scanning, click On−access
scanning.
2.
To change the settings for on−demand and right−click scanning, click
On−demand extensions and exclusions.
Click the Extensions tab. Set the options as described below.3.
18
Scan all files
Click this to enable scanning of all files, regardless of the filename
extension.
Allow me to control exactly what is scanned
Click this to restrict scanning to only files with a particular filename
extension, specified in the extension list.
The extension list includes file types that Sophos recommends
are scanned. Be careful if you alter the list as explained below.
To add a filename extension to the list, click Add. You can use the wildcard
? to match any single character.
To remove a filename extension from the list, select the extension and click
Remove.
To change a filename extension in the list, select the extension and click
Edit.
To enable scanning of files with no filename extension, select Scan files
with no extension.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
19
Excluding items from scanning
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
The procedure described below applies to all on−demand scans. To
exclude items from a particular on−demand scan, refer to Editing a
scan.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
To change the settings for on−access scanning, click On−access
scanning.
2.
To change the settings for on−demand and right−click scanning, click
On−demand extensions and exclusions.
Click the Exclusions tab. Set the options as described below.3.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
20
Excluded item
To specify items that should be excluded from scanning, click Add. In the
Exclude item dialog box, specify the type and name of the item to be
excluded. Refer to Specifying excluded items.
To remove items from the list of excluded items, click Remove.
To change items in the list of excluded items, click Edit.
Specifying excluded items
In the Exclude item dialog box, select the Item type. All remote files means all
files not on this computer. Unless you select All remote files, specify the Item
name by using the Browse button or typing in the text box. Further details on
specifying item names are given below.
Filename•
You can specify only the name of a file, and Sophos Anti−Virus excludes all
files with that name, wherever they are located. For example
fred.bmp
causes Sophos Anti−Virus to exclude all files called fred.bmp, wherever
they are located.
Full path•
You can specify the exact location and name of a file, and Sophos
Anti−Virus excludes only that particular file. The path can include the drive
or the share. For example
C:\Miscellaneous\fred.bmp
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
21
causes Sophos Anti−Virus to exclude fred.bmp in the Miscellaneous folder
on the C: drive.
\\Server1\Users\Fred\Letter.rtf
causes Sophos Anti−Virus to exclude Letter.rtf in the Fred folder in the
Users share on Server1.
If you don't specify the drive or share, Sophos Anti−Virus matches the path
at the root of any drive or share.
Partial path•
You can specify a drive or share, and Sophos Anti−Virus excludes
everything from that drive or share and below. For example
A:
causes Sophos Anti−Virus to exclude everything on the A: drive.
You can specify a folder, and Sophos Anti−Virus excludes everything from
that folder and below. For example
D:\Tools\
causes Sophos Anti−Virus to exclude everything from the Tools folder on
the D: drive and all subfolders.
You can specify a folder and filename, and Sophos Anti−Virus excludes
any folder and filename that match. For example
logs\log.txt
causes Sophos Anti−Virus to exclude log.txt in any folder called logs on any
drive or share.
Wildcards
The wildcard ? can be used only in a filename or extension. It generally matches
any single character. However, when used at the end of a filename or extension, it
matches zero or one character. For example file??.txt matches file.txt, file1.txt and
file12.txt but not file123.txt.
The wildcard * can be used only in a filename or extension, in the form
[filename].* or *.[extension]. For example, file*.txt, file.txt* and file.*txt are invalid.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
22
Multiple filename extensions
Filenames with multiple extensions are treated as if the last extension is the
extension and the rest are part of the filename. For example,
[filename].[extension1].[extension2] means the filename is [filename].[extension1]
and the extension is [extension2].
Standard naming conventions
The filename or path is validated against standard naming conventions (e.g. a
folder name may contain spaces but may not contain only spaces).
Changing when on−access scanning occurs
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
You can specify whether Sophos Anti−Virus scans files when they're opened,
when they're saved or when they're renamed.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click On−access scanning.2.
In the On−access scan settings for this computer dialog box, click the
Scanning tab. Set the options as described below.
3.
To specify that files must be scanned when they're opened, click On read.
To specify that files must be scanned when they're saved, click On write.
