Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 13675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where are the checksums (MD5, SHA1, etc.) for current Sophos file downloads published?

KevinJones

I've recently downloaded both "sav-linux-free-9.tgz" (Sophos Antivirus for Linux Free Edition) and "SW-SFOS_15.01.0_MR-1.1-407.iso" (Sophos XG Firewall Home Edition) and haven' been able to find checksums offered for either of them. Neither during the download process, via on site search, nor via Google.

Sophos antivirus was mentioned favorably in a Linux tips youtube vid I watched earlier, but at this point I feel discomforted by the lack of readily available checksums. I'm inclined to expect the basic security step of file integrity confirmation to not only be readily available but explicitly encouraged when downloading files presented as security software.

I'd still like to explore Sophos products (once I've been offered current checksums) as Sophos products have been recommended as quality software. But I also want to strongly encourage those managing Sophos' web-pages to consider how the checksum oversight reflects upon such quality and implement solutions accordingly.

Thanks for your time and consideration,

—Kevin—



This thread was automatically locked due to age.
Parents
  • 0

     

    The checksums are not published for XG but I have let the product manager know the community would like to have these readily available.

    Thank you for your feedback.

    Regards,

    Bob

  • 0 in reply to Bianson

    Thanks for responding Bob.

    I gather then that at this point my options are to take it on faith that my downloads transfered both without anyone spoofing the Sophos site and without data corruption in transit ... or move on and explore the offerings of other vendors.

    ... Or perhaps, for now, someone on your end might find a few moments to generate a couple MD5 and/or SHA sums from trusted internal copies and post them to this thread—this thread with publicly searchable relevant keywords in the title—so as to aid discovery by others as well?

    Ever hopeful,

    Kevin

     :  }

Reply
  • 0 in reply to Bianson

    Thanks for responding Bob.

    I gather then that at this point my options are to take it on faith that my downloads transfered both without anyone spoofing the Sophos site and without data corruption in transit ... or move on and explore the offerings of other vendors.

    ... Or perhaps, for now, someone on your end might find a few moments to generate a couple MD5 and/or SHA sums from trusted internal copies and post them to this thread—this thread with publicly searchable relevant keywords in the title—so as to aid discovery by others as well?

    Ever hopeful,

    Kevin

     :  }

Children
Unfiltered HTML