16-Aug-2006 (Version 3.06 Beta)

- Updated handling of sophie.savi file. This now allows you to set the
string options so you can specify alternative locations for SAVI virus
data files and IDE files. This is useful if you are using SAV v5.x.

- Added some info and a sample script for using sophie with SAV v5.x

- Minor changes to sophie_core.c and sophie_init.c to suppress gcc
warnings about type-punned pointers.

- Updated error message generation at scan time. Now includes error code
by default (useful if new error codes are introduced in late versions
of SAVI). To keep the old-style messages, remove the line
#define ERRORS_INCLUDE_NUMBER
from sophie.h

- Added new SAVI DTK header files (from DTK v4.5) to allow building on
AMD64 systems (not actually tested)

- Displays new extended virus engine version number

- Made change to sophie.h to ignore sys/sched.h on FreeBSD.

- Move reload process out of SIGHUP signal handler. Thanks to Chris
Stromsoe and Martin Zuziak for input and patch.

- Fix signal handling on Solaris. Signal handlers need to be reset
after each signal caught. Thanks to Kendall Libby for input.

16-Nov-2005 (Version 3.05)

- Bug fix for daemon tools problem that was introduced in 3.04. All
signals are now caught by the main process and forwarded to the
worker process. This allows Sophie to work with Daemon Tools
again.

- Bug fix for skipping the "." and ".." directories. Sophie used to
just skip the first two directories assuming they would always be
"." and "..", which is not always the case on some file systems.
It now performs a strcmp to check for "." and ".." instead.

- Bug fix for sophie_scandir problem. Sophie would not report
corrupt, password protected, etc files when performing directory
scans. It has been changed to return the "worst" result now. If
there is an infected file with a scanned directory, the
infected return code (1) is returned. If, however, the directory
(and all sub-directories) are clean, but there is at least one
error (corrupt, password protected, etc) file, Sophie will return
the error return code (-1). Only if all files are clean and
error free will the OK (0) code be returned.

- In sig_exit(), sophie_end() is only called if it is the main
process, and not a child process.

- Changed the AC_CHECK_LIB macro in configure.in to look for
DllGetClassLibrary instead of SAVIsweepFile since SAVIsweepFile
was removed from libsavi in the 3.99 release of Sophie Anti-Virus.
New configure script was generate from configure.in also.

- Removed the call to sophie_syslog when an infected file is found
since the call to sophie_print on the previous line will log to
syslog anyway when in daemon mode, effectively causing two log
entries with the same information.

01-Jun-2005 (Version 3.04)

- Includes fix for the semaphore issue. Sophos Anti-Virus is now
initialized and used as the non-root user. Root only initializes
and cleans up the socket(s).

28-Jan-2004 (Version 3.04rc2)

NOTE: You SHOULD modify etc/sophie.savi before copying it to
/etc/ directory. Current (default) setting might or
might not make any sense at all, but it is what SAVI
sets by default as well.

- etc/sophie.savi is now set with SAVI default. Names/values are
set as to default SAVI settings from SetConfigDefaults(pSAVI)
call.

- 28 new SAVI options added to etc/sophie.savi file. Options
were taken with SAVI 3.77.

- Check for nanosleep before including rt library

- "Grp" options fix in sophie_init.c. Thanks to Markus Stumpf for
spotting it.

21-Nov-2003 (Version 3.04rc1)

- Small fix to sophie.8 manpage. Thanks to Anne Bennet for sending
the patch to me.

- Update RPM spec file (in contrib/). Thanks to Tim Jackson for
sending it to me.

- Applied Sebastian Hagedorn's patch, which causes Sophie to return
0 for non-fatal errors. Thanks to Sebastian for this patch.

NOTE: This patch adds --enable-only-fatal-err configuration
option, and has to be enabled manually

- Changed usleep() to nanosleep(). Thanks to David Snowden for
suggesting this and sending a patch. This should fix problems
which people have been experiencing on Solaris.

- Fixed descriptor leak in sophie_scandir.c. Thanks to Rob McMahon
for spotting this and sending a patch.

