Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 6 subscribers
  • Views 9166 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The Quarantine Manager

mustafagavor

In the past i have had problems with virus software moving vital files  like whole mailboxes to the Quarantine Manager and messing up some of my mail clients  will Sophos Anti-Virus for Mac Home Edition do this or has it better ways to deal with files.

I use ClamXAV at the moment it scans without moving the files and let me decide how to deal with them in situ

Can some point out how the Quarantine Manager works and are there any pitfalls.

:1005053


This thread was automatically locked due to age.
Parents
  • 0

    By default, the Sophos Quarantine Manager leaves files in-place.  There is an option to move files that you can enable when needed, but most of the time this is not needed.

    Instead, the Quarantine Manager keeps track of where the files are, and locks them for reading by other processes, similar to how ClamXAV works.

    Some of the pitfalls to the Quarantine Manager include difficulties disinfecting a file that is in an archive; if you have a java jar file in an email attachment in your spam mailbox folder, and this is archived to Time Machine, the easiest way to clean it up is to navigate to the file in Time Machine, delete all backups, and then delete the original from your mail application.

    Since the Quarantine Manager is real-time, if a file is being purged and then re-loaded into your cache (for example, if a malicious web page is being cached and purged), you will see the detection disappear from the quarantine and then later re-appear, as the file disappears and reappears on your filesystem.  Other than web, java, and email caches, this does not tend to happen; so if you're seeing vanishing detections, they are likely associated with one of these activities.

    :1005057
Reply
  • 0

    By default, the Sophos Quarantine Manager leaves files in-place.  There is an option to move files that you can enable when needed, but most of the time this is not needed.

    Instead, the Quarantine Manager keeps track of where the files are, and locks them for reading by other processes, similar to how ClamXAV works.

    Some of the pitfalls to the Quarantine Manager include difficulties disinfecting a file that is in an archive; if you have a java jar file in an email attachment in your spam mailbox folder, and this is archived to Time Machine, the easiest way to clean it up is to navigate to the file in Time Machine, delete all backups, and then delete the original from your mail application.

    Since the Quarantine Manager is real-time, if a file is being purged and then re-loaded into your cache (for example, if a malicious web page is being cached and purged), you will see the detection disappear from the quarantine and then later re-appear, as the file disappears and reappears on your filesystem.  Other than web, java, and email caches, this does not tend to happen; so if you're seeing vanishing detections, they are likely associated with one of these activities.

    :1005057
Children
No Data