information technology central services at the university of michigan
Installing and Using Sophos Anti-Virus for Mac OS X

S4339 • December 2006

Sophos Anti-Virus protects computers running the Mac OS X operating system against viruses, worms, and other software attacks. While there are currently no viruses for Mac OS X in the wild, ITCS strongly recommends that you protect yourself from future viruses by installing Sophos Anti-Virus.

NOTE: This document is also available as a PDF file.

Table of Contents


System Requirements

  • Operating System: Mac OS X 10.2 or later
    NOTE: ITCS provides support only for Mac OS X 10.3.9 or later.

  • Hardware: Power Mac G3 or later
    NOTE: Sophos can run on both PowerPC and Intel-based Macintosh computers.

  • Disk Space: 80 MB available

  • Memory: 128 MB

  • Connection to the Internet. We recommend a high-speed connection for best results.
NOTE: You must have administrator privileges on your Macintosh in order to install software, such as Sophos Anti-Virus, on it.

^ Table of Contents

What You Are Allowed to Install

The Sophos U-M license allows faculty, staff, students, and U-M Online subscribers to install Sophos Anti-Virus on their U-M office and home computers. Before you can download the software, you will be asked to log in with your uniqname and UMICH Kerberos password so that the number of Sophos licenses in use can be tracked.

^ Table of Contents

What Sophos Anti-Virus Does

Virus checks. When you open a file, Sophos checks it for viruses. If Sophos determines that a file is infected, it will try to disinfect the file for you. If it cannot disinfect the file safely, it will move the file to a secure folder that it will create.

Regular updates. Sophos Anti-Virus keeps itself current, checking hourly for new updates made available by Sophos. It installs new updates as they become available. This happens in the background and does not interfere with your use of your computer.

^ Table of Contents

Summary of What You'll Need to Do

  1. Download the U-M installer for Sophos Anti-Virus from the Blue Disc web site.

  2. For added protection, disconnect your computer from the Internet before proceeding with the installation. (As long as there are no known viruses for Macintosh out there, this is not really necessary. However, disconnecting from the Internet during installation of Sophos Anti-Virus minimizes your exposure to hostile code.)

  3. Before installing Sophos, uninstall any existing anti-virus software on your Macintosh to prevent conflicts. This includes earlier versions of Sophos Anti-Virus (see Appendix B: How to Uninstall Sophos Anti-Virus at the end of this document for instructions). Check the documentation for your existing anti-virus software or the vendor's web site for information about uninstalling it.

  4. Install Sophos Anti-Virus. U-M's installer installs the Sophos Anti-Virus software for you.

  5. If you disconnected your computer from the Internet before doing the installation, reconnect it so that you can run AutoUpdate.

  6. Run AutoUpdate. This will get you the most current set of virus definitions.

  7. Set preferences. We recommend that you set preferences as described in this document. Doing so will ensure the strongest level of protection and ease the trouble-shooting process, should the need arise.

  8. Scan your computer for viruses.

^ Table of Contents

Download the U-M Installer

  1. Use your web browser to go to the Blue Disc page:
    http://www.itcs.umich.edu/bluedisc/

  2. From the menu of operating systems in the upper right corner of the page, select Mac OS X.

  3. At the U-M Authentication Required page, log in with your uniqname and UMICH Kerberos password.

    Screen shot of Authentication Required page.

  4. Find Sophos Anti-Virus in the list of software available for Mac OS X, then click the Download link to the right of it.

  5. Some web browsers may ask you whether you want to open the file or save it to your computer. Select the Save option. You may be notified that the file being downloaded contains an application and asked if you want to continue downloading. If so, select Continue.

  6. The installer will be downloaded to your desktop (unless you have specified that it be downloaded elsewhere).

  7. If you are using Safari to download the installer, the installer file will mount and open automatically. If you are using another web browser, you will likely need to double-click the downloaded Sophos_Anti-Virus_U-M.dmg file to decompress it.

    Screen shot of of the .dmg file icon.

  8. The installer disc image will appear on your desktop.

^ Table of Contents

Install Sophos Anti-Virus

For added protection, disconnect your computer from the Internet before proceeding with the installation. (As long as there are no known viruses for Macintosh out there, this is not really necessary. However, disconnecting from the Internet during installation of Sophos Anti-Virus minimizes your exposure to hostile code.)

