IT Services

Sophos Anti-virus Software - FAQ

Below is a list of commonly asked questions concerning Sophos Anti-Virus. If you have any questions about the software and how to install or operate Sophos that is not in the Windows Instructions, Mac Instructions or Linux Instructions, and that is not answered below, refer to your local IT Support or contact the Help Centre.

Note that problems with a departmental or college computer should generally be referred to your local IT Support staff.

How can I tell whether my installation uses current updating credentials?

The credentials used to update Sophos Anti-Virus automatically are valid for around 14 months and expire around November each year. Once they have expired, Sophos will no longer be updated, and your computer will be more vulnerable to new viruses etc.

To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year.

To determine whether a PC is using the 2007–8 or the 2008–9 credentials, check the Autoupdate settings (details below) for the username. If this starts em51 then you are already up to date as you have the most recent credentials that expire in November 2009. If it starts em69 then you are using the older credentials that expire at the start of November 2008 and you should download the latest package and install it. If the username starts with any other letters and/or numbers, it may be using a local configuration (this is likely on college or departmental system); please check with your local IT Support staff before making any changes.

To check these credentials on Windows systems, right-click on the blue shield in the System Tray (usually in the bottom-right of the screen near the clock) and select [Configure Updating...]. The username is shown on the Primary server tab.

Figure images/blue-icon.jpg [Blue shield icon]

To check the username on OS X systems, right-click on the blue shield on the menu bar (usually top-right near the clock) and choose [Open Preferences...].

Figure images/mac-shield.png [Mac blue shield icon]

Click on the [AutoUpdate] option, make sure that [Network Settings] is selected and the [Primary Server] tab is displayed. Click on the lock (bottom left) and enter your password when prompted. You should then be able to view the username.

To check the username on Linux systems, from a command line or terminal session, run sudo /opt/sophos-av/bin/savsetup. Accept the default options of [[1] Auto-updating configuration] and then [[1] Display update configuration] to see the username that Sophos is using.

Where do I obtain the software from?

For installation on personal machines, Sophos should be downloaded from

What versions are available?

Sophos version 7 for Windows, version 4.9 for Mac OS X and v6 for Linux. Additional Sophos software is available to registered IT Support Staff — see the Information for IT Support Staff.

What platforms does these versions run on?

Sophos v7 runs on Windows Vista/XP/2000. On the Mac, Sophos v4.9 runs on OSX 10.2 - 10.5.

Do I need to uninstall other anti-virus products before installing Sophos?

Absolutely. If you currently have a different anti-virus product installed on your machine, you must uninstall it before installing Sophos.

How do I check that Sophos is installed and running properly?

If you see a blue shield in the Windows system tray (usually bottom-right of the screen, near the clock) then Sophos is running properly. On OS X the shield appears in the system status bar (usually top-right of the screen). On Linux, run the command sudo /opt/sophos-av/bin/savdstatus which should give output such as Sophos Anti-Virus is active and on-access scanning is running, and use the command sudo /opt/sophos-av/bin/savlog to see when Sophos last downloaded updates.

Figure images/blue-icon.jpg []

If you see a grey shield in the Windows system tray then Sophos is not running properly.

Figure images/greyshield.gif []

If you see a red cross (some may notice that it's really a white cross on a red background) on either the blue or grey shield it means that the last time that Sophos tried to check for updates, it failed for some reason, perhaps because it does not currently have the required network connection. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.

Figure images/redcross-blueshield.png []

How do I keep Sophos up to date?

The Sophos client auto-updates automatically via the Internet — you don't have to update it yourself. The current Sophos client will continue to update automatically until November 2009 at which point you will have to download and install a new version of the software. OUCS makes this new version available by the beginning of Michaelmas term every year. NB When you download the Sophos client you will automatically be registered on the sophos-users mailing list. This is used only to notify you of major changes or updates to Sophos.

Sophos isn't updating itself (red cross on blue or grey shield). Why, and what should I do?

This can happen for a number of reasons, but usually it is because the Sophos client cannot connect to Sophos's servers to update itself. There may be a number of causes as follows.

The most common reason is if Sophos tries to update itself before your computer has connected to the internet. This is often seen if you are using a USB modem for your broadband connection. The symptoms are usually that you see a red cross every time you start up the computer, but if you try a manual update, it succeeds and the red cross disappears. To start a manual update, right-click on the blue shield with the red cross and choose [Update now]. The workaround is to update Sophos manually once you have connected to the internet.

Occasionally the Sophos client cannot connect to the Sophos update servers because they are unavailable for some other reason, such as a temporary internet problem. If this is the case, the symptoms are that a manual update will fail, but a while later (e.g. an hour, and certainly within a day), the update will succeed, and you should not see the problem again. If this is the problem you don't need to take any further action.

If Sophos stops upating around November each year, this may be because the credentials used to access the updates have expired. This does not normally apply to college or departmental machines, only to your own personal desktop or laptop. In this case a manual update will never succeed, no matter how long you wait. Try downloading the very latest version from and reinstall to see whether this fixes the problem. If the problem occurs on a college or departmental system, we recommend that you don't reinstall Sophos yourself as it may overwrite a locally configured installation. Instead, refer to your local IT Support staff.

If none of the above works, then ask your IT Support staff or refer to the Help from OUCS pages as appropriate.

Sophos isn't running properly (grey shield). Why, and what should I do?

The grey shield means that Sophos isn't checking files automatically for viruses when you open them. It may be that the Sophos Anti-Virus service has crashed for some reason, so try rebooting your computer to see whether this solves the problem. If this fails, try downloading the latest version from and install. If the problem occurs on a departmental or college system refer first to your local IT Support staff as reinstalling Sophos may overwrite a locally configured installation. If you still have problems, ask your IT Support staff or refer to the Help from OUCS pages as appropriate.

What if Sophos finds a virus?

Check the relevant virus analysis to find out how to recover from the infection. If you have configured Sophos correctly, it should automatically detect and disinfect most boot sector and file infector viruses. In some cases where Sophos cannot automatically disinfect a virus, the virus analysis will point to a Sophos utility or batch file and instructions for the removal of the virus. Details on disinfection for particular platforms can be found in the appropriate Sophos manual.

Sophos have produced a number of utilities and instructions for removing viruses, these are linked to from the Sophos Disinfection Instructions web page

I'm running Linux. Is there an auto-updating client?

Sophos for linux v6 will update automatically and supports a number of editions of linux. We provide a preconfigured version which can be obtained from our download page at

What other operating systems are supported by Sophos?

OUCS also makes Sophos clients available for numerous Unix operating systems (a list is available from Sophos at as well as Novell NetWare. These can be downloaded by any registered IT Support Staff, and this will normally include your local IT officer. NB. OUCS does not provide direct support for these clients.

Are there any alternative anti-virus products I could consider using?

Sophos is the primary anti-virus product supported by OUCS and is free for all current University members. However, a number of commercial alternatives exist, for example, Norton Anti-Virus and McAfee VirusScan, and AVG. AVG has a free version for personal/home use (more information at