This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Bootable Anti-Virus / sbvac.exe ISO-creator feature suggestion

Good day everyone,

and especially to the Product Manager for the sbvac tool. I have been advised by technical support Germany to post my request/suggestion here for you to find.

Our suggestion/request is a modification to the sbvac.exe tool which we think should be rather easy to do: allow the user to specify a folder on the command line that is then included into the ISO image. F.i.:

c:\temp\sophosCD\> sbavc.exe sophos.iso -include="c:\temp\sophosCD\CurrentUpdates"

Why would we need this? Here is our scenario:

We are running a fleet of 50 ships around the world which never have an internet connetction, i.e. we have a huge "Air Gap".

On board we have one server with a network share "AVupdates" from which all workstations update themselves.

To get the latest updates on board and into the AVupdates folder we use the following:

1) In our office we run one management machine that daily updates the SAV folder, i.e. ....\CIDs\S000\SAVSCFXP

2) Every 4 to 8 weeks we create a CD (50 copies) with the latest state of the SAVSCFXP folder and add one "update.bat" file to this CD.

3) These CDs we send on board the ships.

4) On board, they insert the CD into one network computer, run "update.bat", and the whole SAVSCFXP folder is copied to "AVUpdates".

5) All client computers on board check "AVUpdates" once a day and update themselves.

Now, as we can provide updates only with 4 to 8 weeks delay, we do face infections from time to time. In a recent case we had to use some "offline cleaning CD", for which Sophis has the "Sophos Bootable Anti-Virus" solution created by means of sbvac.exe

We would now like to always include an up-to-date sbavc-created CD with the 4/8weekly update envelope.

However, as the SAVSCFXP only takes about 200MB max, and the sbavc-CD has only about 170MB, we could nicely make one combined Update-and-EmergencyBoot-CD by simply inlcuding the SAVSCFXP folder onto the sbavc-CD.

All that would be needed is the "-include" feature.

Alternatively, as the sbvac tool apparently works in several stages, we would need a version that stops just before calling mkisofs. Then we could let sbvac do the first steps (download and prepare the linux side of things, add the latest definitions ides.zip file), and then we can introduce our own step (copy the SVASCFXP folder to the temp area), and then call the final mksiofs step.

The benefit of either way would be that we can totally automate this whilst over the year preventing about 600 half-full CDroms to be "wasted". Not a huge financial impact of course, just "ugly" and not in line with our environmental attitudes.

Appreciate if the above could be considered, and of course comments on the idea.

brgds

blue

This thread was automatically locked due to age.

Parents

0 blue over 14 years ago

Hi Shai and QC
>>> where do the infections come from and how do they get over the air gap?
Well, USB Sticks and Floppies. Three things happen (at least):
1) Ships go to ports, where so called "cargo planners" come on board to check with the guys on board if the cargo can be stowed the way they have worked out in their Ivory Tower ashore. For that, they bring a so-called "baplie" file, either on a stick or floppy (don't ask what that is, never seen one in real life :smileyvery-happy: ) Where the sticks are, the viruses are....
2) "Service Technicians" come on board, do some work, fill out a form on their laptops and need to print them for signature by the ship's command. There comes the stick.....
3) Crew members go ashore, internet cafe, some chatting and emailing with the beloved at home, there comes the pics from the babie, stick in, stick out, show the pics to the friends on board, there comes the virus.....
For the regular busines of 1 above, we cannot disable sticks (USB ports), no way. Also, limiting it to "authorized" ship-owned sticks is not an option, give them to a planner and they won't come back on board because the planner maybe does not have to come back. Just not feasible.
For the inclusion of data into the image:
Have of course worked out a way using mkisofs: Make the standard ISO with the tool, use 7z to unpack the ISO, add your own data, then use mkisofs to make an iso again. Actually, I used a script made by Bart Lagerweij called "BCD - Build CD-Rom", needs some special ISO/Joliet FS related parameters to be tweaked as otherwise the CD will not boot afterwards or may fail due to long file names, but then works like a charm. With that we have a double-click-once-and-go solution now.
For the link of support to product manager:
Well, I had explained the issue in length to the german support by email. Reply was "not supported, best regards".
Then I phoned them and got "not supported, have a nice day" which made me a bit unfriendly (to put it mildly) given that we have quite a little money spent for I think 600 Sophos licenses for 5 years. Go figure. The friendliness got me through to a head of support or so, who after some more words was convinced he'd better try to get a proper answer if a customer has an improvement suggestion. He indeed came back a little later telling me he had check with the PM for this tool and for security reasons such a feature could not be included (as it could be abused to create "infected" CDs under the name of Sophos). Well, if you, Shai, are the PM, you should know about this, as that German guy would have checked with you according to his words.
Though solved for us I would still appreciate to see this feature in the next version, as a sinlge "-include <pathname>" would be much easier to handle for many users without the need to dig into the ins and outs of ISO standards and format versions.
Also, I would much appreciate if that new version would not "block" the approach we've taken by doing some fancy additional protection things to the ISO it creates, as it would ruin our efforts and make it useless compared to the current version. With that goes that your download sources should not be changed in a way that would prevent the current version from doing its job. Basically, all I ask for us is to leave the old version operational.
Thanks and regards
blue
:5593
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 blue over 14 years ago

