Version: 1.1, Last Revision: February 28, 2022
Sophos for Marshal is a configuration and update tool that allows the Sophos anti-virus scanner to be used with Trustwave SEG, ECM, and WebMarshal products.
These notes are additional to the Help or other documentation.
The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20635.
Sophos for Marshal 1.1.5 is released only in a 64-bit version. This release supports the following Trustwave content scanning product releases:
For Trustwave ECM 7.X, use Sophos for Marshal 1.1.2 (32 bit). Release 1.1.2 also works with the last 32-bit releases of Trustwave SEG and WebMarshal; however note that these releases are no longer officially supported by Trustwave.
Sophos for Marshal 1.1 requires Windows Server 2008 (SP2) or above, with a supported Trustwave product (SEG, ECM, or WebMarshal).
The LiveProtection feature requires DNS connectivity (port 53) to a local DNS server that can forward queries to Sophos. The DNS server address will be populated automatically based on server settings. You can override the automatic setting if required.
The updater requires access to the following website:
https://sophos.marshal.com (HTTPS is
required; this is a change from version 1.0). For
details of required ports and destinations see Knowledge Base
article
11906.
Sophos for Marshal is licensed and purchased through Trustwave as a module with the supported content scanning products.
To install Sophos for Marshal, run the installer package. Immediately after installation, the Sophos for Marshal updater attempts to retrieve the latest virus scanning Engine and IDE (signature) files.
If you need to configure proxy settings, you should do so immediately and then start an update manually.
To configure settings and start an update, start "Sophos for Marshal Configuration" from the Start menu. (Installation creates shortcuts in the submenu for each installed Trustwave product that supports Sophos for Marshal). For details of the fields in the configuration tool, see Help.
Notes:
- The package does not include a Sophos Engine or IDE files. The updater must run and complete a download of these components before you can use the scanning functionality.
- The updater requires access to the following website:
https://sophos.marshal.com(HTTPS is required; this is a change from version 1.0). For details of required ports and destinations see Knowledge Base article 11906.
To use Sophos for Marshal with a supported Trustwave product:
To upgrade from an earlier version, run the installer package.
Note: This upgrade migrates the data from the previous version and then installs the new version. You will be informed that the data is being moved. Settings, Engine, and IDE files are retained.
If a processing engine service (such as the SEG Engine) is under load, the installer may not be able to stop the service. The installer will notify you.
To complete the upgrade when the installer cannot stop a service:
To uninstall Sophos for Marshal:
| SFM-156 | To shorten the time needed for initialization, all scanner threads share a single copy of signature data. |
| SFM-165 | Versions of third party helpers included have been updated. |
| SFM-134 | On initialization, if CXMail is disabled this fact is logged. |
| SFM-144 | Initialization of CXMail resulted in excess usage of memory and handles over time. Fixed. |
| SFM-153 | The number of instances of the scanner available in a running application is increased to support more engine instances and larger numbers of rules. |
| SFM-154 | IDE updates were not immediately applied to the running engine in some circumstances. |
| SFM-137 | Scanner initialization in SEG was inefficient due to configuration being re-read unnecessarily. Fixed. |
| SFM-125 | Discovery of SEG and ECM license keys is improved. |
| SFM-116 | Sophos for Marshal now uses libcurl instead of WinInet for access to updates, to avoid issues with certificate validation when using a proxy. |
| SFM-8 | The Sophos SDK used by Sophos for Marshal has been updated to the latest version that provides additional capabilities. |
| SFM-10 | Sophos for Marshal implements the CXMail scanning option for enhanced checking of files. |
| SFM-11 | Sophos for Marshal implements the LiveProtection scanning option for enhanced checking of files. |
| SFM-13 | The product has been rebranded for Trustwave. |
| SFM-15 | Installation and registry locations are updated to the default Trustwave locations. |
| SFM-41 | MSXML4 is no longer used by Sophos for Marshal. The related DLLs are removed on upgrade. |
| SFM-54 | Engine and IDE updates require valid maintenance for the scanning product (SEG, ECM, or WebMarshal). |
| SFM-67 | The available frequencies for IDE checks have changed. You can choose to check as often as every 10 minutes. The default check is hourly. |
| SFM-71 | Service executable paths were not quoted. Fixed. |
| SFM-1 | Sophos for Marshal now supports MailMarshal Exchange 7.0 |
| VS-386 | Update to the install logic was required due to change in the MailMarshal SMTP registry location. |
| VS-387 | Update to the install logic was required due to change in the MailMarshal Exchange registry location. |
| VS-391 | Files are now digitally signed to ensure authenticity. |
| VS-393 | The product has been rebranded for M86 Security. |
| VS-396 | The installer checked for the presence of a parent product on uninstall. Fixed. |
| VS-365 | Updated Sophos engines were not installed when MailMarshal was under heavy load. Fixed. |
| VS-372 | The upgrade installation has been modified to minimize the number of manual service restarts required. |
| VS-373 | Sophos for Marshal installation now creates a menu shortcut in the MailMarshal Exchange program group (if MailMarshal Exchange is present). |
| VS-263 | Sophos for Marshal now supports MailMarshal Exchange 5.2 |
Copyright © 2022 Trustwave Holdings, Inc.
All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
While the authors have used their best efforts in preparing this document,
they make no representation or warranties with respect to the accuracy or
completeness of the contents of this document and specifically disclaim any
implied warranties of merchantability or fitness for a particular purpose. No
warranty may be created or extended by sales representatives or written sales
materials. The advice and strategies contained herein may not be suitable for
your situation. You should consult with a professional where appropriate.
Neither the author nor Trustwave shall be liable for any loss of profit or any
commercial damages, including but not limited to direct, indirect, special,
incidental, consequential, or other damages.
Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave
, visit https://www.trustwave.com.