- Fixed a 'socket leak' in network portion of Sophie.

Everyone using network version of Sophie should upgrade.

- Added setsockopts for SO_REUSEADDR and TCP_NODELAY (also for
network portion of Sophie)

09-Jun-2003 (Version 3.03)

- Removed 'Mac' and 'SafeMacDfHandling' options from sophie.savi

- Fix in sophie_syslog(), so that errors are not printed when
config.logfacility and/or config.logpriority are not set.

- HP-UX compatibility changes to configure.in

10-May-2003 (Version 3.02)

- Major bug fixed (infite loop in sophie_getline()).
Thanks to Lutz Jaenicke for sending a patch and detailed
description of the problem.

- Added --enable-fgets configuration option. If someone still has
problems with sophie_getline() after today's fix, this can be
used in 'panic mode'. Will be removed if 3.02 finally gets
stable after the sophie_getline() fix.

29-Apr-2003 (Version 3.01)

- glibc23 (RH9) workaround didn't really work well. Taken out.

NOTE: To use Sophie on RH9, compile on some other RH release,
and just copy to RH9 box. Sophos should release updated
library soon, I hope.

28-Apr-2003 (Version 3.00)

- Version number change, and public release

24-Apr-2003 (Version 3.00rc4)

- Workaround for glibc23 based systems (--enable-glibc23 switch)
Thanks to Jeffrey C. Ollie for providing workaround

- SIGHUP handler is now reinstalled on -HUP
Thanks to Geoff Gibbs for reporting/noticing this

15-Mar-2003 (Version 3.00rc3)

- buf is now MAXPATHLEN (was hardcoded to 256 - forgot about it :)
Thanks to Rainer Link for pointing this out

- Removed fgets() in while() loop, and substituted it with
sophie_getline(). Removed code that reopens the socket, and
the references to msgfp. Thanks to Rainer Link for pointing the
problems with fgets()

NOTE: Please test this release, and let me know if you
experience any trouble with sophie_getline()

- Code cleanups

- Additions to s_comput.h, for Sun compiler compatibility.

07-Mar-2003 (Version 3.00rc2)

- Updated README file

- Umask can now be set in the sophie.cfg file

- Added explanation for NameSpaceSupport in SAVI configuration file
(as explained in the SAVI SDK)

- Removed some entries from sophie_syslog.h (were Linux specific,
it seems)

- Converted all files from sav_if/ subdir to UNIX format (they had
CRLFs at the end of line, which caused problems)

03-Mar-2003 (Version 3.00rc1)

- Added 'config' global var which holds Sophie configuration data.
Sophie reload (-HUP) will now also update some of the Sophie
configuration options, if configuration file has been changed.

- Added sophie_notify.c. Callbacks are now implemented, which can
be used to perform timeouts, set limits (max number of scanned
files inside archives, etc.). These limits can be used to prevent
Sophie from getting into infinite loops. Also, inside the callbacks
check if the remote socket is still connected is implemented. If
socket goes away, so does Sophie. This is still EXPERIMENTAL.

- Cleaned up error/warning/notice messages

- Introduced SAVI configuration file (sophie.savi)

- Sophie reloads (patterns/engine) now "natively", using
LoadVirusData() feature of SAVI3. execv() is removed.

- Introduced configuration file (sophie.conf) which lists all the
SAVI configuration options which can be set/reset. Use -C switch
to use specific configuration file.

- Cleaned up sophie_init.c a lot. Removed sophie_init.h

- Added savitype_extended.h in Sophie root. Configuration options
not listed in sav_if/savitype.h will be listed here (although not
used by/for anything)

- Modifications made in order to be (more) compatible with SAVI V3.

- Cleaned up code a bit (moved declarations of some functions
from sophie.h)

02-Jan-2003 (Version 1.41)

- License is modified [sophie.c], in order to allow linking to SAVI
This should, hopefully, resolve some "legal" issues. Thanks to
Rainer Link for the tip.

