Enterprise anti-virus software

Sophos's Enterprise anti-virus solution provides anti-virus scanning engines for networked workstations and servers. Its Enterprise management system has two components: the Enterprise Management Library, which should be installed on a Windows 2000/2003 server with Internet access, and the Enterprise Console, which can be installed on the same system or on another running Windows 2000 Professional or Windows XP.

The Enterprise Management Library is effectively a central repository for software and, as with all good libraries, it can have "branches" in other locations. These retrieve their data from the central library, and workstations retrieve their updates from these "child" libraries, thus reducing the load on the central server in larger networks, and distributing traffic more evenly across the network.

The library maintains the code and signature base, downloading updates from Sophos's web servers at frequent intervals. This worked well in testing, the workstations downloading their software updates with no problems. The Enterprise Manager console - a Microsoft Management Console (MMC) snap-in - is used to configure the library software to determine what kind of software will be installed and the frequency of the updates.

The Enterprise Console, another MMC snap-in, is where the day to day administration takes place. From here the anti-virus software can be retrieved from the EM Library and installed to any Windows system based on 32-bit code, including Windows NT4.0 with SP6a. Other systems, such as those running Windows 98 or Mac OS 8/9 or X, must have their software installed manually, which could be an issue where branch offices are concerned, but all systems can be monitored and updated from the console.

Unlike other anti-virus scanners, Sophos does not insist on a full system scan on installation. While this minimises user disruption during rollout it does mean that a virus can remain undetected until it falls foul of the resident scanner. On the other hand the software has a group policy facility that can be used to schedule scans of local drives and peripherals at predetermined times, so this is less of an issue than it might first appear.

Although primarily designed to ensure that systems are automatically checked and kept up to date, policies can also be created to trigger an immediate action to occur on a specific system if required. Network administrators could use this facility to disinfect computers directly from the management console. Virus warning messages can be displayed at the infected workstation, while an alert indicator also appears against the affected machine on the management console display. This worked well during testing, with the system reporting all infected files, but it did not report our remote control software. Warnings and alerts can also be sent via e-mail and logged to the system event Log.

Unusually, the system can produce reports covering virus alert details for up to twelve months, which could be invaluable in tracking down viruses reintroduced from backups or other sources.

And with its ability to support systems running Linux, NetWare or Windows, as well as VMS or OS/2, it's a product that will deal with mature networks well.

Versions tested: Enterprise Console version 1.0, EMLibrary 1.2, Anti-Virus for Windows 2000/XP/2003 version 5.0, Anti-Virus for Windows 95/98/NT4 version 4.5, Anti-Virus for Mac OS X version 4.5

Verdict

A straightforward and effective networked anti-virus solution

Requirements: Windows 2000 Server with SP3 or later, Windows Server 2003, Windows 2000 Professional with SP3 or later, Windows XP with SP1 or later