WARNING: This feature should be considered EXPERIMENTAL, and not used on production servers for now. Please, test it and let me know if you encounter problems. Since version 1.31, Sophie can be used to check files for viruses over the network. This feature could be useful if you are having multiple mail servers, and would like to avoid need for having a virus scanner installed on each host. This way, mail servers can send files to be scanned to the central virus checking host, and get results easily. NOTE: You have to use --enable-net configuration option in order to enable scanning over the network. On startup, Sophie will start listening on port (4009, by default), as well as on local socket. When connection is established to port, Sophie will expect one line if input first. The line looks like: filename/size The 'filename' parametar is the name of the file which Sophie should create locally, on the machine it is running. The size is the length of the file which is going to be sent over the network. To understand better the meaning of parameter 'filename', I will give an example. You connect to port 4009, and issue: test.tar.gz/1020 Sophie checks the input first, and if everything is okay, it will respond with 'OK' string. Sophie then creates a temporary directory on local hard disk, and opens a file 'test.tar.gz' in it, for writing. It expects 1020 bytes to be sent directly to port 4009. When 1020 bytes are sent, Sophie closes the file 'test.tar.gz', and proceeds with scanning. It returns the result then, and removes the temporary directory and temporary file. You have to make sure that only one '/' (slash) is sent as a filename parameter. If more than 1 are sent, Sophie will report an error. So - the 'filename.tar.gz' is just the filename as it should be called on local machine, for scanning - has nothing to do with the filename on the machine where the file is sent from. However, I would recommend just stripping the path of original filename on the client machine, and sending that. So, if you want to scan: /var/tmp/test.tar.gz send it as: test.tar.gz/ The reason for doing this is the fact that I'm not 100% sure how Sophos AV library is deciding which checks to perform on a file when scanning. If extension matters, then using mkstemp(), for example, would definitelly make Sophie not scan archives as it should (because mkstemp() files don't have any meaningful extension, obviously :). Better to be safe than sorry. So - after Sophie returns 'OK', client can send bytes to it, and wait for the response. It is possible to do multiple scans on a same open socket, one after another. To close the session, send 'QUIT' to Sophie. There are some sample programs (Perl and C) in 'sample_apps' subdirectory of the distributions. Although they were done quickly, they show the principle and hopefully explain how to use this feature. Configure options related to this feature are: (to enable 'scanning over network' feature) --enable-net enable network support [no] (to chose other port than 4009) --with-net-port=PORT port to use [4009] (define where Sophie will save files it receives over the network) --with-net-tempdir=DIR temporary directory to use for network scans [/tmp] Make sure that Sophie has write access to temporary directory you specify.