First report of 178 Virus Threats in Sophos Free for Mac

---

JohnHenry wrote:

I just switched from MacScan to Sophos free for Macs at the suggestion of my Mac user group. In 20 minutes today it gave a warning of nearly 50 virus threats. It asked me run a scan, which I did, and it then reported 178 threats total. However, when I now open Quarantine, it shows nothing! When I spot-checked the reports that all said "clean up manually" they all said they were for only for Windows OS. I thought I downloaded the Mac virus protection! Sophos would not clean up the four reports that merely said "Clean Up" - I tried over and over.  

All the instructions seem to be for Windows, not Mac. It says to delete the viruses where they reside. How do I find out WHERE they reside? Sophos also said the one sample file I emailed them was not malicious and I should "authorize it." What the heck does that mean? Also said something about HIPS - have no idea what that is. Sophos support won't answer anything since this is the free version. They said to work with my IT dept.  -  I am a one-man business. Why do they distribute virus protection for Windows but call it for Macs? Is there any way to identify only Mac malware and viruses? I followed the "How to remove..." instructions explicitly; Restart never appeared, and cleaned-up threats were never deleted from the list as it says they are.

My website was just hacked recently for the second time so naturally I'm extremely concerned about these reports.

NEXT DAY: Am I going to get any response whatever? The Sophos tech support merely sends boilerplate refusals to help in any way - they won't even answer why the supposed virus security software for Macs seems to be only for WINDOWS!  What in the world am I to do with the 178 Virus Threats I got, which now have disappeared from the Quarantine?  I'm afraid to send out any vital emails.  If I agree to pay some $ can I actually get professional answers to my questions? And approximately How Much??

---

Hi JohnHenry,

Thank you for trying out Sophos Free Mac Home AV.   Did you read the documentation regarding the product prior to downloading it?

This product is a free service from Sophos provided solely for home use too Mac OS X users that uses the exact same detection engine used in our Enterprise product line; it does not come with support, other than what you find in this forum.  Searching this forum will find answers to all of the questions you have asked in your post, and most of the answers are also found in the Help (Open Sophos Anti-Virus, click the Help menu, and select Sophos Anti-Virus help).

The Quarantine interface is quite intelligent, and will only display items that still exist on your system.  Since you had a large number of quarantined files that indicated they were Windows only, I would suspect that the files detected were likely in your Java cache folder or your web cache folder -- both of which get purged by the OS on a regular basis.  This means that after the OS deleted the files from your system, they also vanished from Quarantine.  You can look in the scan log (Scan->> View Scan Log, or open Console.app and navigate to Files > ~/Library/Logs > Sophos Anti-Virus > Scans) to see what was actually logged.

On the page where you went to view the removal instructions, you will find Windows instructions at the top of the page, and Mac instructions at the bottom of the page.  Please follow the instructions in the Mac section.

If you emailed a sample to Sophos, you were sending it in to Enterprise Support, which would automatically pass it on to SophosLabs.  Since the Labs only handle Enterprise submissions except by specific request (where we ask a user to send us a sample), the handling of the submission and the response assume you are using the enterprise product.

Sophos Free Mac Home AV is not for business use; we do have a small business solution that comes with support.

In the Enterprise product, the IT manager has an Enterprise Console that allows them to remotely control the installations on each end point (PC) and set policies.  From this console interface, the manager can authorise a file that fires suspicious heuristics (using HIPS, a behavioural detection system, which is why this was mentioned in the response).

All website-based documentation lists the Windows steps first, and the Mac (and other platform) steps second, as most of our customers use Windows.  They are all listed on the same page (notice the headings... 1. Using Enterprise Console, 2. Windows 2000+ with Sophos AV 9.x, 3. Windows 95/98, 4. Mac OS X computers, 5. NetWare....).  You want the instructions for OS X, not the ones for the other platforms.

So, to summarize:

• Please read the documentation, and search these forums for your answers as a first step to finding your answers.  Post a question here if you do not find the answer you need in the documentation provided nor on this forum.

• This free product is not supported by Enterprise support.
• This free product is not for business use; even a home business.
• This free product includes enterprise-level detection for all malicious files, no matter what system they target.  It detects malicious scripts injected into web pages, Windows malware, OS X malware, classic MacOS malware, and even Apple ][ malware and DOS malware.  As all of this can end up being dropped on your computer, even if it can't actually harm your computer, we alert you as to its presence, and prevent it from even attempting to execute.

If you are a single user running a home business, Sophos Free Mac Home AV is not for you, and likely our small business product is not your best choice either.  You would be better served by one of the other commercial offerings out there; About.com has a good summary.

