Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 6 subscribers
  • Views 3893 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non believer

rjm1

On iMac running Lion (current version)

I am getting strange lists of files to be deleted from Quarantine Manager (V 8.0.4C)

Jun 11...

Threat: Mal/Phish-A

Path and Filename: /Library/Sophos Anti-Virus/com.sophos.sxl.plist,
    /Users/rjm/Library/Keychains/login.keychain,
    /Applications/MacFamilyTree.app/Contents/Resources/RippleShading.tiff
---
Did not clean up threat. Today Jun 13 got same threat  but file was an email attachment. More normal.
I am also getting the same thing on a MacBook Pro running Sophos Ver 7 and Ver 8
Filename: ,
   /Library/Keychains/System.keychain,
   /usr/lib/dyld
I do NOT want to delete these files...
Any idea what is going on???
:1007663


This thread was automatically locked due to age.
Parents
  • 0

    All the files I checked whether listed under "Path and Filename" or "Original Locations" actually existed.

    Those that were mail attachments in spam folders I located by cutting from the Quarantine Manager window and pasting into a Finder "Go to Folder" window (removing the filename). I deleted these files manually and Sophos no longer reported on them. These are files and locations that I would suspect to carry viruses.

    My Sophos preferences are set to "Log only" for "Scan Local Drives" and "Deny access" for "On-access Scanning". The last time I did a local drive scan was after I started to notice filenames listed as threats I would not wish to delete. That was under Ver 7. so I updated to Ver 8.0.4C and ran a local drive scan 2012-06-07 8:00 AM. 

    On-access Scanning resumed and so did the anomalies. (Our conversation started at that time)

    According to your Technical Guide - Original Locations: If the threat has been moved during scanning or partially removed, this element is displayed. All the original files that comprise the threat are listed.

    I find it improbable that a list of spam attachments would originate in various system libraries.

    I got an email back from the sample files I sent. In case you don't get to see these it reads…

    -----

    Hello,

    Thank you for submitting a sample to our Sophos Labs, after investigation they have stated the submitted xml files are from our system, this wouldnt have fired the ID's indicated.

    Please submit samples of actual detection's made on your machine after a system scan

    Please advise, if no response is received within 3 days this case will be automatically closed.

    Regards, 

    Sophos Technical Support

    -----

    To be in charge of the bleeding obvious for a moment. I think that has been my point… An "ntp.drift" file or "com.sophos.sav.plist" file is unlikely to be harbouring a virus and should not be showing up in Quarantine Manager. I'm happy the lab was able to confirm it.

    If I read the next line correctly they would like me to run a local drive scan and submit threat samples…

    I ran a Disk Utility Volume Repair & Repair Preferences on the iMac today - no volume errors.

    I will run a Sophos drive scan tonight and let you know what happens. I'll submit samples of threats detected...

    :1007787
Reply
  • 0

    All the files I checked whether listed under "Path and Filename" or "Original Locations" actually existed.

    Those that were mail attachments in spam folders I located by cutting from the Quarantine Manager window and pasting into a Finder "Go to Folder" window (removing the filename). I deleted these files manually and Sophos no longer reported on them. These are files and locations that I would suspect to carry viruses.

    My Sophos preferences are set to "Log only" for "Scan Local Drives" and "Deny access" for "On-access Scanning". The last time I did a local drive scan was after I started to notice filenames listed as threats I would not wish to delete. That was under Ver 7. so I updated to Ver 8.0.4C and ran a local drive scan 2012-06-07 8:00 AM. 

    On-access Scanning resumed and so did the anomalies. (Our conversation started at that time)

    According to your Technical Guide - Original Locations: If the threat has been moved during scanning or partially removed, this element is displayed. All the original files that comprise the threat are listed.

    I find it improbable that a list of spam attachments would originate in various system libraries.

    I got an email back from the sample files I sent. In case you don't get to see these it reads…

    -----

    Hello,

    Thank you for submitting a sample to our Sophos Labs, after investigation they have stated the submitted xml files are from our system, this wouldnt have fired the ID's indicated.

    Please submit samples of actual detection's made on your machine after a system scan

    Please advise, if no response is received within 3 days this case will be automatically closed.

    Regards, 

    Sophos Technical Support

    -----

    To be in charge of the bleeding obvious for a moment. I think that has been my point… An "ntp.drift" file or "com.sophos.sav.plist" file is unlikely to be harbouring a virus and should not be showing up in Quarantine Manager. I'm happy the lab was able to confirm it.

    If I read the next line correctly they would like me to run a local drive scan and submit threat samples…

    I ran a Disk Utility Volume Repair & Repair Preferences on the iMac today - no volume errors.

    I will run a Sophos drive scan tonight and let you know what happens. I'll submit samples of threats detected...

    :1007787
Children
No Data