Sophie is a software daemon that leverages the 'libsavi' library provided by the Sophos anti-virus vendor.
Because Sophie is loaded into RAM, scanning is extremely fast. However, the speed of scanning is also dependent on SAVI settings and the size of the file being scanned. Sophie was originally created as a virus scanning tool for Virge, a mail virus/attachment scanning tool, and as such, not all SAVI features are implemented.
While some requested features have been added to Sophie, others may not be implemented. The intention of Sophie is not to replace Sophos tools like Sweep, but rather to offer a fast and efficient way to detect viruses. It cannot remove viruses or generate XLS reports. When requesting features to be added to Sophie, keep in mind that it was originally created for use with Virge and not as a workstation virus scanning tool.
Sophie initializes the SAVI interface and loads virus patterns, creates a local UNIX socket (default location: /var/run/sophie), and waits for someone to connect and send path(s) on the local filesystem that need to be scanned. It then forks a process, scans the path(s), and returns a result of 1:virusname if a virus is found. If no viruses are found, it returns 0 and goes back to sleep. The virus patterns always remain in memory, ensuring that subsequent scans are fast and resource-efficient.
The difference between Sophie and Sweep lies in initialization time. If you have a program, such as a local mail delivery agent, that needs to scan every few seconds or minutes, Sophie can provide significant performance improvements. Initializing the engine takes significantly less time with Sophie, compared to Sweep, which can make a notable difference in overall performance.
The latest release of Sophie includes several updates such as setting etc/sophie.savi to SAVI defaults, adding 28 new SAVI options to etc/sophie.savi file, checking for nanosleep before including rt library, and fixing the "Grp" options in sophie_init.c thanks to Markus Stumpf.
Version 3.04 RC2: N/A