I hope this answers your questions and concerns.

---

JohnHenry wrote:

I just switched from MacScan to Sophos free for Macs at the suggestion of my Mac user group. In 20 minutes today it gave a warning of nearly 50 virus threats. It asked me run a scan, which I did, and it then reported 178 threats total. However, when I now open Quarantine, it shows nothing! When I spot-checked the reports that all said "clean up manually" they all said they were for only for Windows OS. I thought I downloaded the Mac virus protection! Sophos would not clean up the four reports that merely said "Clean Up" - I tried over and over.  

All the instructions seem to be for Windows, not Mac. It says to delete the viruses where they reside. How do I find out WHERE they reside? Sophos also said the one sample file I emailed them was not malicious and I should "authorize it." What the heck does that mean? Also said something about HIPS - have no idea what that is. Sophos support won't answer anything since this is the free version. They said to work with my IT dept.  -  I am a one-man business. Why do they distribute virus protection for Windows but call it for Macs? Is there any way to identify only Mac malware and viruses? I followed the "How to remove..." instructions explicitly; Restart never appeared, and cleaned-up threats were never deleted from the list as it says they are.

My website was just hacked recently for the second time so naturally I'm extremely concerned about these reports.

NEXT DAY: Am I going to get any response whatever? The Sophos tech support merely sends boilerplate refusals to help in any way - they won't even answer why the supposed virus security software for Macs seems to be only for WINDOWS!  What in the world am I to do with the 178 Virus Threats I got, which now have disappeared from the Quarantine?  I'm afraid to send out any vital emails.  If I agree to pay some $ can I actually get professional answers to my questions? And approximately How Much??

---

Hi JohnHenry,

Thank you for trying out Sophos Free Mac Home AV.   Did you read the documentation regarding the product prior to downloading it?

This product is a free service from Sophos provided solely for home use too Mac OS X users that uses the exact same detection engine used in our Enterprise product line; it does not come with support, other than what you find in this forum.  Searching this forum will find answers to all of the questions you have asked in your post, and most of the answers are also found in the Help (Open Sophos Anti-Virus, click the Help menu, and select Sophos Anti-Virus help).

The Quarantine interface is quite intelligent, and will only display items that still exist on your system.  Since you had a large number of quarantined files that indicated they were Windows only, I would suspect that the files detected were likely in your Java cache folder or your web cache folder -- both of which get purged by the OS on a regular basis.  This means that after the OS deleted the files from your system, they also vanished from Quarantine.  You can look in the scan log (Scan->> View Scan Log, or open Console.app and navigate to Files > ~/Library/Logs > Sophos Anti-Virus > Scans) to see what was actually logged.

On the page where you went to view the removal instructions, you will find Windows instructions at the top of the page, and Mac instructions at the bottom of the page.  Please follow the instructions in the Mac section.

If you emailed a sample to Sophos, you were sending it in to Enterprise Support, which would automatically pass it on to SophosLabs.  Since the Labs only handle Enterprise submissions except by specific request (where we ask a user to send us a sample), the handling of the submission and the response assume you are using the enterprise product.

Sophos Free Mac Home AV is not for business use; we do have a small business solution that comes with support.

In the Enterprise product, the IT manager has an Enterprise Console that allows them to remotely control the installations on each end point (PC) and set policies.  From this console interface, the manager can authorise a file that fires suspicious heuristics (using HIPS, a behavioural detection system, which is why this was mentioned in the response).

All website-based documentation lists the Windows steps first, and the Mac (and other platform) steps second, as most of our customers use Windows.  They are all listed on the same page (notice the headings... 1. Using Enterprise Console, 2. Windows 2000+ with Sophos AV 9.x, 3. Windows 95/98, 4. Mac OS X computers, 5. NetWare....).  You want the instructions for OS X, not the ones for the other platforms.

So, to summarize:

• Please read the documentation, and search these forums for your answers as a first step to finding your answers.  Post a question here if you do not find the answer you need in the documentation provided nor on this forum.

• This free product is not supported by Enterprise support.
• This free product is not for business use; even a home business.
• This free product includes enterprise-level detection for all malicious files, no matter what system they target.  It detects malicious scripts injected into web pages, Windows malware, OS X malware, classic MacOS malware, and even Apple ][ malware and DOS malware.  As all of this can end up being dropped on your computer, even if it can't actually harm your computer, we alert you as to its presence, and prevent it from even attempting to execute.

If you are a single user running a home business, Sophos Free Mac Home AV is not for you, and likely our small business product is not your best choice either.  You would be better served by one of the other commercial offerings out there; About.com has a good summary.

I hope this answers your questions and concerns.