To specify that files must be scanned when they're renamed, click On
rename.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
23
Scanning inside archive files
You can enable Sophos Anti−Virus to scan inside archive files. You can do this for
on−access scanning• on−demand scanning• scans run from a right−click menu.•
Scanning inside archives on access
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
Scanning inside archive files makes scanning significantly
slower and is rarely required. Even if you don't select the option,
when you attempt to access a file extracted from the archive file,
the extracted file is scanned.
Whether you select this option or not, files compressed with dynamic compression
utilities (PKLite, LZEXE and Diet) are scanned.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
24
In the Configure page, click On−access scanning.2.
In the On−access scan settings for this computer dialog box, click the
Scanning tab.
3.
Select Scan inside archive files.4.
To enable scanning inside only particular archive file types, click
Advanced. In the Advanced scanning settings dialog box, select the
archive file types that you want Sophos Anti−Virus to scan inside.
The advanced settings are very specialised and you should use them
only with advice from Sophos technical support.
Scanning inside archives on demand
Scanning inside archive files makes scanning significantly
slower and is rarely required. Even if you don't select the option,
when you attempt to access a file extracted from the archive file,
the extracted file is scanned.
Whether you select this option or not, files compressed with dynamic compression
utilities (PKLite, LZEXE and Diet) are scanned.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
25
In the home page of the Sophos Anti−Virus window, in the Available
scans list, select the scan you want to edit. Click Edit.
1.
In the scan setup page, click Configure this scan.2.
In the Individual scan settings dialog box, click the Scanning tab.3.
Select Scan inside archive files.4.
To enable scanning inside only particular archive file types, click
Advanced. In the Advanced scanning settings dialog box, select the
archive file types that you want Sophos Anti−Virus to scan inside.
The advanced settings are very specialised and you should use them
only with advice from Sophos technical support.
Scanning inside archive files from a right−click menu
Scanning inside archive files makes scanning significantly slower. Even
if you don't select the option, when you attempt to access a file
extracted from the archive file, the extracted file is scanned.
Whether you select this option or not, files compressed with dynamic compression
utilities (PKLite, LZEXE and Diet) are scanned.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
26
On the Configure menu, click Right−click scanning.1.
In the Right−click scan settings for this user dialog box, click the
Scanning tab.
2.
Select Scan inside archive files.3.
To enable scanning inside only particular archive file types, click
Advanced. In the Advanced scanning settings dialog box, select the
archive file types that you want Sophos Anti−Virus to scan inside.
The advanced settings are very specialised and you should use them
only with advice from Sophos technical support.
Scanning Macintosh files
You can enable Sophos Anti−Virus to scan Macintosh files stored on Windows
computers. You can do this for
on−access scanning• on−demand scanning• scans run from a right−click menu.•
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
27
Scanning Macintosh files on access
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click On−access scanning.2.
In the On−access scan settings for this computer dialog box, click the
Scanning tab.
3.
Select Include Macintosh viruses. This enables Sophos Anti−Virus to
scan executable Macintosh files.
4.
Scanning Macintosh files on demand
In the home page of the Sophos Anti−Virus window, in the Available
scans list, select the scan you want to edit. Click Edit.
1.
In the scan setup page, click Configure this scan.2.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
28
In the Individual scan settings dialog box, click the Scanning tab.3.
Select Include Macintosh viruses. This enables Sophos Anti−Virus to
scan executable Macintosh files.
4.
Scanning Macintosh files from a right−click menu
On the Configure menu, click Right−click scanning.1.
In the Right−click scan settings for this user dialog box, click the
Scanning tab.
2.
Select Include Macintosh viruses. This enables Sophos Anti−Virus to
scan executable Macintosh files.
3.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
29
Scanning all files
You can enable Sophos Anti−Virus to scan all files, regardless of the filename
extension. You can do this for
on−access scanning• on−demand scanning• scans run from a right−click menu.•
Scanning all files on access
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click On−access scanning.2.
In the On−access scan settings for this computer dialog box, click the
Scanning tab.
3.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
30
Select Scan all files.4.
Scanning all files on demand
You can enable
all on−demand scans• a particular on−demand scan•
to scan all files.
Enabling all on−demand scans to scan all files
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click On−demand extensions and exclusions.2.
In the On−demand extensions and exclusions dialog box, click the
Extensions tab.
3.