- SOPHIE_SOPHOS_UPX is now enabled by default (in sophie_init.h), so
that Yaha-K (and similar things) can be detected.

- Small manpage added. Thanks to Anne Bennett for the manpage.

- Sophie now logs failure to restart itself. Thanks to Anne Bennett
for the patch.

- Added contrib/ subdirectory. RPM specfile and init file added.
Thanks to Tim Jackson for the files.

20-Jun-2002 (Version 1.40rc1)

- Sophie will print current PROC_COUNT when SIGUSR1 is delivered to
parent process. [sophie.c]

- Small typo fixed [sophie.c]

- Socket file was actually not chowned() to RUNAS_USER when Sophie
started. Only group was modified. [sophie.c]

- Moved stuff from config.h(.in), and put back sophie.h. Can't
remember why I removed sophie.h at all.

- Added break for all cases that return -1 in sophie_scanfile()
[sophie_core.c]

- Fix for a memory leaks in sophie_log_virus() [sophie_core.c] and
sophie_scanfile() [sophie_core.c]. If one child process would scan
many files, this problem could be observed. Thanks to Sophos for
providing patch for this.

- Minor fix (added #ifdef for timestamp declarations) [sophie_core.c]
Thanks to Sophos for noticing this.

20-Jun-2002 (Version 1.39rc1)

- Version number change

16-Jun-2002 (Version 1.39rc1)

- Signal handling (SIGCHLD) redone in order to make sure PROC_COUNT
is properly decremented.

11-Jun-2002 (Version 1.38)

- When reloading, Sophie would try to close/shutdown network socket
even if it was not compiled with --enable-net. Would cause Sophie
to stop working properly after -HUP was sent.

02-Jun-2002 (Version 1.37)

- Forgot to close/shutdown tcp_sock when restarting Sophie. That
would generate "Address already in use" errors when network mode
was used. Fixed.

- initgroups() is now called only if Sophie is started by root

- Fixed a typo in configure.in and added missing #undef for
UNISTD_H_DECLARES_INITGROUPS

(Scot W. Hatzel provided most of the patches for this release)

- Checking if errno == EAGAIN (with network mode), and reading again
(Thanks to Scot W. Hetzel for reporting this)

- Modified sample_apps/sock_net/send_file.c ; send_msg now contains
newline, as opposed to sending newline after 1st write()
(Thanks to Scot W. Hetzel for reporting this)

- Made sample_apps/perl_net/*.pl Perl 5.005 compatible. It doesn't
like '$sock' as a name of a socket - changed to SOCK. (Thanks to
Scot W. Hetzel for reporting this)

- FreeBSD declares initgroups() in unistd.h - added check to
configure for that (Thanks to Scot W. Hetzel for reporting this)

- Include netinet/in.h if compiling on FreeBSD (Thanks to Alain
Fauconnet and Scot W. Hetzel for reporting this)

01-Jun-2002 (Version 1.36)

- SAVI config option "OutlookExpress" added (no idea what it does)

- Added verbosity (for --enable-error-strings) at few more places
where -1 was returned [sophie.c]

- If opendir() [sophie_scandir.c] fails, verbose error message is
returned (before, it was only '-1:' if error strings were
enabled (suggested by Mark Martinec)

- PROC_COUNT is printed on child startup (w/ debugging turned on)

- declared PROC_COUNT as volatile (suggested by Mark Martinec)

- config.h is now a dependancy, and in case it's changed, 'make'
will recompile Sophie (suggested by Mark Martinec)

- Fixed major bug which was introduced when -HUP handling was being
rewritten (PROC_COUNT would not be decreased properly)

- AIX related fix (initgroup is not in grp.h, on AIX 4.2)

- AIX 'default user' changed to daemon (seems that 'mail' is just
a mail alias on AIX - not an account)

20-May-2002 (Version 1.35)

- Removed #define of "BSD", since it wasn't being used anywhere, and
would cause gcc to complain about redefinition of BSD

- Checking if the user (RUNAS_USER) really exists, before Sophie
starts. (thanks to Jarno Huuskonen for noticing this)