Before installing Sophos, uninstall any existing anti-virus software on your Macintosh to prevent conflicts. Check the documentation for your existing anti-virus software or the vendor's web site for information about uninstalling it.

IMPORTANT! If you installed an earlier version of Sophos and want to reinstall it, we recommend that you first remove the older version. See Appendix B: How to Uninstall Sophos Anti-Virus at the end of this document for instructions.

  1. Safari users can go on to Step 2. Those who use other web browsers may first need to double-click the Sophos Anti-Virus U-M installer disc image.

    Screen shot of installer disc image.

  2. In the disc image window, double-click the Sophos Anti-Virus icon.

    Screen shot of disc image window.

  3. In the dialog box that opens (this may take a few seconds), click Continue.

    Screen shot of dialog box.

  4. In the Welcome to the Sophos Anti-Virus Installer window, click Continue.

    Screen shot of Welcome window.

  5. In the Important Information window, read the notes in the scrollable window, then click Continue.

    Screen shot of the Important Information window.

  6. In the Select a Destination window, select your startup volume (if it is not already selected) and click Continue.

    Screen shot of Select a Destination window.

  7. In the Easy Install window, click Install.

    Screen shot of Easy Install window.

  8. You will be prompted for a name and password to authorize the installation of software on your machine.

    Use a Macintosh administrator user name and password—the same name and password you use when you install any software on your Macintosh computer. You must have administrator privileges on your computer to authorize installation of software.

    Screen shot of installer authentication

  9. Sophos Anti-Virus will be installed. When you see The software has been successfully installed, click Close.

    Screen shot of installation completion confirmation.

  10. Close the disc image window by clicking the red dot in the upper left corner.

  11. Find the Sophos Anti-Virus U-M disk image and the Sophos_Anti-Virus_U-M.dmg file on your desktop, and drag them to the Trash. Also, be sure to eject any CD or DVD from your CD/DVD drive before launching Sophos.

^ Table of Contents

Run Auto-Update

IMPORTANT! To run AutoUpdate, your computer must be connected to the Internet. AutoUpdate connects to a Sophos server to check for and download Sophos Anti-Virus updates.

Run Sophos's AutoUpdate to get the most recent version of the Sophos program and its virus definitions. The first time you run AutoUpdate, the process may take 10 minutes or more to complete. Subsequent updates will be much faster; they will run in the background automatically, and you likely won't even notice when they happen. AutoUpdate checks for new updates once an hour and installs them when they are available.

  1. Click the Sophos icon in the menu bar (in the upper right corner of your desktop) and select Update Now.
    NOTE: If you see Cancel Update instead of Update Now, that means that AutoUpdate is already taking place. Sophos checks for updates hourly, and, depending where it is in its update cycle, it may begin an update on its own before you request one.

    Screen shot of Update Now selection.

  2. Sophos Anti-Virus will connect to the Sophos server and check for updates. It will then download and install any new updates it finds.

  3. AutoUpdate will report when it finishes updating.

    Screen shot of AutoUpdate report.

  4. Close the Sophos AutoUpdate Status window.

^ Table of Contents

Set Preferences

For optimal protection and performance, the U-M Virus Busters Team recommends that you follow these instructions for setting preferences for Sophos's on-demand scanner (this controls manual scans of your computer).

NOTE: If you are interested in knowing why these preferences are recommended, as well as seeing a list of the preferences pre-set for you during installation, see Appendix A: More Detail About Sophos Anti-Virus Preferences.

  1. Eject any CDs or DVDs from your CD/DVD drive. (This prevents Sophos from listing the item as a volume to be protected from viruses.)

  2. Click the Sophos icon in the menu bar, and select Open Sophos Anti-Virus.

    Screen shot of selecting Open Sophos Anti-Virus.

    3. NOTE: Do not select Open Preferences; this opens a different set of options for a part of Sophos Anti-Virus—the on-access scanner—that has already been configured for you by the U-M installer.

  3. In the Sophos Anti-Virus window, click the Preferences button (looks like a sheet of paper with a checklist on it).

    Screen shot of Preferences button.

