Installation failed - 6 times!!

Have you attempted to install it using an administrator account, or is this being done from a limited user account?

The first thing I'd suggest doing is logging in with an administrator account to install the software.  If you're already doing that, also try repairing disk permissions using Disk Utility prior to attempting to install.

It sounds like either the kernel extension or the InterCheck component is failing to install -- and these need full system access.

Thanks for the suggestions. Sorry for the late reply, I have been out a lot.

I am the only user, I am always logged in as admin.

I repaired disk permissions, and downloaded a new file. I still got the final screen of the installer saying the installation had failed and I should contact the manufacturer, although the second-last screen said it had worked. 

There is no Sophos icon in the menu bar, but I was able to start the program from the icon which had appeared in the applications file and scan the machine. It shut down on completion (I was out), but when I restarted it I could view the scan log. Apparently it removed a trojan from an old file in an archive folder ...

So is it installed properly now? Is it safe? should I uninstall and try yet again?

Any further adviice gratefully received.

N

The on-demand scanner is installed, but the menu bar item appears to be disabled.  If you go to wikipedia and search for the eicar page (and download the file), does it get detected?  If it doesn't, on-access scanning is not enabled.

Which OS X version are you using?

Sorry for delayed reply - I wasn't around to look at the board.

I looked at the Wikipedia page but there was no link to download the file, just a text string in the body of the page. The article says it runs on MS and OS/2, doesn't mention Mac OS at all. I went to the EICAR site and downloaded the file. When I ran Sophos from the Applications folder it detected the "threat" and cleaned it up.

So does that mean it's just the icon in the menu bar that's not working. If so, how can I switch it on? and what's the difference between on-demand and on-access scanning? Sorry if that seems like a stupid question, but I've never needed an antivirus program before and I've been a Mac user since 1985!

OSX version: I have 10.6.8.

Thanks for your advice so far, hope you can steer me through this, I'm not very well up in this stuff.

Naomi

Hello Naomi,

so it seems to be working. As for the menu bar icon - please verify that the option Show Status in Menu Bar is checked, you can see it be either ctrl-clicking the dock icon or from the Sophos Anti-Virus menu (should be near the top in both cases). If it is and it still doesn't display maybe Andrew has a suggestion.

As for On-Demand vs. On-Access: On-Demand means you tell it what (or where) to scan and when. That's how you did it in the early days of AV - you got a diskette from someone or somewhere and scanned it to make sure it is clean (of course you had to make sure you have the latest version of the AV software and the "AV-library"). Then came Autorun, all kind of "ease of use" (and later downloads, self-extractors and eventually the "Web-experience"). While it simplified things it introduced also problems. To name just a few: 1) with Autorun "something" just starts to execute before you have a chance to scan it, 2) similar self-extractors - often you can't even "see" everything that's packed inside, 3) web pages run programs and a manual download-scan-run is practically impossible. Therefore any decent AV does now On-Access scans - whenever a file is about to be opened (used, run, etc.) the AV intercepts the request, scan the file and decides whether to allow the open to proceed or not. BTW - a common question is, is(n't) it necessary to scan inside archives (or containers like email)? For On-Access the answer is no as the contents are first extracted to (temporary) files and only then "put to use" - which means they have to be opened and at this point the On-Access scanner kicks in. Of course the scanners usually understand "inside" as "content which has to be extracted to a disk file before being used". Obviously you should try to avoid exclusions (unfortunately some software is still written in a manner that doesn't go too well with scanners - similarly some ways to pack your luggage guarantee a long time spent with airport security :smileywink:).

HTH

Christian         

---

NaomiH wrote:

Sorry for delayed reply - I wasn't around to look at the board.

I looked at the Wikipedia page but there was no link to download the file, just a text string in the body of the page. The article says it runs on MS and OS/2, doesn't mention Mac OS at all. I went to the EICAR site and downloaded the file. When I ran Sophos from the Applications folder it detected the "threat" and cleaned it up.

So does that mean it's just the icon in the menu bar that's not working. If so, how can I switch it on? and what's the difference between on-demand and on-access scanning? Sorry if that seems like a stupid question, but I've never needed an antivirus program before and I've been a Mac user since 1985!

OSX version: I have 10.6.8.

Thanks for your advice so far, hope you can steer me through this, I'm not very well up in this stuff.

Naomi

---

I'll attempt to answer the questions one at a time.

Eicar doesn't actually "run" on any platform; it is a harmless series of bytes agreed upon by most AW companies to act as a test file.  As such, it is the best file to use to test the basic functionality of any AV software.

This does mean that on-access scanning is working for you.  There are a number of threads on this forum discussing reasons why the menu icon may not show up for you: the basic one is that it has been turned off in the preferences of Sophos Anti-Virus.  Alternatively, it may not show up if there isn't enough room on the menu bar, or if certain login conditions exist.

On-Demand scans are usually run from within the Sophos Anti-Virus application itself; there's a general scan, and you can also create custom scans.  These are usually "deeper" scans that dig deep into archives, and scan all available files in the section of the file system being scanned.

On-Access scans scan each file prior to access by the operating system -- when they are opened for reading or writing, from/to the hard drive.

I'm impressed that you made it through the 1987 to 1994 period of the Macintosh system without encountering any viruses... most people ran Disinfectant Init (gold shield with a V in the middle) during this period due to the prevalence of viruses such as WDEF-A, MDEF-A and nVIR-B.  Of course, I guess if you weren't in a networked environment and didn't share floppies, you were unlikely to be infected.

As an aside, I always thought WDEF-A was one of the most interesting viruses of the time, as all you needed to do to clean it up was rebuild your desktop by holding down command-option while launching the Finder.   This deleted the Desktop DB file where the infected WDEF resource was located.  When the Macintosh systems with the new multiple-DB desktop files were released, WDEF viruses could no longer infect the new format, and the problem dried up relatively quickly.

Thank you ,that's very informative. I had checked the preferences very early on. the menu icon is enabled and I would think there'd still be room for such a small icon, but who knows? I guess it's actually working as it dealt with the eicar file, but I'm still concerned that the installer said the installation wasn't correct/complete ...

Thanks again - N

It sounds like the setup script didn't get the menu item loaded for some reason -- you might want to run disk utility and repair disk permissions and verify your drive.

I take it disabling and re-enabling the menu item doesn't make it show up?

Thanks for all the information, Andrew, that's very helpful.

In fact you're right, I'd completely forgotten about Disinfectant. My youngest brought a floppy home that his mate's elder brother had got from uni, with a game of some sort, and infected my Mac Plus with something. Deep parental displeasure and Disinfectant dealt with that, and the machine was never networked. It was the only computer in the house until about 1990, and all my on-line activity was on Compuserve at that time ;-)

I've checked the preferences again, the menu bar icon is switched on, but there's still nothing showing. so does the fact that the proram reported the eicar file as soon as I started it mean that everything's working normally? should I start Sophos when I boot up to be on the safe side? I'm still worried about the failure report in the installer - do you think this situation's safe?

Thanks again for all your help.

Naomi

It sounds like the situation's safe, but that the install did not successfully complete.  You may want to try running the uninstaller, and then installing again.

Then again, the only critical thing the menu item provides is an indication of when your data is out of date/your scanner is disabled.  For regular day-to-day operations, you probably won't miss it much.