Click Scan all files.4.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
31
Enabling a particular on−demand scan to scan all files
In the home page of the Sophos Anti−Virus window, in the Available
scans list, select the scan you want to edit. Click Edit.
1.
In the scan setup page, click Configure this scan.2.
In the Individual scan settings dialog box, click the Scanning tab.3.
Select Scan all files.4.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
32
Scanning all files from a right−click menu
On the Configure menu, click Right−click scanning.1.
In the Right−click scan settings for this user dialog box, click the
Scanning tab.
2.
Select Scan all files.3.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
33
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring scanning
34
Configuring alerts
This section includes the following.
Desktop messaging• Email alerting• SNMP messaging• Event logging•
Desktop messaging
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
Sophos Anti−Virus can display desktop messages like the one shown below when
a virus is found. This applies only to on−access scanning.
To enable Sophos Anti−Virus to display desktop messages, do as follows.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click Messaging.2.
In the Messaging dialog box, click the Desktop messaging tab. Set the
options as described below.
3.
35
Enable desktop messaging
Select this to enable Sophos Anti−Virus to display desktop messages when
a virus is found.
User−defined message
In this text box, you can type a message that will be added to the end of the
standard message.
Email alerting
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
To enable Sophos Anti−Virus to send email alerts when a virus is found or an
error occurs, do as follows. This applies to on−access, on−demand and right−click
scanning.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click Messaging.2.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring alerts
36
In the Messaging dialog box, click the Email alerting tab. Set the options
as described below.
3.
Enable email alerting
Select this to enable Sophos Anti−Virus to send email alerts.
Messages to send
Select the events for which you want Sophos Anti−Virus to send email
alerts. Scanning errors include instances when Sophos Anti−Virus is
denied access to an item that it attempts to scan.
Recipients
Click Add or Remove to add or remove, respectively, email addresses to
which email alerts should be sent. Click Edit to change an email address
you have added.
Configure SMTP
Click this to change the settings for the SMTP server and the language of
the email alerts. (Refer to Configure SMTP settings.)
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring alerts
37
Configure SMTP settings
SMTP server
In the text box, type the host name or IP address of the SMTP server. Click Test
to test that a connection to the SMTP server can be made. (This does not send a
test email.)
SMTP 'sender' address
In the text box, type an email address to which bounces and non−delivery reports
can be sent.
SMTP 'reply to' address
As email alerts are sent from an unattended mailbox, you can type in the text box
an email address to which replies to email alerts can be sent.
Language
Click the drop−down arrow, and select the language in which email alerts should
be sent.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring alerts
38
Event logging
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
To enable Sophos Anti−Virus to add alerts to the Windows 2000/XP/2003 event
log when a virus is found or an error occurs, do as follows. This applies to
on−access, on−demand and right−click scanning.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click Messaging.2.
In the Messaging dialog box, click the Event log tab. Set the options as
described below.
3.
Enable event logging
Select this to enable Sophos Anti−Virus to send messages to the Windows
event log.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring alerts
39
Messages to send
Select the events for which you want Sophos Anti−Virus to send messages.
Scanning errors include instances when Sophos Anti−Virus is denied
access to an item that it attempts to scan.
SNMP messaging
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
To enable Sophos Anti−Virus to send SNMP messages when a virus is found or
an error occurs, do as follows. This applies to on−access, on−demand and
right−click scanning.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click Messaging.2.
In the Messaging dialog box, click the SNMP messaging tab. Set the
options as described below.
3.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring alerts
40
Enable SNMP messaging
Select this to enable Sophos Anti−Virus to send SNMP messages.
Messages to send
Select the events for which you want Sophos Anti−Virus to send email
alerts. Scanning errors include instances when Sophos Anti−Virus is
denied access to an item that it attempts to scan.
SNMP trap destination
In the text box, type the IP address or name of the computer to which alerts
are sent.
SNMP community name
In the text box, type the SNMP community name.
Test
Click this to send a test SNMP message to the SNMP trap destination you
have specified.
Sophos Anti−Virus for Windows 2000/XP/2003 Configuring alerts
41
Logging
This section includes the following.
Viewing the log for this computer• Configuring the log for this computer• Viewing the log for an on−demand scan•
Viewing the log for this computer
The log for this computer is a log of all scanning on the computer.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click View log to display the log for the computer.2.
From the log page, you can copy the log to the clipboard, or email or print
the log.
