InterCheck
technology
In Sophos Anti-Virus, the fast scanning speed of the virus engine is complemented by Sophos?s patented InterCheck technology, which
optimises on-access virus detection by filtering files as they are accessed to determine whether they need scanning for viruses.
InterCheck intercepts any request to access a file and calculates a
checksum, a unique identifier for every file. If the file has not been
modified since the last time it was filtered by InterCheck, a matching checksum will exist and the access is allowed.
If the file has been modified, or if it is new, a copy of the file is sent to the virus engine for scanning. Every time a file changes, the checksum becomes invalid; after the file has been scanned and
providing it is virus-free, a new checksum is created.
If the file is found to contain a virus, InterCheck prevents the file from being opened until it is disinfected by the virus engine. InterCheck also provides centralised messaging of any virus incident anywhere on the network.
InterCheck?s unique approach means that performance overheads are kept to a minimum no matter how the number of viruses grows over the years. This has particular advantages in a multi-user
environment where several hundred users might be accessing the same server-based files.
This is copy&paste from SOPHOS PDF:
http://www.sophos.com/sophos/docs/eng/evaluation_guide.pdf
I was wondering if this InterCheck Technology really makes a big difference? Is checksuming really that faster than checking file?