- [SECURITY] Added initgroups() in order to 'reset' list of
supplemental groups available to Sophie child process. (thanks
to Jarno Huuskonen for noticing this)

- Checking if the userInfo->pw_gid is valid (and not a NULL, for
example, which could cause trouble). (thanks to Jarno Huuskonen
for noticing this)

14-May-2002 (Version 1.34)

- Added support for 5 new configuration keywords/options, which
can be found in Engine 2.10

"Pdf"
"Rtf"
"Html"
"Elf"
"WordB"

11-May-2002 (Version 1.33)

- Version number change. This should encourage people to upgrade

29-Apr-2002 (Version 1.33rc7)

- Some AIX related fixes

- Sophie binary is now being stripped on most platforms, by default

23-Apr-2002 (Version 1.33rc6)

- Added check for sys/sched.h and sched.h (for AIX) in configure.in

- Check for vsnprintf() (in stdio.h) in configure.in

- sophie.h contents moved to config.h

23-Apr-2002 (Version 1.33rc5)

- --enable-timestamps configure option added. Timestamps have to be
specifically enabled (since daemontools add timestamp, to Sophie
which is running in foreground mode, already)

22-Apr-2002 (Version 1.33rc4)

- Timestamp is now printed with Sophie messages, when Sophie is
not started in daemon mode.

17-Apr-2002 (Version 1.33rc3)

- Removed WAIT_ANY completely, and put -1 for waitpid() call.

- Signal handler (for SIGCHLD) needs to be re-initialized when
SIGCHLD is caught. This was causing trouble on Solaris.

17-Apr-2002 (Version 1.33rc2)

- Cleaned up sophie.c a bit (removed some code outside of loop,
which could never be executed)

- Fixes for Tru64 (OSF 4.x, OSF 5.x). Sophie now compiles okay on
OSF 4.0g and OSF 5.1a, with Compaq C compiler

- WAIT_ANY is defined as -1 in sophie.h, if it already doesn't
exist in the system.

13-Apr-2002 (Version 1.33rc1)

- Signal handling redone

- New configuration option added: --enable-error-strings

Sophie can now return the error message, when error occured. For
example, when --enable-error-string is used, Sophie will return:

-1:Error: Virus scan failed

NOTE: Make sure you know what you're doing when enabling this
option. It will, most likely, break most apps that talk to
Sophie.

- Parent process now runs as root, and each child is running as
RUNAS_USER. Socketfile/pidfile are being removed now, when Sophie
is terminated.

- HUP signal will now terminate Sophie, and restart it (by issuing
execv(program_name, program_args).

- Sophie prints more information when '-v' switch is used.

NOTE: Output format has been modified slightly, so make sure
that it doesn't affect any scripts that might be invoking
Sophie with '-v' switch.

- The timeout now doesn't affect the length of the whole connection,
but the length of scanning a file. Before, it was working like:

* accept connection
* set alarm timeout
* fgets() while loop, which reads line of input at a time
* scan a file
* exit (or abort, it timeout was reached meanwhile)

Now, it works like:

* accept connection
* set alarm timeout (initially, we need this one)
* fgets() while loop, which reads line of input at a time
* scan a file
* set alarm timeout
* exit (if connection was closed, or if timeout for the last
scanning was reached)

So, if you want to scan 10 files, timeout will affect each of
them, not all of them (hope this makes sense :)

NOTE: Please, keep in mind that if you use internal Sophie
routine for scanning directory, timeout will not be reset
for every file in a directory!

- Increased default timeout to 300 seconds. There are files which
take ages to get scanned, so...

- Added support for SOPHOS_HQX_DECOMPRESSION flag

- Latest config.guess and config.sub added

- Portability (Tru64) fixes

- Ignoring SIGALRM in parent process

12-Mar-2002 (Version 1.32)

- Sophie wouldn't compile if network support was disabled. Stupid
error on my side.

- Added more error cases in sophie_core.c. When -1 is returned, text
error message will be logged for many more cases.