Hi Shai and QC
>>> where do the infections come from and how do they get over the air gap?
Well, USB Sticks and Floppies. Three things happen (at least):
1) Ships go to ports, where so called "cargo planners" come on board to check with the guys on board if the cargo can be stowed the way they have worked out in their Ivory Tower ashore. For that, they bring a so-called "baplie" file, either on a stick or floppy (don't ask what that is, never seen one in real life :smileyvery-happy: ) Where the sticks are, the viruses are....
2) "Service Technicians" come on board, do some work, fill out a form on their laptops and need to print them for signature by the ship's command. There comes the stick.....
3) Crew members go ashore, internet cafe, some chatting and emailing with the beloved at home, there comes the pics from the babie, stick in, stick out, show the pics to the friends on board, there comes the virus.....
For the regular busines of 1 above, we cannot disable sticks (USB ports), no way. Also, limiting it to "authorized" ship-owned sticks is not an option, give them to a planner and they won't come back on board because the planner maybe does not have to come back. Just not feasible.
For the inclusion of data into the image:
Have of course worked out a way using mkisofs: Make the standard ISO with the tool, use 7z to unpack the ISO, add your own data, then use mkisofs to make an iso again. Actually, I used a script made by Bart Lagerweij called "BCD - Build CD-Rom", needs some special ISO/Joliet FS related parameters to be tweaked as otherwise the CD will not boot afterwards or may fail due to long file names, but then works like a charm. With that we have a double-click-once-and-go solution now.
For the link of support to product manager:
Well, I had explained the issue in length to the german support by email. Reply was "not supported, best regards".
Then I phoned them and got "not supported, have a nice day" which made me a bit unfriendly (to put it mildly) given that we have quite a little money spent for I think 600 Sophos licenses for 5 years. Go figure. The friendliness got me through to a head of support or so, who after some more words was convinced he'd better try to get a proper answer if a customer has an improvement suggestion. He indeed came back a little later telling me he had check with the PM for this tool and for security reasons such a feature could not be included (as it could be abused to create "infected" CDs under the name of Sophos). Well, if you, Shai, are the PM, you should know about this, as that German guy would have checked with you according to his words.
Though solved for us I would still appreciate to see this feature in the next version, as a sinlge "-include <pathname>" would be much easier to handle for many users without the need to dig into the ins and outs of ISO standards and format versions.
Also, I would much appreciate if that new version would not "block" the approach we've taken by doing some fancy additional protection things to the ISO it creates, as it would ruin our efforts and make it useless compared to the current version. With that goes that your download sources should not be changed in a way that would prevent the current version from doing its job. Basically, all I ask for us is to leave the old version operational.
Thanks and regards
blue
:5593
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data