Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 6 subscribers
  • Views 17670 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 8.0.1c stalled?

pkcyll

Looking at older threads seems to indicate that Sophos has a history of stalls.

I launched a scan about 8 hours ago. Maybe 100,000 files have been scanned but the program has been stalled with 1,450,354 files remaining for most of that time.

Reading the older threads, I disabled compressed and archive scanning and the program is not scanning networked volumes. Sophos is taking about 2-3% CPU. Nothing is happening on my 2.8 GHz Intel Core 2 Duo (4 GB RAM) running 10.7.3.

I had Sophos scan my mac mini this morning and while the scamn was not a speed demon, it did finish the scan within 2 hours.

Ah... down 1,450,353 files to scan. At this rate, .... 

Any clues as to why Sophos is so slow? Do I need to stop and restart the program if I made some changes via the Preferences... menu?

:1005835


This thread was automatically locked due to age.
Parents
  • 0

    There were a few items detected as threats, and some corrupt files. There were also several in an "unrecognized format", although they're all dmg.

    2012-04-10 17:14:43 -0700 Issue: engine found an unrecognised file format at: /Users/Xxx/Software/Stuffit/Stuffit Deluxe 15.0.4/Stuffit Deluxe 15.0.4.dmg.

    2012-04-10 16:46:17 -0700 Issue: engine found an unrecognised file format at: /Users/Xxx/Software/Games/Monopoly/Monopoly.dmg

    Also several that were supposedly "enrypted", but they aren't, they're just dmg, too:

    2012-04-10 17:13:08 -0700 Encrypted file: /Users/Xxx/Software/Screensavers/Digital Minds ScreenSavers/Space Plasma 3D 1.1.dmg.

    It's even telling me my copy of Lion is corrupted:

    2012-04-10 16:59:05 -0700 Corrupt file: /Users/Xxx/Software/Lion/Mac OSX Lion 10.7.3.dmg

    When I opened the Quarantine Manager, there wer several items visible, but they all vanished after about 2 seconds, before I could even check them.


    Apple DMG is a container format, like MOV or PAX or many others.  The actual volume inside the container can be in a number of formats.   Since it's up to the DMG to report what format is inside, it is possible for a DMG to contain a non-standard object.  The unrecognized file format is not the DMG itself, but a file inside the DMG.

    This also explains the encrypted items - a lot of DMGs contain encrypted segments.

    As for the corrupt DMG: this is a known issue with the 7.3 engine -- and I had believed it had already been fixed, at least in the version 8.0 product.  Apple added a new container type to handle Lion's new partition structure, and the old engine had issues with a few of the changes.

    Of course, if you mount any of those DMGs, both products will have no problems scanning the contents on access or on demand.

    :1006149
Reply
  • 0

    There were a few items detected as threats, and some corrupt files. There were also several in an "unrecognized format", although they're all dmg.

    2012-04-10 17:14:43 -0700 Issue: engine found an unrecognised file format at: /Users/Xxx/Software/Stuffit/Stuffit Deluxe 15.0.4/Stuffit Deluxe 15.0.4.dmg.

    2012-04-10 16:46:17 -0700 Issue: engine found an unrecognised file format at: /Users/Xxx/Software/Games/Monopoly/Monopoly.dmg

    Also several that were supposedly "enrypted", but they aren't, they're just dmg, too:

    2012-04-10 17:13:08 -0700 Encrypted file: /Users/Xxx/Software/Screensavers/Digital Minds ScreenSavers/Space Plasma 3D 1.1.dmg.

    It's even telling me my copy of Lion is corrupted:

    2012-04-10 16:59:05 -0700 Corrupt file: /Users/Xxx/Software/Lion/Mac OSX Lion 10.7.3.dmg

    When I opened the Quarantine Manager, there wer several items visible, but they all vanished after about 2 seconds, before I could even check them.


    Apple DMG is a container format, like MOV or PAX or many others.  The actual volume inside the container can be in a number of formats.   Since it's up to the DMG to report what format is inside, it is possible for a DMG to contain a non-standard object.  The unrecognized file format is not the DMG itself, but a file inside the DMG.

    This also explains the encrypted items - a lot of DMGs contain encrypted segments.

    As for the corrupt DMG: this is a known issue with the 7.3 engine -- and I had believed it had already been fixed, at least in the version 8.0 product.  Apple added a new container type to handle Lion's new partition structure, and the old engine had issues with a few of the changes.

    Of course, if you mount any of those DMGs, both products will have no problems scanning the contents on access or on demand.

    :1006149
Children
No Data