[Mimedefang] Sophie can't detect Yaha-K

Jason Englander jason at englanders.cc
Thu Jan 2 14:19:01 EST 2003


On Fri, 3 Jan 2003, Dave Shrimpton wrote:

> Problem can be fixed by commenting out code in sophie_init.c
> which sets configuration value SOPHOS_UPX and recompiling sophie.

For those that don't know, UPX (http://upx.sf.net/) is an executable
packer (like PK Lite, Petite, ...).  I guess Sophie by default won't
check executables compressed by it.  I think sweep (the Sophos
commandline scanner) will because of this option (* = default):

  -sc     [*] : SWEEP inside dynamically compressed executables

I think an easier way of setting Sophie to scan for those would be to
open up sophie_init.h, find this line:

#define SOPHIE_SOPHOS_UPX                                       "0"

and change the 0 to a 1.  Then (re)compile.

I would imagine turning this on comes with the same potential problems
that decompressing any compressed file comes with (a billion 0s, more ram
hogged, etc.).

  Jason

-- 
Jason Englander <jason at englanders.cc>
394F 7E02 C105 7268 777A  3F5A 0AC0 C618 0675 80CA




More information about the MIMEDefang mailing list