------------------------------------------------------------------------ 16-Nov-2005 (Version 3.05) - Bug fix for daemon tools problem that was introduced in 3.04. All signals are now caught by the main process and forwarded to the worker process. This allows Sophie to work with Daemon Tools again. - Bug fix for skipping the "." and ".." directories. Sophie used to just skip the first two directories assuming they would always be "." and "..", which is not always the case on some file systems. It now performs a strcmp to check for "." and ".." instead. - Bug fix for sophie_scandir problem. Sophie would not report corrupt, password protected, etc files when performing directory scans. It has been changed to return the "worst" result now. If there is an infected file with a scanned directory, the infected return code (1) is returned. If, however, the directory (and all sub-directories) are clean, but there is at least one error (corrupt, password protected, etc) file, Sophie will return the error return code (-1). Only if all files are clean and error free will the OK (0) code be returned. - In sig_exit(), sophie_end() is only called if it is the main process, and not a child process. - Changed the AC_CHECK_LIB macro in configure.in to look for DllGetClassLibrary instead of SAVIsweepFile since SAVIsweepFile was removed from libsavi in the 3.99 release of Sophie Anti-Virus. New configure script was generate from configure.in also. - Removed the call to sophie_syslog when an infected file is found since the call to sophie_print on the previous line will log to syslog anyway when in daemon mode, effectively causing two log entries with the same information. ------------------------------------------------------------------------ 01-Jun-2005 (Version 3.04) - Includes fix for the semaphore issue. Sophos Anti-Virus is now initialized and used as the non-root user. Root only initializes and cleans up the socket(s). ------------------------------------------------------------------------ 28-Jan-2004 (Version 3.04rc2) NOTE: You SHOULD modify etc/sophie.savi before copying it to /etc/ directory. Current (default) setting might or might not make any sense at all, but it is what SAVI sets by default as well. - etc/sophie.savi is now set with SAVI default. Names/values are set as to default SAVI settings from SetConfigDefaults(pSAVI) call. - 28 new SAVI options added to etc/sophie.savi file. Options were taken with SAVI 3.77. - Check for nanosleep before including rt library - "Grp" options fix in sophie_init.c. Thanks to Markus Stumpf for spotting it. ------------------------------------------------------------------------ 21-Nov-2003 (Version 3.04rc1) - Small fix to sophie.8 manpage. Thanks to Anne Bennet for sending the patch to me. - Update RPM spec file (in contrib/). Thanks to Tim Jackson for sending it to me. - Applied Sebastian Hagedorn's patch, which causes Sophie to return 0 for non-fatal errors. Thanks to Sebastian for this patch. NOTE: This patch adds --enable-only-fatal-err configuration option, and has to be enabled manually - Changed usleep() to nanosleep(). Thanks to David Snowden for suggesting this and sending a patch. This should fix problems which people have been experiencing on Solaris. - Fixed descriptor leak in sophie_scandir.c. Thanks to Rob McMahon for spotting this and sending a patch. - Fixed a 'socket leak' in network portion of Sophie. Everyone using network version of Sophie should upgrade. - Added setsockopts for SO_REUSEADDR and TCP_NODELAY (also for network portion of Sophie) ------------------------------------------------------------------------ 09-Jun-2003 (Version 3.03) - Removed 'Mac' and 'SafeMacDfHandling' options from sophie.savi - Fix in sophie_syslog(), so that errors are not printed when config.logfacility and/or config.logpriority are not set. - HP-UX compatibility changes to configure.in ------------------------------------------------------------------------ 10-May-2003 (Version 3.02) - Major bug fixed (infite loop in sophie_getline()). Thanks to Lutz Jaenicke for sending a patch and detailed description of the problem. - Added --enable-fgets configuration option. If someone still has problems with sophie_getline() after today's