3.
To find specific text in the log, click Find and enter the text you want to find.
The times in the Time column refer to the local time zone, but
those in the Message column refer to UTC.
Configuring the log for this computer
The log for this computer is a log of all scanning on the computer.
It is stored in the following location:
42
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos
Anti−Virus\logs\SAV.txt
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click View log.2.
In the log page, click Configure log to display the Configure logging for
this computer dialog box. Set the options as described below.
3.
Logging level
To stop anything being logged, click None. To log summary information,
error messages and so on, click Normal. To log most information, including
files scanned, major stages of a scan, and so on, click Verbose.
Log archiving
To enable the log file to be archived monthly, select Enable archiving.
Select the Number of archive files to store before the oldest one is
deleted. Select Compress log to reduce the size of the log file.
Viewing the log for an on−demand scan
The log for an on−demand scan is a log of what happened each time
Sophos Anti−Virus for Windows 2000/XP/2003 Logging
43
that scan was run.
In the home page of the Sophos Anti−Virus window, in the Available
scans list, select the scan for which you want to view the log. Click
Summary.
1.
In the summary dialog box, click the link at the bottom.2.
From the log window, you can copy the log to the clipboard, or email or
print the log.
3.
The times in the Time column refer to the local time zone, but
those in the Message column refer to UTC.
Sophos Anti−Virus for Windows 2000/XP/2003 Logging
44
Updating
This section includes the following.
Updating immediately• Setting up automatic updating• Setting a source for updates• Setting an alternative source for updates• Scheduling updates• Updating via a proxy• Limiting the bandwidth used• Logging updates•
Updating immediately
If you have installed Sophos Anti−Virus as recommended in Sophos
documentation, updating occurs automatically.
If you want to update Sophos Anti−Virus immediately, you can do so.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
Right−click the icon to display a menu, and select Update now.2.
Alternatively, double−click the Sophos Anti−Virus system tray icon.
Provided Sophos Anti−Virus has been correctly configured, it checks the usual
source for new software and, if necessary, updates itself.
For information on configuring updating, refer to the other pages in this section.
Setting up automatic updating
If your computer is on a network, or if your administrator installed Sophos
Anti−Virus for you, Sophos Anti−Virus should have been set to update itself
automatically.
If automatic updating has not been set up, follow the steps below. For full
information on the options at each step, refer to the section describing that
configuration page.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
45
Right−click the icon to display a menu, and select Configure updating.2.
In the Properties for Sophos AutoUpdate dialog box, click the Primary
server tab and set the source for updates. Your administrator can give you
the details you need to enter.
3.
Click the Schedule tab and schedule updates.4.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
46
Setting a source for updates
If you want Sophos Anti−Virus to update itself automatically, you must specify
where it fetches updates from.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
Right−click the icon to display a menu, and select Configure updating.2.
In the Properties for Sophos AutoUpdate dialog box, click the Primary
server tab and enter the details needed as described below.
3.
Address
Enter the address (UNC (network) path or web address) from which
Sophos Anti−Virus will usually fetch updates. If you select Sophos, Sophos
Anti−Virus will download updates directly from Sophos via the internet.
Your administrator can give you the address and account details
you need.
User name
If necessary, enter the User name for the account that will be used to
access the server, and then enter and confirm the Password.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
47
If the User name needs to be qualified to indicate the domain, use the
form domain\username.
If you want to limit the bandwidth used, click Advanced.
If you access the internet via a proxy server, click Apply and then Proxy
Details. Note that some internet service providers require web requests to
be sent to a proxy server.
Setting an alternative source for updates
You can set an alternative source for updates. If Sophos Anti−Virus cannot
contact its usual source, it will attempt to update from this alternative source.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
Right−click the icon to display a menu, and select Configure updating.2.
In the Properties for Sophos AutoUpdate dialog box, click the
Secondary server tab. Then enter the details as described below.
3.
Address
Enter the Address (UNC (network) path or web address) from which
Sophos Anti−Virus will fetch updates if it cannot contact the usual source. If
you select Sophos, Sophos Anti−Virus will download updates directly from
Sophos via the internet.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
48
Your administrator can give you the address and account details
you need.
User name
If necessary, enter the User name for the account that will be used to
access the server, and then enter and confirm the Password.