  4. In the left column of the Immediate Scanning Preferences window, click Scanning Options, then make sure all three checkboxes are checked.

    Screen shot of Immediate Scanning Preferences.

  5. In the left column, click Reporting. Then check both the Enable reporting and List infected files only checkboxes. Sophos will fill in a Report Filename name and a pathname for you; do not change this text.

    Screen shot of Reporting preferences.

  6. Quit Sophos Anti-Virus by selecting Quit Sophos Anti-Virus from the Sophos Anti-Virus menu.

^ Table of Contents

Scan Your Computer for Viruses

We recommend that you scan your computer for viruses after installing Sophos Anti-Virus. Please be aware that scanning can take a couple of hours or so if you have a lot of files and applications on your computer. You can use your computer while the scan is being done.

  1. Empty your computer's Trash. If you don't, Sophos will scan everything in the Trash, and the scan will take longer.

    Also eject any CDs or DVDs from your CD/DVD drive. (This prevents Sophos from permanently listing the item as a volume to be protected from viruses.)

  2. Click the Sophos icon in the menu bar, and select Open Sophos Anti-Virus.

    Screen shot of opening Sophos Anti-Virus.

  3. Check that your computer's hard drive and any other attached drives you want to scan are selected; selected items have a green circle to their left. Click the circle to select or deselect the item for scanning. Be sure you have selected only those items that you want to scan.

    Screen shot of selecting drives to scan.

    4. HINT: If your computer is connected to any network servers, they will appear in the list of items to be scanned. Be sure to deselect them so they don’t get scanned.

  4. Click the Scan button (a green triangle). Scanning will begin immediately; it may take several hours to complete. You can use your computer while the scan is being done.

    Screen shot of Scan button.

    5. IF SOPHOS GETS STUCK: If Sophos appears to "hang," or get stuck on a particular file during the scan, please phone the ITCS consultants at (734) 764-HELP for assistance.

  5. When the scan is complete, Sophos will report what it found.

    Screen shot of report.

  6. To see further information about what Sophos detected, click the Details triangle.

    Screen shot of report details.

    ABOUT ERRORS: Sophos Anti-Virus cannot scan all files. For example, it cannot open private files, and it cannot scan encrypted files. It may report these as errors. You can ignore these error messages. For example, some Microsoft Office application files are encrypted, and Sophos returns error messages such as this when it tries to scan them:

    Screen shot of error message.

    IF SOPHOS FINDS A VIRUS: If Sophos detects a virus on your computer, please send e-mail to the U-M Virus Busters Team (virus.busters@umich.edu) for further assistance. Include with your message, as an attachment, the SAV Report.rtf file that will appear on your computer Desktop after the scan is complete. (Please do not send the Sophos Anti-Virus Log.rtf file, which is a cumulative log of all scans.)

  7. Quit Sophos Anti-Virus. (From the Sophos Anti-Virus menu, select Quit Sophos Anti-Virus.)

You need only do a complete scan once, soon after installing Sophos Anti-Virus. Sophos will check all new files for viruses when you access them. The Virus Busters suggest, though, that it would be prudent to do an occasional scan of your computer just to be on the safe side.

^ Table of Contents

Check Periodically to Make Sure AutoUpdate Is Happening

IMPORTANT! AutoUpdate can only function when your computer is connected to the Internet.

If Sophos Anti-Virus is unable to complete either a manual update or its routine hourly update at any time, the icon in the menu bar will display a small "x."

Screen shot of icon when update has failed.

In most cases, failure to update is caused by a temporary glitch in your network connection. Try running the AutoUpdate manually (see Run Auto-Update). If the problem was a brief network interruption, the update will likely work the next time you try it.

Here are some additional things to try to get Sophos AutoUpdate working:

  • Check your firewall. If your firewall is blocking Port 80, AutoUpdate will not be able to run (although manual updates will still work fine).

  • Make sure your computer's clock is set to the correct time. (Otherwise, it may be out of synchronization with the clock on the Sophos server.)

  • Restart your computer and then run the AutoUpdate.

^ Table of Contents

Additional Resources

Sophos Anti-Virus has built-in Help.