fix, this can be used in 'panic mode'. Will be removed if 3.02 finally gets stable after the sophie_getline() fix. ------------------------------------------------------------------------ 29-Apr-2003 (Version 3.01) - glibc23 (RH9) workaround didn't really work well. Taken out. NOTE: To use Sophie on RH9, compile on some other RH release, and just copy to RH9 box. Sophos should release updated library soon, I hope. ------------------------------------------------------------------------ 28-Apr-2003 (Version 3.00) - Version number change, and public release ------------------------------------------------------------------------ 24-Apr-2003 (Version 3.00rc4) - Workaround for glibc23 based systems (--enable-glibc23 switch) Thanks to Jeffrey C. Ollie for providing workaround - SIGHUP handler is now reinstalled on -HUP Thanks to Geoff Gibbs for reporting/noticing this ------------------------------------------------------------------------ 15-Mar-2003 (Version 3.00rc3) - buf is now MAXPATHLEN (was hardcoded to 256 - forgot about it :) Thanks to Rainer Link for pointing this out - Removed fgets() in while() loop, and substituted it with sophie_getline(). Removed code that reopens the socket, and the references to msgfp. Thanks to Rainer Link for pointing the problems with fgets() NOTE: Please test this release, and let me know if you experience any trouble with sophie_getline() - Code cleanups - Additions to s_comput.h, for Sun compiler compatibility. ------------------------------------------------------------------------ 07-Mar-2003 (Version 3.00rc2) - Updated README file - Umask can now be set in the sophie.cfg file - Added explanation for NameSpaceSupport in SAVI configuration file (as explained in the SAVI SDK) - Removed some entries from sophie_syslog.h (were Linux specific, it seems) - Converted all files from sav_if/ subdir to UNIX format (they had CRLFs at the end of line, which caused problems) ------------------------------------------------------------------------ 03-Mar-2003 (Version 3.00rc1) - Added 'config' global var which holds Sophie configuration data. Sophie reload (-HUP) will now also update some of the Sophie configuration options, if configuration file has been changed. - Added sophie_notify.c. Callbacks are now implemented, which can be used to perform timeouts, set limits (max number of scanned files inside archives, etc.). These limits can be used to prevent Sophie from getting into infinite loops. Also, inside the callbacks check if the remote socket is still connected is implemented. If socket goes away, so does Sophie. This is still EXPERIMENTAL. - Cleaned up error/warning/notice messages - Introduced SAVI configuration file (sophie.savi) - Sophie reloads (patterns/engine) now "natively", using LoadVirusData() feature of SAVI3. execv() is removed. - Introduced configuration file (sophie.conf) which lists all the SAVI configuration options which can be set/reset. Use -C switch to use specific configuration file. - Cleaned up sophie_init.c a lot. Removed sophie_init.h - Added savitype_extended.h in Sophie root. Configuration options not listed in sav_if/savitype.h will be listed here (although not used by/for anything) - Modifications made in order to be (more) compatible with SAVI V3. - Cleaned up code a bit (moved declarations of some functions from sophie.h) ------------------------------------------------------------------------ 02-Jan-2003 (Version 1.41) - License is modified [sophie.c], in order to allow linking to SAVI This should, hopefully, resolve some "legal" issues. Thanks to Rainer Link for the tip. - SOPHIE_SOPHOS_UPX is now enabled by default (in sophie_init.h), so that Yaha-K (and similar things) can be detected. - Small manpage added. Thanks to Anne Bennett for the manpage. - Sophie now logs failure to restart itself. Thanks to Anne Bennett for the patch. - Added contrib/ subdirectory. RPM specfile and init file added. Thanks to Tim Jackson for the files. ------------------------------------------------------------------------ 20-Jun-2002 (Version 1.40rc1) - Sophie will print current PROC_COUNT when SIGUSR1 is delivered to parent process. [sophie.c] - Small typo fixed [sophie.c] - Socket file was actually not chowned() to