If the User name needs to be qualified to indicate the domain, use the
form domain\username.
If you want to limit the bandwidth used, click Advanced.
If you access the address via a proxy server, click Apply and then Proxy
Details. Note that some internet service providers require web requests to
be sent to a proxy server.
Scheduling updates
You can specify when or how often Sophos Anti−Virus updates itself.
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
Right−click the icon to display a menu, and select Configure updating.2.
In the Properties for Sophos AutoUpdate dialog box, click the Schedule
tab. Then enter the details as described below.
3.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
49
If you want Sophos Anti−Virus to update itself at regular intervals, select
Enable automatic updates. Then enter the frequency (in minutes) with
which Sophos Anti−Virus will check for updated software. The default is 60
minutes.
If the updates are downloaded directly from Sophos, you cannot
update more frequently than every 60 minutes.
If you update via a dial−up connection to the internet, select Check for
updates on dial−up. Sophos Anti−Virus will attempt to update whenever
you connect to the internet.
Updating via a proxy server
If Sophos Anti−Virus fetches updates via the internet, you must enter details of
any proxy server that you use to connect to the internet.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
Right−click the icon to display a menu, and select Configure updating.2.
In the Properties for Sophos AutoUpdate dialog box, click the Primary
server tab or the Secondary server tab as required. Ensure that all the
details have been correctly entered. Then click Apply and then Proxy
Details.
3.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
50
In the Proxy details dialog box, select Access the server via a proxy.
Then enter the proxy server Address and Port number. Enter a User
name and Password that give access to the proxy server. If the user name
needs to be qualified to indicate the domain, use the form
domain\username.
4.
Limiting the bandwidth used
You can limit the bandwidth used for updating. This prevents Sophos Anti−Virus
from using all your bandwidth when you need it for other purposes, e.g.
downloading your email.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
51
Right−click the icon to display a menu, and select Configure updating.2.
In the Properties for Sophos AutoUpdate dialog box, click the Primary
server tab or the Secondary server tab as required. Then click Advanced.
3.
In the Advanced settings dialog box, select Limit amount of bandwidth
used and use the slider control to specify the bandwidth in Kbits/second. If
you specify more bandwidth than the computer has available, Sophos
Anti−Virus uses all that is available.
4.
Logging updates
You can configure Sophos Anti−Virus to record updating activity in a log file.
Locate the Sophos Anti−Virus icon in the system tray (shown below).1.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
52
Right−click the icon to display a menu, and select Configure updating.2.
In the Properties for Sophos AutoUpdate dialog box, click the Logging
tab. Ensure that Log Sophos AutoUpdate activity is selected. Then set
other options as described below. When you want to open the log, click
View Log File.
3.
Maximum log size
Specify a maximum size for the log in MB.
Log level
You can select Normal or Verbose logging. Verbose logging provides
information on many more activities than usual, so the log will grow faster.
Use this setting only when detailed logging is needed for troubleshooting.
Sophos Anti−Virus for Windows 2000/XP/2003 Updating
53
Disinfection
This section includes the following.
What is disinfection?• Getting disinfection information• Setting up automatic disinfection• Disinfecting on demand• Disinfecting with a right−click scan• Recovering from virus side−effects•
What is disinfection?
Disinfection removes a virus from a file or boot sector. However, it doesn't
undo any actions the virus has already taken.
Getting disinfection information
If a virus is reported, you can get information and disinfection advice via
the scan progress dialog box (on−demand and right−click scanning)• Quarantine manager (all scanning types).•
Getting information via the scan progress dialog box
For an on−demand scan or a scan run from a right−click menu, in the log that is
displayed in the scan progress dialog box, click the name of the virus you want to
find out about.
54
Sophos Anti−Virus connects you to the analysis of the virus on the Sophos
website.
Getting information via Quarantine manager
Open Quarantine manager. To do this, in the home page of the Sophos
Anti−Virus window, click Manage quarantine items.
In the Virus name column, click the name of the virus you want to find out about.
Sophos Anti−Virus connects you to the analysis of the virus on the Sophos
website.
Setting up automatic disinfection
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
Sophos Anti−Virus can disinfect many infected items, or make them safe,
automatically, when on−access scanning is turned on. Any actions that Sophos
Anti−Virus takes against infected items are logged in the log for this computer.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click On−access scanning.2.