- Using strrchr() instead of rindex()

12-Mar-2002 (Version 1.31)

- 'Network' feature added to Sophie. It is possible from remote
machine to send a file to Sophie (which listens on some port),
and have that file scanned, and response returned.

Read README.NETWORK for more details.

WARNING:

This feature is considered EXPERIMENTAL and UNSTABLE. Don't use
use it on production machine without doing some heavy testing
first.

New configure options:

--enable-net enable network support [no]
--with-net-port=PORT port to use [4009]
--with-net-tempdir=DIR temporary directory to use for network scans [/tmp]

- AIX related changes to configure.in.

- SOPHIE_LISTEN_QUEUE is now the same as MAX_PROC. Sophie will
accept as many connections as it can fork processes.

- gcc -rpath, option (for linker) is now used in order to
make sure binary will look in the right place for the library.
(Thanks to Will Day for testing/helping)

This will solve the LD_LIBRARY_PATH "requirement" (I hope)

26-Feb-2002 (Version 1.30)

- added --with-timeout configure option

- Increased SOPHIE_LISTEN_QUEUE to 30

* Integrated a patch from willday -at- rom.oit.gatech.edu
(these are all his contribution - many, many thanks)

- Adds configure options for several things out of sophie.h:

--with-socketfile=PATH path of socket file [/var/run/sophie]
--with-pidfile=PATH path of pid file [/var/run/sophie.pid]
--with-user=USER user to run as [varies per OS]
--with-group=GROUP group to own socket file [varies per OS]
--with-maxproc=NUM max concurrent scans [20]
--with-logname=NAME name for syslog messages [sophie]
--with-logfacility=FACILITY facility for syslog messages [LOG_MAIL]
--with-logpriority=PRIORITY priority for syslog messages [varies per OS]

- Replaces "SLOWARIS" ifdef with a more proper "SOLARIS". :)

- Adds support for Sun C "SunPro" compiler in s_comput.h. (At least, for
5.0. I don't have 4.x or 6.0 convenient to test.)

- Adds "-R${savilib}" (runtime search path) to LDFLAGS and "-xCC" (allows
c++ comments) to CFLAGS when using solaris/cc.

- Moves "-Isav_if" from configure.in to Makefile.in, to allow specifying
CFLAGS at configure time.

- In configure.in, sets CFLAGS only if not specified, and chooses default
CFLAGS in a more portable manner.

- Replaces getpwnam with getgrnam (and related) when working with the
SOPHIE_SOCKET_GROUP.

* In Makefile.in:

- Replaces "@LDFLAGS@" with "${LDFLAGS}" in 'sophie' link target, since
@LDFLAGS@ is already substituted at the top of the Makefile.in.

- Changes 'sophie' link target to allow recompilation of only those
object files that need it (rather than recompilation of all files for
each link).

25-Feb-2002 (Version 1.18)

- RUNAS_USER added to sophie.h - Sophie can now run as user other
than root (default is 'mail' on Linux - check the file please).

NOTE: Make sure user the Sophie is running as does have read
privileges to directory and files which needs to be scanned.
Otherwise, you will get -1 response.

- setpriority() removed. It was not as useful as one would expect ;)

- eicar.com is now created from Makefile, instead of being bundled
in tarfile (Thanks to Lars Hecking for neat Makefile entry)

- Old SYSLOG_FACILITY defines changed to SYSLOG_LEVEL (to avoid
confusion). SYSLOG_FACILITY set to LOG_MAIL. Thanks to Klaus Muth
for patch.

- Added support for 10 new configuration keywords/options, which
can be found in Engine 2.9

"Mime"
"ActiveMimeHandling"
"DelVBA5Project"
"ScrapObjectHandling"
"SrpStreamHandling"
"Office2001Handling"
"Upx"
"Mac"
"SafeMacDfHandling"
"PalmPilotHandling"

- SOPHIE_TIMEOUT (in sophie.c) increased from 30 to 90 (seconds)
Some people did have problems with Sophie (scanning) terminating
while scanning big attachments.