RUNAS_USER when Sophie started. Only group was modified. [sophie.c] - Moved stuff from config.h(.in), and put back sophie.h. Can't remember why I removed sophie.h at all. - Added break for all cases that return -1 in sophie_scanfile() [sophie_core.c] - Fix for a memory leaks in sophie_log_virus() [sophie_core.c] and sophie_scanfile() [sophie_core.c]. If one child process would scan many files, this problem could be observed. Thanks to Sophos for providing patch for this. - Minor fix (added #ifdef for timestamp declarations) [sophie_core.c] Thanks to Sophos for noticing this. ------------------------------------------------------------------------ 20-Jun-2002 (Version 1.39rc1) - Version number change ------------------------------------------------------------------------ 16-Jun-2002 (Version 1.39rc1) - Signal handling (SIGCHLD) redone in order to make sure PROC_COUNT is properly decremented. ------------------------------------------------------------------------ 11-Jun-2002 (Version 1.38) - When reloading, Sophie would try to close/shutdown network socket even if it was not compiled with --enable-net. Would cause Sophie to stop working properly after -HUP was sent. ------------------------------------------------------------------------ 02-Jun-2002 (Version 1.37) - Forgot to close/shutdown tcp_sock when restarting Sophie. That would generate "Address already in use" errors when network mode was used. Fixed. - initgroups() is now called only if Sophie is started by root - Fixed a typo in configure.in and added missing #undef for UNISTD_H_DECLARES_INITGROUPS (Scot W. Hatzel provided most of the patches for this release) - Checking if errno == EAGAIN (with network mode), and reading again (Thanks to Scot W. Hetzel for reporting this) - Modified sample_apps/sock_net/send_file.c ; send_msg now contains newline, as opposed to sending newline after 1st write() (Thanks to Scot W. Hetzel for reporting this) - Made sample_apps/perl_net/*.pl Perl 5.005 compatible. It doesn't like '$sock' as a name of a socket - changed to SOCK. (Thanks to Scot W. Hetzel for reporting this) - FreeBSD declares initgroups() in unistd.h - added check to configure for that (Thanks to Scot W. Hetzel for reporting this) - Include netinet/in.h if compiling on FreeBSD (Thanks to Alain Fauconnet and Scot W. Hetzel for reporting this) ------------------------------------------------------------------------ 01-Jun-2002 (Version 1.36) - SAVI config option "OutlookExpress" added (no idea what it does) - Added verbosity (for --enable-error-strings) at few more places where -1 was returned [sophie.c] - If opendir() [sophie_scandir.c] fails, verbose error message is returned (before, it was only '-1:' if error strings were enabled (suggested by Mark Martinec) - PROC_COUNT is printed on child startup (w/ debugging turned on) - declared PROC_COUNT as volatile (suggested by Mark Martinec) - config.h is now a dependancy, and in case it's changed, 'make' will recompile Sophie (suggested by Mark Martinec) - Fixed major bug which was introduced when -HUP handling was being rewritten (PROC_COUNT would not be decreased properly) - AIX related fix (initgroup is not in grp.h, on AIX 4.2) - AIX 'default user' changed to daemon (seems that 'mail' is just a mail alias on AIX - not an account) ------------------------------------------------------------------------ 20-May-2002 (Version 1.35) - Removed #define of "BSD", since it wasn't being used anywhere, and would cause gcc to complain about redefinition of BSD - Checking if the user (RUNAS_USER) really exists, before Sophie starts. (thanks to Jarno Huuskonen for noticing this) - [SECURITY] Added initgroups() in order to 'reset' list of supplemental groups available to Sophie child process. (thanks to Jarno Huuskonen for noticing this) - Checking if the userInfo->pw_gid is valid (and not a NULL, for example, which could cause trouble). (thanks to Jarno Huuskonen for noticing this) ------------------------------------------------------------------------ 14-May-2002 (Version 1.34) - Added support for 5 new configuration keywords/options, which can be found in Engine 2.10 "Pdf" "Rtf" "Html" "Elf" "WordB" ------------------------------------------------------------------------ 