Click the Disinfection tab. Set the options as described below.3.
Sophos Anti−Virus for Windows 2000/XP/2003 Disinfection
55
Disinfect items that contain a virus
Select this to enable Sophos Anti−Virus to disinfect floppy disk boot
sectors, documents, programs and anything else that is selected for
scanning. Disinfection of documents does not repair any changes the virus
has made in the document. (Refer to Getting disinfection information to find
out how to view details on the Sophos website of the virus's side−effects.)
Disinfection of programs should be used only as a temporary measure. You
should subsequently replace disinfected programs from the original disks or
a clean backup.
Other actions against infected files
You should use this option only if advised to by Sophos technical
support.
Sophos Anti−Virus can make an infected file safe in ways other than
disinfection. Click Delete to dispose of the file. Click Move to to move the
file to another folder, which you can select using Browse. Moving an
executable file reduces the likelihood of it being run.
You can't automatically delete or move infected mailboxes.
Sophos Anti−Virus for Windows 2000/XP/2003 Disinfection
56
Disinfecting on demand
Sophos Anti−Virus can disinfect many infected items, or make them safe, when
you run an on−demand scan. Any actions that Sophos Anti−Virus takes against
infected items are logged in the log for the on−demand scan.
In the home page of the Sophos Anti−Virus window, in the Available
scans list, select the scan for which you want to enable disinfection. Click
Edit to display the scan setup page.
1.
Click Configure this scan.2.
Click the Disinfection tab. Set the options as described below.3.
Disinfect items that contain a virus
Select this to enable Sophos Anti−Virus to disinfect floppy disk boot
sectors, documents, programs and anything else that is selected for
scanning. Disinfection of documents does not repair any changes the virus
has made in the document. (Refer to Getting disinfection information to find
out how to view details on the Sophos website of the virus's side−effects.)
Disinfection of programs should be used only as a temporary measure. You
should subsequently replace disinfected programs from the original disks or
Sophos Anti−Virus for Windows 2000/XP/2003 Disinfection
57
a clean backup.
Other actions against infected files
You should use this option only if advised to by Sophos technical
support.
Sophos Anti−Virus can make an infected file safe in ways other than
disinfection. Click Delete to dispose of the file. Click Move to to move the
file to another folder, which you can select using Browse. Moving an
executable file reduces the likelihood of it being run.
You can't automatically delete or move infected mailboxes.
Disinfecting with a right−click scan
Sophos Anti−Virus can disinfect many infected items, or make them safe, when
you run a scan from a right−click menu. Any actions that Sophos Anti−Virus takes
against infected items are logged in the log for this computer.
In the Sophos Anti−Virus window, on the Configure menu, click
Right−click scanning.
1.
Click the Disinfection tab. Set the options as described below.2.
Sophos Anti−Virus for Windows 2000/XP/2003 Disinfection
58
Disinfect items that contain a virus
Select this to enable Sophos Anti−Virus to disinfect floppy disk boot
sectors, documents, programs and anything else that is selected for
scanning. Disinfection of documents does not repair any changes the virus
has made in the document. (Refer to Getting disinfection information to find
out how to view details on the Sophos website of the virus's side−effects.)
Disinfection of programs should be used only as a temporary measure. You
should subsequently replace disinfected programs from the original disks or
a clean backup.
Other actions against infected files
Sophos Anti−Virus can make an infected file safe in ways other than
disinfection. Click Delete to dispose of the file. Click Move to to move the
file to another folder, which you can select using Browse. Moving an
executable file reduces the likelihood of it being run.
You can't automatically delete or move infected mailboxes.
Recovering from virus side−effects
Recovery from virus infection depends on how the virus infected the computer.
Some viruses leave you with no side−effects to deal with, others may have such
extreme side−effects that you have to restore a hard disk in order to recover.
Some viruses gradually make minor changes to data. This type of corruption can
be hard to detect. It is therefore very important that you read the virus analysis on
the Sophos website, and check documents carefully after disinfection.
Sound backups are crucial. You should keep original executables on
write−protected disks so that infected programs can easily be replaced. If you did
not have them before you were infected, create or obtain them in case of future
infections.
Sometimes you can recover data from disks damaged by a virus. Sophos can
supply utilities for repairing the damage caused by some viruses. Contact Sophos
technical support for advice.
