SAV and TimeMachine

Sophos is still investigating the issue reported by a small number of users on this forum about Time Machine backups being deleted whilst running Sophos Anti-Virus for Mac Home Edition. As a precautionary measure, while our investigation continues, we would recommend that, if you detect malware in your Time Machine backup,you do not tell Sophos to clean it up.

From a protection point of view, you are still safe. Sophos Anti-Virus for Mac Home Edition continues to protect you (through its on-access scanner), checking any file you access for malware, including files restored from backup.

As our investigations continue we will provide further updates.

(Thanks to grahamperrin for pointing out I'd originally posted this in the wrong place.)

Regards,

spike

---

Agile wrote:

… option key …

---

Ah, Mac OS holds many surprises/pleasures when the option/alt key is used. 

(Was alt at one time short for alternative? I wonder.) 

Now, I don't know whether all users of Time Machine have an option to Verify Backups. Looking at http://support.apple.com/kb/HT4076 the feature is intended for Time Capsule-based Time Machine backups, so maybe the feature does nothing if the destination is some other type. 

Postscript

I never used Time Capsule, but long ago I did do Time Machine backups to Mac OS X Server. 

---

Alphaman wrote:

I've added my TM volume to the SAV exclusion list …

---

All: be aware that an exclusion for On-access Scanning is

not effective for Scan Local Drives. 

Pending the results of investigations by Sophos:

if your Time Machine backs up to a local volume — and if you Scan Local Drives — 

I should recommend setting the preference for that predefined scan to 

√ Log only (nothing more): 

Quoting from quote (1) at http://recoveringphysicist.com/17

> In our investigations and testing, we’’’’ve found

> no incompatibilities with Time Machine.

Tested: Sophos Anti-Virus Home Edition 7.2.1C; on Mac OS X Server 10.6.5 (definitely not the norm for a Home Edition of SAV); in a VirtualBox VM (experimental support for that OS); using SuperDuper! (maybe not a norm) to backup from, and restore to, a Time Machine volume; using Terminal to force deletion of files from a Time Machine backup; and so on: 

• so far, I have not reproduced any problem comparable to the concerns voiced in this topic
• I have seen behaviours that are surprising but not alarming
• for repeatable results, I suspect that working with a VM snapshot (including a Time Machine volume at a point in time) will be more reliable than attempting to use SuperDuper! or any comparable utility to attempt restoration of a Time Machine volume to a point in time. 

@grahamperrin: I do not see that option to "Verify Backups"; have never seen it. My drop-down menu from the TM icon in the menu bar looks like this: http://dl.dropbox.com/u/2222880/2010-11-15%2C10.18.14%20pm.pdf

[2010-11-16, 13:50 Z] Oh, Option. Cannot verify backups on the volume where I lost data -- by the time I noticed any problem the data were gone. Terminal's view of that disk a few days back, after several days of new backups, starting with a complete one from scratch: http://dl.dropbox.com/u/2222880/tmbu.txt

It was a Time Capsule on which I lost data. At this point I'm backing up to an external disk connected to that TC.

Just a follow up:

I got my Time Capsule Time Machine backup up and running again, after erasing the disk via the Airport Utility. Took me a while to backup all over again...

Sophos AV corrupted the Time Machine backup when I told the Quarantine Manager to clean the viruses on the Time Machine backup - this was DURING a Time Machine backup process; Sophos was popping up with virus alerts while backing up, so I decided to try to clean the Time Machine backup. (Sophos tried to clean off /Volumes/Data/My MacBook Pro.sparsebundle).

---

kdawson wrote:

I do not see that option to "Verify Backups" …

---

See above, http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/SAV-and-TimeMachine/m-p/795#M486

+1 for having to do a new Time Machine backup after running a scan!

Sophos detected a windows nasty in a spam email that had also been backed up to my network attached Time Machine, it "fixed" the problem by removing my old backup, the next time Time Machine ran it started sending 400+GB over wireless.. Grr.

---

technorandy wrote:

… network attached Time Machine …

---

Apple Time Capsule?

---

virus12321 wrote:

… I told the Quarantine Manager to clean the viruses on the Time Machine backup - this was DURING a Time Machine backup process; Sophos was popping up with virus alerts while backing up …

---

Interesting. 

Did all alerts relate to detections on the backup device?

Or did some alerts relate to items on your Mac, that were detected at the moment of (trying to) backup? 

---

virus12321 wrote:

…  I decided to try to clean the Time Machine backup. (Sophos tried to clean off /Volumes/Data/My MacBook Pro.sparsebundle).

---

Do you use Time Capsule? 

When you say

"clean off /Volumes/Data/My MacBook Pro.sparsebundle" 

do you mean that it tried to clean the .sparsebundle itself — treating the .sparsebundle as a single item?