Tim Anderson's ITWriting
![[Valid RSS]](valid-rss.png "Validate my RSS feed")
Tech writing blog
October 12, 2005Fixing Sophos and a rant against heavyweight solutions to simple problemsPosted 2782 days ago on October 12, 2005It drives me wild when anti-virus software causes more problems than it solves. Here's a case in point. Sophos Small Business Edition (supposedly designed to be easy to administer) running on Windows Small Business Server 2003 - I imagine a common scenario. We notice disk space reducing on drive C. We notice high CPU usage. The culprit is RouterNT.EXE which is the Sophos Message Router. It is grabbing up to 98% CPU with ever-increasing memory requirements ... 50MB ... 100MB ... 300MB ... So I stop the Message Router service. Although there seems to be no help in the Sophos knowledgebase, I search the Web and find a tip concerning the \Program Files\Sophos\Remote Management Service\Router\Envelopes folder. Apparently this can get overloaded with messages. Indeed it is: over 200,000 messages are sitting there. I delete these and restart the services, which fixes the problem for the moment. As far as I can tell, the Message Router Service is not fighting viruses as such. Rather, it is part of the admin system which is meant to enable centralized monitoring of all the computers on the network. Delving a bit deeper, it turns out that this is a CORBA application. CORBA is a well respected but unfashionable technology for scaleable distributed applications. Fair enough for an enterprise - but let's remember that this is Small Business Edition, with a maximum of 100 users. Surely there is a simpler way of having client machines report their status back to the server. I can't shake off a suspicion that this is over-engineered for the purpose. It brings to mind my recent problems with HP's Java Application Server for running a printer utility. The outcome in both cases is the same: lousy performance. I am also unimpressed by the failure of the Sophos system to detect this error condition. The basic anti-virus engine seems rather good, as these things go, but not the management stuff. UPDATE This morning I managed to contact Sophos support (after trying repeatedly but failing to get through last night). The problem seems to be related to the Sophos SBE Management Service which apparently fails with a DCOM error following an update to Windows 2003. There is a Knowledgebase article here. Looking in my event log, I had DCOM errors related to smtemlib, the Sophos AutoUpdate service, so I applied the same fix here as well and restarted the service. Without these further fixes, the problem will inevitably re-occur. Re: Fixing Sophos and a rant against heavyweight solutions to simple problemsPosted 2168 days ago by Anonymous • • • ReplyIve seen that problem but only after we retired the previous Sophos server and machines that were still pointing to the retire sophos machine would max out the cpu. Re: Fixing Sophos and a rant against heavyweight solutions to simple problemsPosted 2111 days ago by Mike • • • Reply
100% UNACCEPTABLE for a software package that aspires to sit in such a critical role. Re: Fixing Sophos and a rant against heavyweight solutions to simple problemsPosted 1197 days ago by Bernardo • • www • Reply
I have the same problem at my place of employment. RouterNT.exe starts out normal after a reboot of the machine (which happens to be a Windows 2003 terminal server), then progressively chews up more and more resources over time. Within two or three days, it becomes nearly impossible to do anything other than a hard reset. If I'm lucky enough to be able to log into the console, I stop the routerNT.exe task to get temporary relief. Re: Fixing Sophos and a rant against heavyweight solutions to simple problemsPosted 740 days ago by Mike • • • Reply
This problem continues to be an issue in Sophos Endpoint Security and Control ver. 9.7 on Windows 2003 Terminal Servers. Comments are closed |
Recent postsUsers plead with Borland to give up .NETIE7 to be released 18th October,... If Microsoft doesn't use UAC, why... Google's unsettling lack of direction Vista security: now prove it |
Re: Fixing Sophos and a rant against heavyweight solutions to simple problems
Posted 2392 days ago by Jonathan Smith • • • ReplyI have this exact problem, but I do not have the DCOM errors in my event logs. RouterNT.exe is out of control, as it takes all the available CPU cycles and brings everything to a halt.