DELETING A THREAT MANUALLY - FINDING THE THREAT

---

Agile wrote:

...  there's extensive discussion on here about which Sophos log does what (and also in the help found under the Help menu).  However, I always find the easiest way is to open up Console.app and navigate to FILES > ~/Library/Logs > Sophos Anti-Virus > Scans

---

1- I hate this BBS system you are using... (or whatever you want to call Lithium) it has to have the most non-intuitive  interface  -- I.e. unlike the rest of such software on the web that I use  :(

2- Thanks for the pointer! As far as I can tell, this log file you mention is completely undocumented. (Or if it is... that documentation is seriously hidden.) The only log "documented," is the System level log found in the Preferences/logging panel. 

3- This log's location  is completely illogical. Why on earth would a program which runs as root store its output under some arbitrary user id... especially when it is at the same time maintaining a system level log.

4- Now that I've looked at this scan log, I see why you don't tell people that it exists.... you'd have to explain all the messages found in the log, such as: 

Corrupt file: ... (most seem to be .zip files, but also a couple of zhtml, rar, Z formats)

                      Interestingly, I know what all these files are and in most cases haven't touched them for ages, implying that A) they might really be

                      corrupt or B) they are from "ancient" versions of compression programs.

Issue: engine found an unrecognised file format at:   ... (all seem to be .dmg files)... and actually the same file with multiple iterations in

                     "Backups.backupdb"

The log does show that the threat files are all also in the infamous "Backups.backupdb" ... i.e. on the Time Machine backup disk.

---

Agile wrote:

...  there's extensive discussion on here about which Sophos log does what (and also in the help found under the Help menu).  However, I always find the easiest way is to open up Console.app and navigate to FILES > ~/Library/Logs > Sophos Anti-Virus > Scans

---

1- I hate this BBS system you are using... (or whatever you want to call Lithium) it has to have the most non-intuitive  interface  -- I.e. unlike the rest of such software on the web that I use  :(

2- Thanks for the pointer! As far as I can tell, this log file you mention is completely undocumented. (Or if it is... that documentation is seriously hidden.) The only log "documented," is the System level log found in the Preferences/logging panel. 

3- This log's location  is completely illogical. Why on earth would a program which runs as root store its output under some arbitrary user id... especially when it is at the same time maintaining a system level log.

4- Now that I've looked at this scan log, I see why you don't tell people that it exists.... you'd have to explain all the messages found in the log, such as: 

Corrupt file: ... (most seem to be .zip files, but also a couple of zhtml, rar, Z formats)

                      Interestingly, I know what all these files are and in most cases haven't touched them for ages, implying that A) they might really be

                      corrupt or B) they are from "ancient" versions of compression programs.

Issue: engine found an unrecognised file format at:   ... (all seem to be .dmg files)... and actually the same file with multiple iterations in

                     "Backups.backupdb"

The log does show that the threat files are all also in the infamous "Backups.backupdb" ... i.e. on the Time Machine backup disk.