University of Saskatchewan

Information and Communications Technology (ICT)

Accounts & Passwords

Services & Support

Hardware & Software

Guides & Resources

About ICT

Sophos - FAQs

1.Why Sophos?
2.What operating systems are supported?
3.What does SAV stand for?
4.Why are there two choices, SAV Client and Remote Update, for installing Sophos Anti-virus software?
5.What if I have virus software installed on my system already?
6.How do I install Sophos?
7.What does it mean when it says "Virus fragment reported"?
8.What is a "False positive"?
9.How does Sophos find new viruses?
10.What does "Virus not disinfected" mean?

1 . Why Sophos?

Sophos is a corporate level product aimed at protecting computers within a corporate network community. It is not marketed to home users as Norton Antivirus and McAfee Anti-virus are. Essentially, the U of S network, to which your computer belongs, is a corporate network community. Therefore, your computer deserves to be protected with corporate level anti-virus software.
Most other anti-virus programs have a limited lifespan before you are required to pay for an upgrade. ICT has found that the vast majority of student computers have outdated (and therefore ineffective) anti-virus software installed because an upgrade has not been purchased or a weak demo version was installed with the purchases of the computer. Sophos is free to members of the U of S community and upgrades will be available as they are released. 
The ICT Help Desk will be better able to advise you about new viruses and virus infections if you have Sophos Anti-virus installed on your computer.

2 . What operating systems are supported?

3 . What does SAV stand for?

SAV is short for Sophos Ant-virus.

4 . Why are there two choices, SAV Client and Remote Update, for installing Sophos Anti-virus software?

Sophos Ant-virus software is designed to run in two environments. Both applications talk to the U of S sever but how they do it is different.
SAV on campus is designed to get its updates over the U of S local area network (LAN). If you have a desktop computer on campus that is directly connected to the U of S LAN, then use SAV Client to install Sophos
Remote Update is designed to get its updates over the Internet. If you have a laptop computer or a computer at home connected to high speed Internet use Remote Update to install Sophos.

5 . What if I have virus software installed on my system already?

You must have virus software installed on your computer to ensure it is secure. You can only have one anti-virus application running on your computer. Installing two applications will cause your computer to crash. Which application you use is your choice. ICT recommends Sophos because it is site licensed and it has been configured so that it is always checking to ensure you get your updates from a server at the U of S.

6 . How do I install Sophos?

There are installation instructions for Windows, Macintosh and Unix / Linux operating systems. Sophos is site licensed software and requires your NSID username and password to access it. After entering your NSID the SAV client (on-campus desktops) or Remote Update (off-campus desktops and laptops) applications will be downloaded to your desktop. Run these programs to install the application.

7 . What does it mean when it says "Virus fragment reported"?

The report of a virus fragment indicates that part of a file matches part of a virus. There are two possible causes:

  1. Variant of a Known Virus

    Many new viruses are based on existing ones, so that code fragments typical of a known virus may appear in files infected with a new one. If a virus fragment is reported, it is possible that Sophos Anti-virus has detected a new virus, which could become active.


  3. Corrupted Virus

    Many viruses contain bugs in their replication routines so that they sometimes "infect" target files incorrectly. A portion of the virus body (possibly a substantial part) may appear within the host file, buy in such a way that it will never be actuated. In this case, Sophos Anti-virus will report "Virus fragment" rather than "Virus." A corrupted virus cannot be spread.

If a virus fragment is reported, contact Sophos technical support for advice.

8 . What is a "False positive"?

Sophos Anti-virus may very occasionally report a virus in a file that is not infected. This may happen if a sequence of bytes in a normal program matches part of a known virus (some polymorphic viruses deliberately include code that resembles normal programs). If you are ever in doubt, contact Sophos technical support for advice.


To decrease the chance of false positives:

  • Only check executable files
  • Perform a "Quick" rather than "Full" scan

9 . How does Sophos find new viruses?

  • Any virus-specific software will discover only those viruses known to the manufacturer at the time of software release. Sophos Anti-virus is updated each month, but it may very occasionally encounter a new virus, which it will fail to report.
  • If a virus unknown to Sophos Anti-virus is suspected, you can fill out a form to submit a sample to Sophos as soon as possible. If it is a virus, Sophos Anti-virus must be updated as soon as possible. When the virus has been analysed (which may take from 10 minutes to a few days), the virus identity (IDE) files which can be used for updating will be faxed or e-mailed to you. The latest virus identity (IDE) files can also be downloaded from the Sophos website.

10 . What does "Virus not disinfected" mean?

Sophos Anti-Virus may report that a virus has not been disinfected. In this case:

  1. Check that automatic disinfection is selected. If dealing with a disk or removable media, make sure that it is not write-protected.
  2. Check if it is an executable file. Sophos Anti-virus will not attempt to disinfect executable files because it is not possible to guarantee that the disinfected file has been properly restored.
  3. Check if it is a virus fragment. Sophos Anti-virus will not disinfect a virus fragment because it has not found an exact virus match.