Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 3439 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False negatives?

josephtenzin

Just installed Sophos Anti-Virus Home Edition.

Updated the virus list.

Ran local drive scan.

Results-No Threats Detected

But 4 days ago I ran ClamXav and it found 37 contaminated files:  phsing, Trojan etc.  Did not do anything with the files since removal on ClamXav requires a level of skill that is beyond me.

Why did Sophos miss these files?

Your help is much appreciated.

:1012010


This thread was automatically locked due to age.
Parents
  • 0

    Hello Christian,

    Here is the list of "infected" files.

    I could not find a way to get the Console Scan Log to attach.  Sorry.


    Again, many thanks for your help with this.


    Joseph

    FilenameInfection NameStatus

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import/INBOX.mbox/Messages/10560.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import/INBOX.mbox/Messages/22216.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26470.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26489.emlxSuspect.Bredozip-zippwd-6

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26957.emlxEmail.Trojan-256

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27005.emlxEmail.Trojan-256

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27257.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27260.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27349.emlxEmail.Trojan-274

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27405.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27662.emlxEmail.Trojan-292

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28106.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28364.emlxHeuristics.Phishing.Email.SSL-Spoof

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28449.emlxHeuristics.Phishing.Email.SSL-Spoof

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28459.emlxEmail.Phishing.Blackhole-3

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28543.emlxEmail.Phishing.Card-29

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28599.emlxHeuristics.Phishing.Email.SSL-Spoof

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28622.emlxEmail.Phishing.Blackhole-3

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28656.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28685.emlxEmail.Phishing.Webmail-54

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28710.emlxEmail.Phishing.Webmail-54

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28726.emlxEmail.Phishing.Blackhole-2

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29044.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29045.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29048.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29245.emlxEmail.FBI.Scam

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29441.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/40449.emlxEmail.Phishing.DHL

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/40821.emlxTrojan.Downloader.FraudLoad-70

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/185.emlxWin.Trojan.Androm-66

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/187.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/218.emlxSuspect.DoubleExtension-zippwd-15

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/221.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/3318.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/40868.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/41447.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/415.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/42227.emlxEmail.Trojan-290

    Starting scan…

    ----------- SCAN SUMMARY -----------

    Known viruses: 2163592

    Engine version: 0.97.6

    Scanned directories: 27504

    Scanned files: 104259

    Infected files: 38

    Data scanned: 30234.80 MB

    Data read: 19517.10 MB (ratio 1.55:1)

    Time: 4607.627 sec (76 m 47 s)

    One or more infected files were found, but were left where they are.  You can either deal with them yourself, or scan again with the preferences set to move them into a different folder.

    **Also had an error message about trying to open a Screensaver file.  I did not copy the message.

    :1012044
Reply
  • 0

    Hello Christian,

    Here is the list of "infected" files.

    I could not find a way to get the Console Scan Log to attach.  Sorry.


    Again, many thanks for your help with this.


    Joseph

    FilenameInfection NameStatus

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import/INBOX.mbox/Messages/10560.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import/INBOX.mbox/Messages/22216.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26470.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26489.emlxSuspect.Bredozip-zippwd-6

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26957.emlxEmail.Trojan-256

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27005.emlxEmail.Trojan-256

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27257.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27260.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27349.emlxEmail.Trojan-274

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27405.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27662.emlxEmail.Trojan-292

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28106.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28364.emlxHeuristics.Phishing.Email.SSL-Spoof

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28449.emlxHeuristics.Phishing.Email.SSL-Spoof

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28459.emlxEmail.Phishing.Blackhole-3

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28543.emlxEmail.Phishing.Card-29

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28599.emlxHeuristics.Phishing.Email.SSL-Spoof

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28622.emlxEmail.Phishing.Blackhole-3

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28656.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28685.emlxEmail.Phishing.Webmail-54

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28710.emlxEmail.Phishing.Webmail-54

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28726.emlxEmail.Phishing.Blackhole-2

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29044.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29045.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29048.emlxHeuristics.Phishing.Email.SpoofedDomain

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29245.emlxEmail.FBI.Scam

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29441.emlxEmail.Trojan-234

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/40449.emlxEmail.Phishing.DHL

    /Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/40821.emlxTrojan.Downloader.FraudLoad-70

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/185.emlxWin.Trojan.Androm-66

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/187.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/218.emlxSuspect.DoubleExtension-zippwd-15

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/221.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/3318.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/40868.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/41447.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/415.emlxEmail.Trojan-465

    /Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/42227.emlxEmail.Trojan-290

    Starting scan…

    ----------- SCAN SUMMARY -----------

    Known viruses: 2163592

    Engine version: 0.97.6

    Scanned directories: 27504

    Scanned files: 104259

    Infected files: 38

    Data scanned: 30234.80 MB

    Data read: 19517.10 MB (ratio 1.55:1)

    Time: 4607.627 sec (76 m 47 s)

    One or more infected files were found, but were left where they are.  You can either deal with them yourself, or scan again with the preferences set to move them into a different folder.

    **Also had an error message about trying to open a Screensaver file.  I did not copy the message.

    :1012044
Children
No Data