Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 2913 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New user to Sophos for Mac - problems reported in log

jasimon9

I have been evaluating AV products for the Mac. I am disappointed with several of the "star performers" from the Windows world, because they are buggy or unstable. So far Sophos seems the most trouble free.

However, after doing a full system scan, there were several issues that I think are problems with Sophos rather than actual malware. There was one file that I believe is a false positive. I uploaded that file to Sophos and they confirmed it was clean.

The reason I am writing this message is because the full scan also reported several "corrupted files", which I do not believe are corrupted. Typically they are bz2 files, but also some dmg, jar and exe files.

Is there a problem with this version of Sophos where it reports corrupted files that are not in fact corrupted?

:1006919


This thread was automatically locked due to age.
Parents
  • 0

    There are certain kinds of files (mostly the types you mentioned) that are container archives which can actually contain different kinds of data.  Sophos appears to not be detecting a few variants, which then get listed as corrupt, because they're similar enough to another variant to validate as that type, but not verify as being complete.  I already have a defect ticket raised against these, so it should be fixed in a future version of the product engine.

    Sophos also tends to be more conservative than some others in file validation.  Therefore, a file may run properly on the system it is designed for with the software that normally runs it, but Sophos may identify that the file is actually not sticking to the official specification, and mark it as corrupt.  When you see "corrupt" it is often useful to read that message as "file format is not completely valid" -- the contents may still be perfectly accessible.

    That said, I encourage you to submit any files flagged as corrupt, noting that the file is a '"problem file" flagged as corrupt' in the item submission.  This way, if there are some file types not already flagged for update, they can be added to the list.

    :1006969
Reply
  • 0

    There are certain kinds of files (mostly the types you mentioned) that are container archives which can actually contain different kinds of data.  Sophos appears to not be detecting a few variants, which then get listed as corrupt, because they're similar enough to another variant to validate as that type, but not verify as being complete.  I already have a defect ticket raised against these, so it should be fixed in a future version of the product engine.

    Sophos also tends to be more conservative than some others in file validation.  Therefore, a file may run properly on the system it is designed for with the software that normally runs it, but Sophos may identify that the file is actually not sticking to the official specification, and mark it as corrupt.  When you see "corrupt" it is often useful to read that message as "file format is not completely valid" -- the contents may still be perfectly accessible.

    That said, I encourage you to submit any files flagged as corrupt, noting that the file is a '"problem file" flagged as corrupt' in the item submission.  This way, if there are some file types not already flagged for update, they can be added to the list.

    :1006969
Children
No Data