Sophos Anti-Virus for UNIX 9.6.1 release notes

April 2014

Version numbers

Sophos Anti-Virus 9.6.1 (Recommended)
Threat detection engine 3.51.0
Threat data 5.00, April 2014

What's new

This section lists new features and updates included in the last four monthly releases of Sophos Anti-Virus for UNIX 9.

To view the list of issues fixed in these releases, see Fixed and known issues.

New in this release

The threat detection engine and threat data have been updated.

New in 9.5.2, February 2014

The threat detection engine and threat data have been updated.

New in 9.5.1, January 2014

The threat detection engine and threat data have been updated.

Fixed and known issues

This section lists issues fixed in the last four monthly releases of Sophos Anti-Virus and the known issues in this release.

Go to known issues

Fixed issues

Issue ID Description Fixed in
DEF94376 disableOnBoot option does not work on Solaris 11.

Updating Sophos Anti-Virus on Solaris 11 re-enables the RMS service (which makes the installation "managed") even if you have used the disableOnBoot option to prevent this.

9.6.1, April 2014
DEF94234 Sophos Anti-Virus does not download updates from a secondary update server when the primary server is unavailable.

Sophos Anti-Virus can be configured to update itself from a secondary update server at Sophos when its primary server (either on the local network or at Sophos) is unavailable. However, it does not attempt to contact the secondary server when the primary server fails.

9.6.1, April 2014
DEF93898 Endpoints do not correctly report primary and secondary update locations to Enterprise Console.

Endpoint computers sometimes do not have primary or secondary update locations shown in "Computer Details" or "Update details" in Enterprise Console, even if they are compliant with your policies and up to date.

9.6.1, April 2014
DEF93016 Web UI log viewer shows log messages without line breaks.

When an update reports a long message, a large block of text without line breaks is shown in the log, which is hard to read.

9.6.1, April 2014
DEF92615 savscan allows regular users to send the savscan log to /opt/sophos-av/var/spool/

Users can use the -p=<log path> option to send the savscan log to /opt/sophos-av/var/spool. The email notifier then tries to parse the files and deliver them as email. This results in an error and the notifier stops processing files.

9.6.1, April 2014
DEF92612 After an upgrade from version 6 to 7 and then to 9, world-writeable files and directories are left in a Sophos directory. 9.6.1, April 2014
DEF91643 Installer occasionally hangs on Solaris 11 Intel. 9.6.1, April 2014

Known issues

Issue ID Description
DEF95670 Enterprise Console displays the incorrect version number after an upgrade or downgrade between Recommended and Preview versions.

If you upgrade or downgrade between the Recommended and Preview versions of Sophos Anti-Virus, the product version number displayed in Enterprise Console is not updated. This is because these versions have the same threat detection engine and threat data (changes in the version number are reported only when the detection engine or data version changes). Enterprise Console will display the correct version number as soon as Sophos Anti-Virus receives an automatic update that includes new threat data.

- Per-process memory limits on UNIX systems can restrict Sophos Anti-Virus from functioning correctly.

On IBM AIX systems, Sophos Anti-Virus requires more memory than the default "Maximum Data Segment" size limit. For information on how to increase this limit, see

DEF74349 Enterprise Console does not show that a file has been quarantined.

On a Sophos Anti-Virus installation that is managed by Sophos Enterprise Console, if an on-demand scan quarantines a file, savlog shows that the file has been quarantined, but in Enterprise Console, "action taken" is blank.

WKI42035 If you install a managed installation of Sophos Anti-Virus on an AIX or HP-UX workstation, and in Sophos Enterprise Console you move the workstation from the "Unassigned" group to another group, the "Anti-virus and HIPS policy" column in the computer list might display "Differs from policy". To work around this, in Enterprise Console, right-click the workstation, point to "Comply with", and then click "Group anti-virus and HIPS Policy".
DEF38027 During installation or upgrade, if you make typographical errors when prompted for information, and correct these, control characters might be stored as part of your input. This could cause a problem, especially with updating. For more information, go to
DEF29605 On a computer running Solaris version 10 with a Japanese locale, if you try to install Sophos Anti-Virus from a central installation directory and you enter an installation location using Japanese text, the installation fails with the message "svccfg: Syntax error".
DEF23317 If you install Sophos Anti-Virus on a computer that has Sophos Anti-Virus and a third-party product that uses SAV Interface installed, you might have to configure Sophos Anti-Virus to use the correct location for the Sophos Anti-Virus libraries and threat data. For information, go to
- Sophos Anti-Virus on AIX and SAV Interface on AIX.

On AIX, it is possible for the memory allocation functions to return memory addresses that don't exist, usually when the computer is running low on memory. If these memory addresses are subsequently accessed, the computer may terminate the application.

Sophos recommends setting the PSALLOC environment variable to the value "early", before running Sophos Anti-Virus on AIX or SAV Interface applications on AIX, i.e.


Setting PSALLOC to "early" causes the memory allocation functions to only allocate memory that exists. This may cause your computer to run slower, because further checks are carried out on memory as it is allocated.

Additional information

  • Installation in non-ASCII encoded locations

    You can't install Sophos Anti-Virus in a location that is specified by a non-ASCII path.

  • Japanese language support

    Sophos Anti-Virus can be installed on computers that are using ja_JP.eucJP and ja_JP.UTF8. Installation on computers with ja_JP.sjis locale (Japanese with Shift-JIS encoding) is not supported.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2008–2014 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.