29-Oct-2001 (Version 1.17)

(modification submitted by Lutz Jaenicke )
- Added @LDFLAGS@ in Makefile. Now "# LDFLAGS= ./configure"
can be used when compiling Sophie.

- PIDFILE added (/var/run/sophie.pid). Will simplify restart/shutdown
of Sophie in scripts

- Sophie now detaches properly from file descriptors and parent process
group. This will prevent OpenSSH channels from being open when
logging out.

16-Aug-2001 (Version 1.16)

- Sophie checks for the file/dir existance before scanning
(requested - implemented)

10-Aug-2001 (Version 1.15)

- Small 'visual' change - socket path will now show up in output of
"sophie -v" command

10-Aug-2001 (Version 1.14)

- Sophie can process directories now (too many people were asking
for this, I had to implement it :).

If you supply a directory to Sophie, it will return when it
finds the first virus. Keep in mind - Sophie still returns only
virus name, not the filename which was infected. Also keep in
mind that it is doing scanning recursively, and also keep in
mind that I might have screwed up something when implementing
that recursive function :) Test it please...

Filename reporting might be added later, but I have to point
this once again - I made Sophie because I wanted to *detect*
viruses in mails (and analyze those mails later), not because
I wanted to write a replacement for Sophos 'sweep' program
which does all those nice things people keep asking for :)

So - some features might need to wait, since I want to make sure
Sophie works okay as it is now.

- If invalid group was specified for sophie socket, and -D was used,
error would show up only in syslog. Now, Sophie will complain to
stderr as well.

08-Aug-2001 (Version 1.13)

- Modified the way Sophie reads from the socket. Before, only one
request (for file) would be processed (because I didn't need
anything else :). Now, you can send more requests, as long as
socket to Sophie is open.

(requested by Rainer Link )

07-Aug-2001 (Version 1.12)

- Changed syslog defaults for different OSs (the facilities)

02-Aug-2001 (Version 1.11)

- Added alarm() in order to catch processes that do not receive
data (through the socket) during SOPHIE_TIMEOUT seconds. If
no data is received, Sophie child will exit.

31-Jul-2001

- Portability fixes. Now seems to work just fine on Solaris and
HP-UX. Tested: Solaris 7 (Sparc, gcc3), Solaris 8 (x86, gcc2),
and HP-UX 10.20 (gcc2).
- Started adding more error checking (on response from Sophos
library). All error messages from swerror2.h will be included
in 'human readable' format - just in case something goes
wrong.

30-Jul-2001

- Signals now caught using sigaction() instead of signal. More
portable, and much much more reliable (at least for me :)
- Compiles/works on HP-UX 10.20 with GCC 2.95.3
- Socket on Linux group-owned by "mail"
- Socket on Solaris/BSD group-owned by nobody"
- Socket on HP-UX 10.20 group-owned by "daemon"
- Increased SOPHIE_LISTEN_QUEUE and MAX_PROC values

29-Jul-2001 (Version 1.10)

- Added "support" for 3 new configuration keywords/options, which
can be found in Engine 2.5

"Vbe" (SOPHOS_VBE)
"ExecFileDisinfection" (SOPHOS_EXEC_FILE_DISINFECTION)
"VisioFileHandling" (SOPHOS_VISIO_FILE_HANDLING)

24-Jun-2001 (Version 1.9)

- Changed SOPHIE_SOCKET_GROUP (in sophie.h) to 'mail' (was 'virge')
- Modified the way processes are limited (suggested by Philipp
Gaschütz (philipp -at corpex.de))
- Modified Makefile.in, so that sophie will be rebuilt if any
changes are made to *.c files, and make is re-issued (til now,
you had to 'make clean ; make' in order to rebuild sophie after
making changes to sources)

18-May-2001 (Version 1.8)

- Added REPORT_VIRUSNAME in sophie.h - if set to 1, virus name will
be returned by Sophie
- Updated sophie_core.c to fill in VIR_NAME variable with virus name
- Updated perl sample app to print virus name (if returned by
Sophie)