This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos apparently has trouble dealing with "deleted" messages

For whatever reason, Sophos constantly lists a "MyDoom" virus in the Quarantine Manager -- even after running a scan.

Here is one excerpt from /Library/Logs/Sophos Anti-Virus.log:

com.sophos.intercheck: 2011-05-20 13:02:54 -0400 Threat: 'Mal/BredoZp-B' detected in /Users/magill/Library/Mail/IMAP-magill@spacecat.mcgillsociety.org/Mail/Incoming.imapmbox/Attachments/156108/2/FedEx mail.zip

com.sophos.intercheck: Access to the file denied

com.sophos.intercheck:

com.sophos.intercheck: 2011-05-20 13:02:59 -0400 Threat: 'Mal/ZipMal-B' detected in /Users/magill/Library/Mail/IMAP-magill@spacecat.mcgillsociety.org/Mail/Incoming.imapmbox/Attachments/156063/2/letter.zip

com.sophos.intercheck: Access to the file denied

com.sophos.intercheck:

com.sophos.intercheck: 2011-05-20 13:02:59 -0400 Threat: 'W32/MyDoom-O' detected in /Users/magill/Library/Mail/IMAP-magill@spacecat.mcgillsociety.org/Mail/Incoming.imapmbox/Attachments/156047/2/mail.zip

com.sophos.intercheck: Access to the file denied

com.sophos.intercheck: Scan of local drives required to complete cleanup

com.sophos.intercheck:

com.sophos.intercheck: 2011-05-20 13:03:45 -0400 Threat: 'Mal/BredoZp-B' detected in /Users/magill/Library/Mail/IMAP-magill@spacecat.mcgillsociety.org/Mail/Notify.imapmbox/Attachments/156112/3.3.2.2/FedEx mail.zip

com.sophos.intercheck: Access to the file denied

All of these entries are generated (one assumes) when Sophos first scans the incoming mail on launch of the Mail app.

I have my own IMAP server, as well as using procmail to sort incoming mail into various inboxes.

I have a high volume of mail, perhaps 100+ messages a day.

I happen to have the mail app flag junk mail.

If I read mail and delete messages, most of these detected items wind up being deleted without being read.

I routinely empty the trash multiple times during a reading session.

When I'm done (and the trash emptied) I run Scan Local Drives:

Scan name: "mail + java"

Scan items: Path: /Users/magill/Library/Mail enabled: yes

Path: /Users/magill/Library/Caches/Java enabled: yes

Configuration:Scan inside archives and compressed files: Yes

Automatically clean up threats: No

Action on infected files: Delete

It invariably reports: 21524 items scanned, 0 threats detected, 0 issues

However, the Quarantine Manager still reports: MyDoom as an entry. All of the other entries are cleared.

If I mouse over the Threat details section, I see an assortment of attachments, none of which still exist.

This thread was automatically locked due to age.

Parents

0 Agile over 14 years ago

Thank you for the update; I'll make sure dev support knows about this thread next week. I'm still not sure exactly what's going on, as I've attempted to replicate this on a minor scale and found that the Quarantine Manager correctly cleared the items for me after I'd deleted them. This definitely looks like it needs closer attention.
One question: are you purging the files from your IMAP server on re-sync, or do they get pulled down and cached locally like a rich-man's popmail service?
:1002791
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Agile over 14 years ago

Thank you for the update; I'll make sure dev support knows about this thread next week. I'm still not sure exactly what's going on, as I've attempted to replicate this on a minor scale and found that the Quarantine Manager correctly cleared the items for me after I'd deleted them. This definitely looks like it needs closer attention.
One question: are you purging the files from your IMAP server on re-sync, or do they get pulled down and cached locally like a rich-man's popmail service?
:1002791
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data