11-May-2002 (Version 1.33) - Version number change. This should encourage people to upgrade ------------------------------------------------------------------------ 29-Apr-2002 (Version 1.33rc7) - Some AIX related fixes - Sophie binary is now being stripped on most platforms, by default ------------------------------------------------------------------------ 23-Apr-2002 (Version 1.33rc6) - Added check for sys/sched.h and sched.h (for AIX) in configure.in - Check for vsnprintf() (in stdio.h) in configure.in - sophie.h contents moved to config.h ------------------------------------------------------------------------ 23-Apr-2002 (Version 1.33rc5) - --enable-timestamps configure option added. Timestamps have to be specifically enabled (since daemontools add timestamp, to Sophie which is running in foreground mode, already) ------------------------------------------------------------------------ 22-Apr-2002 (Version 1.33rc4) - Timestamp is now printed with Sophie messages, when Sophie is not started in daemon mode. ------------------------------------------------------------------------ 17-Apr-2002 (Version 1.33rc3) - Removed WAIT_ANY completely, and put -1 for waitpid() call. - Signal handler (for SIGCHLD) needs to be re-initialized when SIGCHLD is caught. This was causing trouble on Solaris. ------------------------------------------------------------------------ 17-Apr-2002 (Version 1.33rc2) - Cleaned up sophie.c a bit (removed some code outside of loop, which could never be executed) - Fixes for Tru64 (OSF 4.x, OSF 5.x). Sophie now compiles okay on OSF 4.0g and OSF 5.1a, with Compaq C compiler - WAIT_ANY is defined as -1 in sophie.h, if it already doesn't exist in the system. ------------------------------------------------------------------------ 13-Apr-2002 (Version 1.33rc1) - Signal handling redone - New configuration option added: --enable-error-strings Sophie can now return the error message, when error occured. For example, when --enable-error-string is used, Sophie will return: -1:Error: Virus scan failed NOTE: Make sure you know what you're doing when enabling this option. It will, most likely, break most apps that talk to Sophie. - Parent process now runs as root, and each child is running as RUNAS_USER. Socketfile/pidfile are being removed now, when Sophie is terminated. - HUP signal will now terminate Sophie, and restart it (by issuing execv(program_name, program_args). - Sophie prints more information when '-v' switch is used. NOTE: Output format has been modified slightly, so make sure that it doesn't affect any scripts that might be invoking Sophie with '-v' switch. - The timeout now doesn't affect the length of the whole connection, but the length of scanning a file. Before, it was working like: * accept connection * set alarm timeout * fgets() while loop, which reads line of input at a time * scan a file * exit (or abort, it timeout was reached meanwhile) Now, it works like: * accept connection * set alarm timeout (initially, we need this one) * fgets() while loop, which reads line of input at a time * scan a file * set alarm timeout * exit (if connection was closed, or if timeout for the last scanning was reached) So, if you want to scan 10 files, timeout will affect each of them, not all of them (hope this makes sense :) NOTE: Please, keep in mind that if you use internal Sophie routine for scanning directory, timeout will not be reset for every file in a directory! - Increased default timeout to 300 seconds. There are files which take ages to get scanned, so... - Added support for SOPHOS_HQX_DECOMPRESSION flag - Latest config.guess and config.sub added - Portability (Tru64) fixes - Ignoring SIGALRM in parent process ------------------------------------------------------------------------ 12-Mar-2002 (Version 1.32) - Sophie wouldn't compile if network support was disabled. Stupid error on my side. - Added more error cases in sophie_core.c. When -1 is returned, text error message will be logged for many more cases. - Using strrchr() instead of rindex() ------------------------------------------------------------------------ 12-Mar-2002 (Version 1.31) - 'Network' feature added to Sophie. It is possible from remote machine to send a file to