Sophos Anti−Virus for Windows 2000/XP/2003 Disinfection
59
Managing quarantine items
This section includes the following.
What is Quarantine manager?• Dealing with viruses in quarantine• Configuring user rights for Quarantine manager•
What is Quarantine manager?
Quarantine manager enables you to deal with all viruses found by a scan. Each
item is here for one of the following reasons.
No disinfection options (disinfect, delete, move) were chosen for the scan
that found the item.
•
A disinfection option was chosen for the scan that found the item but the
option failed.
•
The item is multiply−infected and still contains viruses.•
A disinfection option may have failed because of insufficient access rights. If you
have greater rights, you can use Quarantine manager to disinfect, delete or move
the item.
Dealing with viruses in quarantine
Open Quarantine manager. To do this, in the home page of the Sophos
Anti−Virus window, click Manage quarantine items.
1.
In the Quarantine manager page, all the infected items are listed.
Location displays whereabouts the item is stored on disk. You can click
this to list the items in order of location. Virus name displays the virus with
which the item is infected. Actions available displays whether you can
disinfect, delete or move the item. To configure what you can do, refer to
Configuring user rights for Quarantine manager. To deal with the viruses,
use the buttons described below.
2.
60
Select all/Deselect all
Click these buttons to select or deselect all the items. This enables you to
perform the same action on a group of items. To select or deselect a
particular item, click the check box to the left of the item name.
Clear from list
Click this to remove selected items from the list, if you are sure they don't
contain a virus. This doesn't delete the items from disk, however.
Disinfect
Click this to disinfect the selected items. Disinfection of documents does not
repair any changes the virus has made in the document. Disinfection of
programs should be used only as a temporary measure. You should
subsequently replace disinfected programs from the original disks or a
clean backup.
Delete
Click this to dispose of the selected items. Use this function with care.
Move
Click this to move the selected items to another folder. Each item is moved
to the folder that was specified when disinfection was set up. Moving an
executable file reduces the likelihood of it being run. Use this function with
care.
Sophos Anti−Virus for Windows 2000/XP/2003 Managing quarantine items
61
Configuring user rights for Quarantine manager
In the home page of the Sophos Anti−Virus window, click Manage
quarantine items.
1.
In the Quarantine manager page, click Configure user rights for
Quarantine manager.
2.
In the Configure user rights for Quarantine manager dialog box, select
the rights that each level of user should have, as explained below.
3.
User type
You can change the rights for each of the three types of user, depending on
the type of user you are logged on as. For more information on user types,
refer to Types of user. Remember that the rights you set here apply only to
Quarantine manager.
Disinfect sectors
Select this to enable Sophos Anti−Virus to disinfect floppy disk boot
sectors.
Disinfect files
Select this to enable Sophos Anti−Virus to disinfect documents and
programs. Disinfection of documents does not repair any changes the virus
has made in the document. Disinfection of programs should be used only
as a temporary measure. You should subsequently replace disinfected
programs from the original disks or a clean backup.
Sophos Anti−Virus for Windows 2000/XP/2003 Managing quarantine items
62
Delete files
Select this to enable Sophos Anti−Virus to dispose of infected files.
Move files
Select this to enable Sophos Anti−Virus to move infected files to another
folder. Moving an executable file reduces the likelihood of it being run.
Sophos Anti−Virus for Windows 2000/XP/2003 Managing quarantine items
63
Troubleshooting
This section includes the following.
System tray icon has a white cross• System tray icon is greyed out• Virus not disinfected• Virus fragment reported• Unable to access disk with infected boot sector• Unable to access areas of Sophos Anti−Virus• Getting further help•
System tray icon has a white cross
If a white cross is superimposed on the Sophos Anti−Virus system tray icon,
updating has failed.
To find out more about an update failure, look at the update log. Right−click the
Sophos Anti−Virus system tray icon to display a menu. Select Configure
updating. Then click the Logging tab and click View Log File.
The sections below explain why updating may fail, and how you can change the
settings to correct the problem.
You need Sophos Administrator rights to change the updating
settings.
Sophos Anti−Virus contacts the wrong source for updates
Right−click the Sophos Anti−Virus system tray icon to display a menu.
Select Configure updating.
1.
