Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 3439 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False negatives?

josephtenzin

Just installed Sophos Anti-Virus Home Edition.

Updated the virus list.

Ran local drive scan.

Results-No Threats Detected

But 4 days ago I ran ClamXav and it found 37 contaminated files:  phsing, Trojan etc.  Did not do anything with the files since removal on ClamXav requires a level of skill that is beyond me.

Why did Sophos miss these files?

Your help is much appreciated.

:1012010


This thread was automatically locked due to age.
Parents
  • 0

    Hello Joseph,

    thanks, this is fine.

    All suspect items seem to be mail messages. Likely they all fall into one of the following categories (this is my personal view only, I'm not Sophos):

    • messages where the malware is in an attachment - Sophos does not decode mail messages and the contained attachments. These can do no harm as long as they are not extracted and passed to the OS or an application - at which point they will be scanned and if necessary dealt with
    • Scam and Phishing which does not involve "active technologies" and dynamic content (HTML, scripts ...) or attachments (see above) - this is simply beyond the intended functionality of the product
    • messages where the detection is based on the analysis of the message headers (e.g. Heuristics.Phishing.Email.SpoofedDomain)

    This is just a quick reply - feel free to ask if you have further questions

    Christian

    :1012046
Reply
  • 0

    Hello Joseph,

    thanks, this is fine.

    All suspect items seem to be mail messages. Likely they all fall into one of the following categories (this is my personal view only, I'm not Sophos):

    • messages where the malware is in an attachment - Sophos does not decode mail messages and the contained attachments. These can do no harm as long as they are not extracted and passed to the OS or an application - at which point they will be scanned and if necessary dealt with
    • Scam and Phishing which does not involve "active technologies" and dynamic content (HTML, scripts ...) or attachments (see above) - this is simply beyond the intended functionality of the product
    • messages where the detection is based on the analysis of the message headers (e.g. Heuristics.Phishing.Email.SpoofedDomain)

    This is just a quick reply - feel free to ask if you have further questions

    Christian

    :1012046
Children
No Data