Sophie (which listens on some port), and have that file scanned, and response returned. Read README.NETWORK for more details. WARNING: This feature is considered EXPERIMENTAL and UNSTABLE. Don't use use it on production machine without doing some heavy testing first. New configure options: --enable-net enable network support [no] --with-net-port=PORT port to use [4009] --with-net-tempdir=DIR temporary directory to use for network scans [/tmp] - AIX related changes to configure.in. - SOPHIE_LISTEN_QUEUE is now the same as MAX_PROC. Sophie will accept as many connections as it can fork processes. - gcc -rpath, option (for linker) is now used in order to make sure binary will look in the right place for the library. (Thanks to Will Day for testing/helping) This will solve the LD_LIBRARY_PATH "requirement" (I hope) ------------------------------------------------------------------------ 26-Feb-2002 (Version 1.30) - added --with-timeout configure option - Increased SOPHIE_LISTEN_QUEUE to 30 * Integrated a patch from willday -at- rom.oit.gatech.edu (these are all his contribution - many, many thanks) - Adds configure options for several things out of sophie.h: --with-socketfile=PATH path of socket file [/var/run/sophie] --with-pidfile=PATH path of pid file [/var/run/sophie.pid] --with-user=USER user to run as [varies per OS] --with-group=GROUP group to own socket file [varies per OS] --with-maxproc=NUM max concurrent scans [20] --with-logname=NAME name for syslog messages [sophie] --with-logfacility=FACILITY facility for syslog messages [LOG_MAIL] --with-logpriority=PRIORITY priority for syslog messages [varies per OS] - Replaces "SLOWARIS" ifdef with a more proper "SOLARIS". :) - Adds support for Sun C "SunPro" compiler in s_comput.h. (At least, for 5.0. I don't have 4.x or 6.0 convenient to test.) - Adds "-R${savilib}" (runtime search path) to LDFLAGS and "-xCC" (allows c++ comments) to CFLAGS when using solaris/cc. - Moves "-Isav_if" from configure.in to Makefile.in, to allow specifying CFLAGS at configure time. - In configure.in, sets CFLAGS only if not specified, and chooses default CFLAGS in a more portable manner. - Replaces getpwnam with getgrnam (and related) when working with the SOPHIE_SOCKET_GROUP. * In Makefile.in: - Replaces "@LDFLAGS@" with "${LDFLAGS}" in 'sophie' link target, since @LDFLAGS@ is already substituted at the top of the Makefile.in. - Changes 'sophie' link target to allow recompilation of only those object files that need it (rather than recompilation of all files for each link). ------------------------------------------------------------------------ 25-Feb-2002 (Version 1.18) - RUNAS_USER added to sophie.h - Sophie can now run as user other than root (default is 'mail' on Linux - check the file please). NOTE: Make sure user the Sophie is running as does have read privileges to directory and files which needs to be scanned. Otherwise, you will get -1 response. - setpriority() removed. It was not as useful as one would expect ;) - eicar.com is now created from Makefile, instead of being bundled in tarfile (Thanks to Lars Hecking for neat Makefile entry) - Old SYSLOG_FACILITY defines changed to SYSLOG_LEVEL (to avoid confusion). SYSLOG_FACILITY set to LOG_MAIL. Thanks to Klaus Muth for patch. - Added support for 10 new configuration keywords/options, which can be found in Engine 2.9 "Mime" "ActiveMimeHandling" "DelVBA5Project" "ScrapObjectHandling" "SrpStreamHandling" "Office2001Handling" "Upx" "Mac" "SafeMacDfHandling" "PalmPilotHandling" - SOPHIE_TIMEOUT (in sophie.c) increased from 30 to 90 (seconds) Some people did have problems with Sophie (scanning) terminating while scanning big attachments. ------------------------------------------------------------------------ 29-Oct-2001 (Version 1.17) (modification submitted by Lutz Jaenicke ) - Added @LDFLAGS@ in Makefile. Now "# LDFLAGS= ./configure" can be used when compiling Sophie. - PIDFILE added (/var/run/sophie.pid). Will simplify restart/shutdown of Sophie in scripts - Sophie now detaches properly from file descriptors and parent process group. This will prevent OpenSSH channels from being open when logging out. ------------------------------------------------------------------------ 