Sophos stops working when my mac starts up

I too began having this problem recently although I cannot say when it first started.

Running 10.7.4 Server as of last week, but the problem manifested several weeks before that, possibly when I first updated to 10.7.4.

I uninstalled SAV, then downloaded a fresh .dmg of 8.0.5C and reinstalled it. Initially the shield was black in color with the indicator of an arrow probably indicating an update in progress. Soon after that, the sheild went to gray with an 'S' and no 'X" and has stayed that way.

From the Console log, these two entries appear to be pertinent:

7/22/12 8:28:48.000 AM kernel: Sophos Anti-Virus on-access kext activated

7/22/12 8:33:41.604 AM com.apple.SecurityServer: Failed to authorize right 'com.sophos.cleanup' by client '/Library/Sophos Anti-Virus/SophosAntiVirus.app' [131] for authorization created by '/Applications/Sophos Anti-Virus.app' [396]

The SAV log does not show any errors.

UPDATE to my previous post:

I worked on the problem a bit more and think I have it figured out.

I wasn't aware that OS X Server installs ClamAV, an opensource AV checker. Some software such as Fink and Darwinports also install ClamAV. I found reference to ClamAV when I went further into the Console Log and figured that if Sophos AV didn't depend on it, it needed to go.

The easy way to uninstall the ClamAV engine is to download and install ClamXAV, a GUI interface to ClamAV. It will overwrite the system-installed version. Restart, then use the uninstaller which comes with ClamXAV and it will successfully get rid of ClamAV.

Restart and Sophos On-Access will perform as it was designed to.

I'm having the same problem. I using Sophos for mac home edition, which seemed to work well when I installed it about 3 weeks ago and then I got a Sophos message a few days ago telling me that the Sophos "On-Access Scanning is disabled."

I'm running Sophos 8.0.5C on a 1 year old mac mini running OS X 10.7.4.

I finally removed Sophos and reinstalled it yesterday and the on-accessing scanning was enabled. But, when I turned my mac on this morning, the problem had returned.

I guess what I really want know is: Is this problem caused by a Sophos bug or is it caused by some new virus? Clearly, reinstalling Sophos every time I turn on my mac will be problem for me, since I turn it off every night.

A few weeks ago somebody hacked into my Yahoo account, which is why I installed Sophos. I scanned my mac and no viruses were found 3 days ago, but I'm still feeling pretty paranoid?

Anyone have an answer to my question above?

Thanks.

Nact, I mentioned a procedure in the post previous to yours about this problem and how I fixed it.

Check your Console Log and see if there are any references to ClamAV in the log. If you find any, follow the steps I outlined and that will probably fix your problem.

Have a great day.

George

Hmm... does everyone having this specific problem with the menu item have SIMBL installed?  Considering what SIMBL does (injects code into other applications) and the fact that it hasn't been updated since Jan 28, 2011, and the last fix that was related to the relevant code section was adding support for Snow Leopard, I'd suggest disabling it as a first test.

Second thing to check is if it works with Live Protection disabled.

How does one go about temporarily disabling SIMBL? I'm wondering what even installed it in the first place.

(footnote - I'm on 10.7.4)

Try moving /Library/Application Support/SIMBL/, /Library/ScriptingAdditions/SIMBL.osax and /Library/InputManagers/SIMBL.  The contents of the Application Support folder will give you a hint as to what installed it (that's where the bundles live that SIMBL injects).

See http://www.macupdate.com/app/mac/18351/simbl/ for other user's feedback, and http://en.wikipedia.org/wiki/SIMBL for more information on what SIMBL actually does.