How to view full path to virus infected file

Hi dogpaw,

If the path for a threat is too large to show in the Quarantine Manager, the path will be truncated in the middle so you can see what the filename of the infected file is and the volume where it resides (and as much of the path as possible). The complete path for a threat is shown in the scan log for the scan that found the infected file.

- If you found the item through a Custom Scan select the Custom Scan in the Sophos Anti-Virus window, then choose 'View Scan Log' from the Action pop-up menu (the cog icon).

- If you found the item through a right-click Finder scan, the window for that scan has a 'View Scan Log' button

- If you found the item through Scan Local Drives, select 'View Scan Log' from the 'Scan' menu

- If you found the item through On-access scanning, choose 'Preferences' from the Sophos Anti-Virus menu. In the Logging pane, select 'View Log'

I hope that helps

Joe

Thanks for the reply. For some reason I didn't a notice so I just noticed this reply. Thank you.

Next, I'm looking at your instructions on Mac for manually removing the threats.

"In the Options tab, select 'Delete threat' from the drop down menu."

If/When I "Delete" a threat, does that delete the infected file? Or just the virus itself is removed/deleted from the file? I'm looking at the list of infected files and I definitely need to keep most, if not all, the files.

Thanks

HI Dogpaw,

When selecting the "Delete threat" option the entire infected file is deleted from the system and will NOT be in the trash.

What infections have you found, and what type of files are infected? 

Thanks

CFT

There are many old .html files of old website files I have archived on my machine.

---

Joe wrote:

- If you found the item through On-access scanning, choose 'Preferences' from the Sophos Anti-Virus menu. In the Logging pane, select 'View Log'

---

While SAV does do in-file virus cleanup (if a virus has infected an existing file, the virus can be removed), in your case this won't happen, as it's not a viral infection, but a malicious iFrame or javascript hosted in the indicated web page.

As far as I know, the product does not clean up HTML files, only deletes them. However, if you don't mind potentially damaging the display/content of those files, you can just use a text editor or html editor to strip out all the javascript and invisible iFrames (iFrames with a size of 0).  I'd recommend converting the pages to a format that strips the iFrames and Javascript, unless you require the original format for some reason. Save as PDF works well, for example (but creates static content).  My guess is that this will get rid of all your malware alerts.

That said, if the files are old, it's likely that the websites the malware redirects you to no longer carry a payload (which is likely Windows-only). Avoid being a Typhoid Mary; don't share those old archives with a Windows OS, as they may end up compromising the system. If you do require them to be in their pristine condition, just group them all together and exclude their folder from scanning. BE CAREFUL, as there WAS malicious content detected in the files.  Leaving them in their current malicious state is not recommended.