  1. Click the Sophos icon in your menu bar.

  2. From the menu that appears, select Open Sophos Anti-Virus.

  3. From the Help menu, select Sophos Anti-Virus Help.

Visit ITCS's Information System to obtain ITCS computer documentation and other resources.

We welcome your comments; please send e-mail.

ITCS's Online Help Desk provides a variety of computing help resources.

The Virus Busters web site (http://virusbusters.itcs.umich.edu/) provides information about computer viruses.

For further help with Sophos Anti-Virus, send e-mail (to the Virus Busters Team)..

^ Table of Contents

Appendix A: More Detail About Sophos Anti-Virus Preferences

Some people have requested more detailed information about ITCS's recommended Sophos preferences. For those who are interested, that information is provided here.
On-Access Scanner Preferences
The on-access scanner is the part of Sophos Anti-Virus that scans each file for viruses "on access," or whenever a file is opened. You can see these preferences by clicking the Sophos icon in the menu bar at the top right corner of your desktop, then selecting Open Preferences. The scanning preferences are under the Scanning tab.

We recommend that you not change the on-access preferences. These are the U-M default settings:

  • Scanning Options
    Detect non-Macintosh viruses:  checked
    Scan network volumes:  checked
    Scan inside archive and compressed files:  not checked

  • Disinfection
    Enable disinfection:  checked
    Action on infected files:  Move

  • Desktop Alerts
    Enable desktop alerts:  not checked

  • Logging
    Logging into system log:  not checked
    Logging into a file:  checked
    Location:  "Logs" on volume <your hard drive>
    File name:  Sophos Anti-Virus On-access Log.txt
On-Demand Scanner Preferences
The on-demand scanner is the part of Sophos Anti-Virus that scans your computer (and other attached devices if selected) when you manually run a scan. You can see these preferences by clicking the Sophos icon in the menu bar at the top right corner of your desktop, then selecting Open Sophos Anti-Virus. In the Sophos Anti-Virus window, click the Preferences button (looks like a sheet of paper with a checklist on it).

These are the U-M recommended settings (most are the default settings; others are those listed in the Set Preferences section of this document):

  • Scanning Options
    Archive files:
    Scan inside archive and compressed files:  checked
    Scan mailboxes:  checked

    Detect non-Macintosh viruses:
    Include non-Macintosh virus detection:  checked

  • Disinfection
    Enable Disinfection:  not checked
    Confirm Disinfection:  checked
    Action On Infected Files:  Delete

    NOTE: We recommend, for safety's sake, that you not try to disinfect after the initial scan without first contacting Virus Busters (virus.busters@umich.edu) or your departmental computing support staff for advice on how best to proceed.

  • Reporting
    Enable reporting:  checked
    List infected files only:  checked
    Report Filename:  SAV Report

  • Desktop Alerts
    Enable Desktop alerts:  checked
    Viruses radio button selected

  • Log File
    Location of the log file is the desktop
    Editor:  TextEdit

^ Table of Contents

Appendix B: How to Uninstall Sophos Anti-Virus

  1. Navigate to the Sophos uninstaller. On your hard drive, open the Library folder, then the Application Support folder, then the Sophos Anti-Virus folder. The uninstaller is called Remove Sophos Anti-Virus.pkg.

    Screen shot of file location on hard drive.

  2. Double-click the Remove Sophos Anti-Virus.pkg file.

  3. In the welcome window, click Continue.

    Screen shot of welcome window.

  4. In the Select a Destination window, make sure the drive on which Sophos is installed is selected. Then click Continue.

    Screen shot of Select a Destination window.

  5. In the Easy Install window, click Install.

    Screen shot of Easy Install window.

  6. You will be prompted for a name and password to authorize the installation of software on your machine.

    Use a Macintosh administrator user name and password—the same name and password you use when you install any software on your Macintosh computer. You must have administrator privileges on your computer to authorize installation of software.

    Screen shot of Authentication window.

  7. The uninstaller will run.

  8. You will see conformation that the uninstaller has run successfully. Click the Close button. Sophos will no longer be installed on your computer.

    Screen shot of installation confirmation.

^ Table of Contents

ITCS
Information Technology Central Services at the University of Michigan

ITCS Home  |  University of Michigan