Click the Primary server tab. Check that the address and account details
are those supplied by your administrator.
2.
Sophos Anti−Virus cannot use your proxy server
If your copy of Sophos Anti−Virus updates itself via the internet, you must ensure
that it can use your proxy server (if there is one).
Right−click the Sophos Anti−Virus system tray icon to display a menu.
Select Configure updating.
1.
Click the Primary server tab. Then click Proxy Details.2.
64
In the Proxy details dialog box, enter the proxy server address and port
number, and the account details.
3.
Automatic updating is not correctly scheduled
Right−click the Sophos Anti−Virus system tray icon to display a menu.
Select Configure updating.
1.
Click the Schedule tab. If your computer is networked, or if you update via
a broadband internet connection, select Enable automatic updates and
enter the frequency of updating. If you update via a dial−up connection,
select Check for updates on dial−up.
2.
The source for updates is not being maintained
Your company may have moved the directory (on the network or on a web server)
from which you should update. Alternatively, they may not be maintaining the
directory. If you think this may be the case, contact your network administrator.
System tray icon is greyed out
If the Sophos Anti−Virus system tray icon is greyed out, the computer is not
protected by on−access scanning.
To enable on−access scanning for all users on the computer, refer to Turning
protection on or off for the computer.
Virus not disinfected
If Sophos Anti−Virus has not attempted to disinfect a virus, check that automatic
disinfection has been enabled.
If Sophos Anti−Virus could not disinfect the virus ("Disinfection failed"), it may be
that it cannot disinfect that type of virus.
You should also check the following:
If dealing with a removable medium (e.g. floppy disk, CD), make sure that it
is not write−protected.
•
If dealing with files on an NTFS volume (Windows 2000/XP/2003), make
sure that it is not write−protected.
•
Sophos Anti−Virus does not disinfect a virus fragment because it has not found an
exact virus match. Refer to Virus fragment reported.
Sophos Anti−Virus for Windows 2000/XP/2003 Troubleshooting
65
Virus fragment reported
If a virus fragment is reported, contact Sophos technical support for advice.
The report of a virus fragment indicates that part of a file matches part of a virus.
There are three possible causes:
Variant of a known virus
Many new viruses are based on existing ones, so that code fragments typical of a
known virus may appear in files infected with a new one. If a virus fragment is
reported, it is possible that Sophos Anti−Virus has detected a new virus, which
could become active.
Corrupted virus
Many viruses contain bugs in their replication routines that cause them to infect
target files incorrectly. An inactive portion of the virus (possibly a substantial part)
may appear within the host file, and this is detected by Sophos Anti−Virus. A
corrupted virus cannot spread.
Database containing a virus
When running a full scan, Sophos Anti−Virus may report that there is a virus
fragment in a database file.
Unable to access disk with infected boot sector
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
By default, Sophos Anti−Virus prevents access to removable disks whose boot
sectors are infected. To allow access (e.g. to copy files from a floppy disk infected
with a boot sector virus), do as follows.
In the home page of the Sophos Anti−Virus window, click Configure
Sophos Anti−Virus.
1.
In the Configure page, click On−access scanning.2.
In the On−access scan settings for this computer dialog box, click the
Scanning tab.
3.
Select Allow access to drives with infected boot sectors.4.
Sophos Anti−Virus for Windows 2000/XP/2003 Troubleshooting
66
Deselect the option when you have finished accessing the disk.
Unable to access areas of Sophos Anti−Virus
If you are unable to use or configure particular areas of Sophos Anti−Virus, it
might be because access to these areas is restricted to particular types of user.
Refer to Restricting access rights.
Getting further help
For technical support information, visit
www.sophos.com/support
If you contact technical support, provide as much information as possible,
including Sophos software version number(s), operating system(s) and patch
level(s), and the exact text of any error messages.
Sophos Anti−Virus for Windows 2000/XP/2003 Troubleshooting
67
68
Sophos Anti-Virus for Windows 2000/XP/2003
Copyright © 2004, 2005 by Sophos Plc
All rights reserved. No part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise unless you are either a valid
licensee where the documentation can be reproduced in accordance with the
licence terms or you otherwise have the prior permission in writing of the
copyright owner.
Any name should be assumed to be a trademark unless stated otherwise.
InterCheck and Sophos are registered trademarks of Sophos Plc.
200501