Real time on-access exclusions being ignored

---

santrix wrote:
I've been using Sophos AV on Mac for years, but I can't take it any more - it's a shame as it's an excellent product, but on all five of the macs used by my family, we have the same problem. Emails that arrive containing infected attachments always bring up an alert box, despite the ~/Library/Mail/V2/IMAP-me@redacted.com/[Gmail].mbox/Spam.mbox/ path being whitelisted in the preferences (note the trailing slash). As we use google apps for our mail, the spam folder receives a handful of malware every day, and having to deal with these alerts is unnecessarily distracting. It's functionality that has been broken now for over 2 years - snow leaopard, lion, mountain lion, mavericks, yosemite - all broken. Worse still, the actual quarantine window often doesn't even record a path for the files concerned, so it's laborious to track them down.

---

Thanks for the note, and the compliemnt. I strongly suspect the problem is that we don't support the tilde in exclusions - you would need to specify the full path explicitly or use wildcards. Just checked on my own machine, if I use the path of "/Users/bobcook/Mail/V2/" I'm able to avoid undesirable detections, and same if I use "/Users/*/Library/Mail/V2/". Obviously your exclusion of just the Spam.mbox directory is even better, but I just wanted to prove its working as implemented.

The reason for this limitation about the tilde is because the scanner is not running in the same context as a regular user, so the normal tilde meaning doesn't really apply. On the other hand, it could be argued that the software could be smarter about this - e.g. perhaps automatically map "~/" to be "/Users/*/" or something. Alternatively we could warn you or disallow entering the tilde character at the start of the path. Its definitely confusing.

---

santrix wrote:
I've been using Sophos AV on Mac for years, but I can't take it any more - it's a shame as it's an excellent product, but on all five of the macs used by my family, we have the same problem. Emails that arrive containing infected attachments always bring up an alert box, despite the ~/Library/Mail/V2/IMAP-me@redacted.com/[Gmail].mbox/Spam.mbox/ path being whitelisted in the preferences (note the trailing slash). As we use google apps for our mail, the spam folder receives a handful of malware every day, and having to deal with these alerts is unnecessarily distracting. It's functionality that has been broken now for over 2 years - snow leaopard, lion, mountain lion, mavericks, yosemite - all broken. Worse still, the actual quarantine window often doesn't even record a path for the files concerned, so it's laborious to track them down.

---

Thanks for the note, and the compliemnt. I strongly suspect the problem is that we don't support the tilde in exclusions - you would need to specify the full path explicitly or use wildcards. Just checked on my own machine, if I use the path of "/Users/bobcook/Mail/V2/" I'm able to avoid undesirable detections, and same if I use "/Users/*/Library/Mail/V2/". Obviously your exclusion of just the Spam.mbox directory is even better, but I just wanted to prove its working as implemented.

The reason for this limitation about the tilde is because the scanner is not running in the same context as a regular user, so the normal tilde meaning doesn't really apply. On the other hand, it could be argued that the software could be smarter about this - e.g. perhaps automatically map "~/" to be "/Users/*/" or something. Alternatively we could warn you or disallow entering the tilde character at the start of the path. Its definitely confusing.