DELETING A THREAT MANUALLY - FINDING THE THREAT

I just installed Sophos last night.

My experience in my first 24 hours with Sophos has not been particularly encouraging.

It installed easily enough, but that's where the positive experience ended.

Sophos never completed the "scan local drives,"  (1 million out of 3 million files) but that is a different issue.

(And yes, I was able to continue to do things while it was apparently running.)

That scan, or the mail intercept, did come up with 4 files in the Quarantine Manager. All four are marked "Clean up manually."

Being new to Sophos, I tried to follow the Quarantine Manager's instructions, so I clicked on the triangle "Thread details."

Three of the four file are in "Backups.backupdb" which resides on a "real voluime".

The fourth file  however, shows only "/.../" for the volume name, as well as what is probably a bogus filename, but since I can't find it, I can't tell.

     /Volumes/…/2/mail.zip [mail.zip/mail.txt                                                                        .exe]

Then it tells me "Please click the threat name above for manual cleanup instructions." 

I click the link and I'm taken to a web site and page giving instructions for every operating system EXCEPT the Mac OSX.

And those instructions are not easily found themselves. The page looks itself like a typical "phishing" web-page advertising anti-virus software. "Download a free security scan. Find threats your anti-virus missed".... duh... Sophos was the anti-virus, and now you want me to download something else ... yeah, right.  ... and I happen to be an old VMS Sys Admin, so THAT reference was interesting.

At any rate...

---

Agile wrote:

The complete path to the threat can be found in the scan log.

---

In fact the scan log (Preferences/Logging).... /Library/Logs/Sophos anti-Virus.log - clicking "view log" does not  contain these "successful" problems found... only lots of ".ide" file listings. AND several files which were never listed in the quarantine and which apparently no longer exist...

so, I'm kind of at a loss as to how to "clean up manually" these files. 

The issue of sophos being able to deal with Time-Machine backups, I'll let ride at the moment, since it appears that others have commented on it extensively.

I decided to try Sophos because of the review it received in MacTech Magazine (January 2011), but it appears that whoever wrote that article was not really a Mac person at all. As this piece of software, while superficially "Mac-like" is like so much other software .... simply Windows software that now runs on OSX because it's an Intel box. 

I just installed Sophos last night.

My experience in my first 24 hours with Sophos has not been particularly encouraging.

It installed easily enough, but that's where the positive experience ended.

Sophos never completed the "scan local drives,"  (1 million out of 3 million files) but that is a different issue.

(And yes, I was able to continue to do things while it was apparently running.)

That scan, or the mail intercept, did come up with 4 files in the Quarantine Manager. All four are marked "Clean up manually."

Being new to Sophos, I tried to follow the Quarantine Manager's instructions, so I clicked on the triangle "Thread details."

Three of the four file are in "Backups.backupdb" which resides on a "real voluime".

The fourth file  however, shows only "/.../" for the volume name, as well as what is probably a bogus filename, but since I can't find it, I can't tell.

     /Volumes/…/2/mail.zip [mail.zip/mail.txt                                                                        .exe]

Then it tells me "Please click the threat name above for manual cleanup instructions." 

I click the link and I'm taken to a web site and page giving instructions for every operating system EXCEPT the Mac OSX.

And those instructions are not easily found themselves. The page looks itself like a typical "phishing" web-page advertising anti-virus software. "Download a free security scan. Find threats your anti-virus missed".... duh... Sophos was the anti-virus, and now you want me to download something else ... yeah, right.  ... and I happen to be an old VMS Sys Admin, so THAT reference was interesting.

At any rate...

---

Agile wrote:

The complete path to the threat can be found in the scan log.

---

In fact the scan log (Preferences/Logging).... /Library/Logs/Sophos anti-Virus.log - clicking "view log" does not  contain these "successful" problems found... only lots of ".ide" file listings. AND several files which were never listed in the quarantine and which apparently no longer exist...

so, I'm kind of at a loss as to how to "clean up manually" these files. 

The issue of sophos being able to deal with Time-Machine backups, I'll let ride at the moment, since it appears that others have commented on it extensively.

I decided to try Sophos because of the review it received in MacTech Magazine (January 2011), but it appears that whoever wrote that article was not really a Mac person at all. As this piece of software, while superficially "Mac-like" is like so much other software .... simply Windows software that now runs on OSX because it's an Intel box.