He tried to open a quarantined file, once with the 'cat' command
and once with vi, as root, and both times Sophos warned him and
prevented him from proceeding. Now, the code for the 'cat'
command is quite simple, it basically just does a open(2)
of the file and then issues a series of read(2). My question
is: Does Sophos actually intercept the system calls in order
to make sure no application opens an infected file? If so,
wouldn't that introduce a HUGE performance penalty on the
everything happening on the machine, since these system calls
are so crucial?

Well, you answered my question, then (in the other comment thread).

Thanks. And greetings.

Hey, are you Peter Seebach? If so, just a few comments above yours, I provided a link
to your insightful (and funny) Hacker FAQ. I've always recognized myself in it.

Have you ever considered reformating it to a more modern HTML document? It's simply
that in its present form, it really DOES look like a text from 1999... it shows
its age. :-)

See, for instance, section 2 (Productivity) of the Hacker FAQ.