Quarantined file disappeared from the manager

I was going to start a new discussion, but for some reason the New Message button is not active for me now in either Safari of Firefox.

I just found something odd: I noticed Sophos had run, and when I clicked on it in the Dock, the QM opened. There were 4 files listed and 3 quickly vanished, while 1 remained, identified as Mal/ObfJS-B. When I clicked the name, the corresponding Sophos page opened in Safari, and on that page I found the submission link.

The path for the threat was in the Firefox cache, and I decided to copy it to a new Quarantine folder so I'd have a sample - I didn't want to move or delete this file before I checked it out more. But when I try to copy it, I get an error message every time: The operation couldn’’’’t be completed. (OSStatus error -128).

This is happening in Path Finder, which I use instead of Finder whenever possible. The name of this file is B9031d01, and has no extension but is listed as a document.

I was unable to open it with TextEdit - says I don't have permissions, even though the owner and group are the usual document permissions.

Anyway, the preview pane in Path Finder only shows a blank page for this file, I can't see any text or get any insight as to what's in it.
When I scan this file in Path Finder, a threat is shown every time.
So I cheched this file in Finder and it got interesting:
In Finder, it shows up a tiny little image from some website I've visited. When I scan this file in Finder, there is no threat shown.

I can open this image in Preview.

Now I'm wondering if there's some sort of conflict between Sophos and Path Finder, that doesn't allow proper scanning or misidentifies files as threats.
I recovered the 2 gifs from Time Machine that Sophos had previously identified as threats, and when I scan them now, Sophos does not identify them as threats, either in Finder or Path Finder.

The image that is being identified as a threat in the Firefox cache, is the IconsPedia logo at the very top left of this page Iconspedia.

Sophos keeps alerting on this every time it runs. I downloaded the logo and scanned it, and no threats are found (as expected).

Why does Sophos think it's a threat in the FF cach in Path Finder, but not in a different folder in Path Finder and not in Finder?

I tried to include screenshots, but they aren't showing up - something wrong with this forum. I tried 3 image hosting sites, but nothing shows up when I use the Insert/edit Image button.

Thank you for the added feedback; it does indeed look like an issue between the Quarantine Manager and Path Finder from what you're describing.  It seems like the QM is getting the wrong files listed for the detection -- is locking them for access (which is what the QM is supposed to do) and then the actual threat is flushed from the cache, removing the detection from the QM.  This is just my subjective take on the situation though; I'll see if it can be replicated, and if it can, I'll forward the issue on to the product team.

I thought it might be Sophos that was preventing me from copying the suspicious file, so I rebooted in Safe Mode and then I was able to copy the file to a Quarantine folder.

Now when I scan the copy in either Finder or Path Finder, it shows up as a threat, and Finder no longer shows a preview of the image, just a blank document as in Path Finder.

I just submitted this file for you to check out. I had to subit it several times - I kept getting a Timed Out page, even though the file is only 90kb.

I turned off the on-access scanner because the warning window kept appearing while I was trying to submit the file, and then it was successfuly submitted.

Evidently, the file in my FF cache folder is a real threat, although only for Windoze, so it's harmless to my Mac.

Very odd that the other day Finder showed it to be an image, and later just a document. I'm wondering if I accidently viewed the wrong file in Finder the first time.

Last night while running a system scan (including archives), Sophos identified another file as a threat, Mal/JavaGen-F. This program was included as part of free software on a Western Digital external drive I bought 4 years ago. I'm not really sure this should be listed as Viruses and Spyware on the Sophos website, but it is. From what I read during a quick search for MioNet, it is not a virus or spyware, although someone said that  "some malware camouflage themselves as MioNetManager.exe."

Anyway, more to original topic of this thread is the fact that these threats are staying in the window, not vanishing, allowing me to see their location and decide how to handle them. Not sure what, if anything has changed, perhaps the files that vanished before were suspicious but weren't able to be identified as a known threat, so they were logged then rermoved from the window? 

---

Anyway, more to original topic of this thread is the fact that these threats are staying in the window, not vanishing, allowing me to see their location and decide how to handle them. Not sure what, if anything has changed, perhaps the files that vanished before were suspicious but weren't able to be identified as a known threat, so they were logged then rermoved from the window? 

---

I'm not sure what changed either, but that original behaviour was definitely non-standard.  Unfortunately the product isn't  yet smart enough to remove files if they don't reach a certain suspicion threshold -- currently anything suspicious under OS 8 will be logged silently (if the option's enabled) but will not show up in the QM.  This way, us analysts can write active detection for the file, but you don't get stuck with a bunch of false detections.

So the glitch is still a mystery....

Good to hear that everything is working as designed now, though.