16-Aug-2001 (Version 1.16) - Sophie checks for the file/dir existance before scanning (requested - implemented) ------------------------------------------------------------------------ 10-Aug-2001 (Version 1.15) - Small 'visual' change - socket path will now show up in output of "sophie -v" command ------------------------------------------------------------------------ 10-Aug-2001 (Version 1.14) - Sophie can process directories now (too many people were asking for this, I had to implement it :). If you supply a directory to Sophie, it will return when it finds the first virus. Keep in mind - Sophie still returns only virus name, not the filename which was infected. Also keep in mind that it is doing scanning recursively, and also keep in mind that I might have screwed up something when implementing that recursive function :) Test it please... Filename reporting might be added later, but I have to point this once again - I made Sophie because I wanted to *detect* viruses in mails (and analyze those mails later), not because I wanted to write a replacement for Sophos 'sweep' program which does all those nice things people keep asking for :) So - some features might need to wait, since I want to make sure Sophie works okay as it is now. - If invalid group was specified for sophie socket, and -D was used, error would show up only in syslog. Now, Sophie will complain to stderr as well. ------------------------------------------------------------------------ 08-Aug-2001 (Version 1.13) - Modified the way Sophie reads from the socket. Before, only one request (for file) would be processed (because I didn't need anything else :). Now, you can send more requests, as long as socket to Sophie is open. (requested by Rainer Link ) ------------------------------------------------------------------------ 07-Aug-2001 (Version 1.12) - Changed syslog defaults for different OSs (the facilities) ------------------------------------------------------------------------ 02-Aug-2001 (Version 1.11) - Added alarm() in order to catch processes that do not receive data (through the socket) during SOPHIE_TIMEOUT seconds. If no data is received, Sophie child will exit. ------------------------------------------------------------------------ 31-Jul-2001 - Portability fixes. Now seems to work just fine on Solaris and HP-UX. Tested: Solaris 7 (Sparc, gcc3), Solaris 8 (x86, gcc2), and HP-UX 10.20 (gcc2). - Started adding more error checking (on response from Sophos library). All error messages from swerror2.h will be included in 'human readable' format - just in case something goes wrong. ------------------------------------------------------------------------ 30-Jul-2001 - Signals now caught using sigaction() instead of signal. More portable, and much much more reliable (at least for me :) - Compiles/works on HP-UX 10.20 with GCC 2.95.3 - Socket on Linux group-owned by "mail" - Socket on Solaris/BSD group-owned by nobody" - Socket on HP-UX 10.20 group-owned by "daemon" - Increased SOPHIE_LISTEN_QUEUE and MAX_PROC values ------------------------------------------------------------------------ 29-Jul-2001 (Version 1.10) - Added "support" for 3 new configuration keywords/options, which can be found in Engine 2.5 "Vbe" (SOPHOS_VBE) "ExecFileDisinfection" (SOPHOS_EXEC_FILE_DISINFECTION) "VisioFileHandling" (SOPHOS_VISIO_FILE_HANDLING) ------------------------------------------------------------------------ 24-Jun-2001 (Version 1.9) - Changed SOPHIE_SOCKET_GROUP (in sophie.h) to 'mail' (was 'virge') - Modified the way processes are limited (suggested by Philipp Gaschütz (philipp -at corpex.de)) - Modified Makefile.in, so that sophie will be rebuilt if any changes are made to *.c files, and make is re-issued (til now, you had to 'make clean ; make' in order to rebuild sophie after making changes to sources) ------------------------------------------------------------------------ 18-May-2001 (Version 1.8) - Added REPORT_VIRUSNAME in sophie.h - if set to 1, virus name will be returned by Sophie - Updated sophie_core.c to fill in VIR_NAME variable with virus name - Updated perl sample app to print virus name (if returned by Sophie) ------------------------------------------------------------------------