Just installed Sophos Anti-Virus Home Edition.
Updated the virus list.
Ran local drive scan.
Results-No Threats Detected
But 4 days ago I ran ClamXav and it found 37 contaminated files: phsing, Trojan etc. Did not do anything with the files since removal on ClamXav requires a level of skill that is beyond me.
Why did Sophos miss these files?
Your help is much appreciated.
Hello josephtenzin,
very unlikely that Sophos misses a number of genuine threats. There's a grey area - especially with generic detections - where you can't really tell if that "something" is harmful or not. Either decision could be false. Has ClamXav's log been removed with the application? If not, you should check what the detections mean and if they indeed are definite (as opposed to generic) detections please send the samples to Sophos.(please see the sticky topic on this board for details).
Christian
Hello Joseph,
if you can remember which files were flagged you could send them as samples. If you can't or you're not sure then the best option is probably to run ClamXav once more (the App should do). BTW it might be that the detections were in an application's (e.g.Mail, Safari) cache or temporary location and have since been removed.
Christian
Hello Joseph,
I'd suggest you just post the list of detections and associated files here (ideally the relevant lines from the log). Might be possible that this is sufficient to explain what you observe - if not it'd help to suggest further action.
Christian
Hello Christian,
Here is the list of "infected" files.
I could not find a way to get the Console Scan Log to attach. Sorry.
Again, many thanks for your help with this.
Joseph
FilenameInfection NameStatus
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import/INBOX.mbox/Messages/10560.emlxHeuristics.Phishing.Email.SpoofedDomain
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import/INBOX.mbox/Messages/22216.emlxHeuristics.Phishing.Email.SpoofedDomain
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26470.emlxEmail.Trojan-234
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26489.emlxSuspect.Bredozip-zippwd-6
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/26957.emlxEmail.Trojan-256
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27005.emlxEmail.Trojan-256
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27257.emlxEmail.Trojan-234
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27260.emlxEmail.Trojan-234
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27349.emlxEmail.Trojan-274
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27405.emlxEmail.Trojan-234
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/27662.emlxEmail.Trojan-292
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28106.emlxEmail.Trojan-234
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28364.emlxHeuristics.Phishing.Email.SSL-Spoof
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28449.emlxHeuristics.Phishing.Email.SSL-Spoof
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28459.emlxEmail.Phishing.Blackhole-3
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28543.emlxEmail.Phishing.Card-29
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28599.emlxHeuristics.Phishing.Email.SSL-Spoof
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28622.emlxEmail.Phishing.Blackhole-3
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28656.emlxHeuristics.Phishing.Email.SpoofedDomain
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28685.emlxEmail.Phishing.Webmail-54
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28710.emlxEmail.Phishing.Webmail-54
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/28726.emlxEmail.Phishing.Blackhole-2
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29044.emlxHeuristics.Phishing.Email.SpoofedDomain
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29045.emlxHeuristics.Phishing.Email.SpoofedDomain
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29048.emlxHeuristics.Phishing.Email.SpoofedDomain
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29245.emlxEmail.FBI.Scam
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/29441.emlxEmail.Trojan-234
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/40449.emlxEmail.Phishing.DHL
/Users/josephlracheljrphd/Library/Mail/Mailboxes/Import-2/Sent Messages.mbox/Messages/40821.emlxTrojan.Downloader.FraudLoad-70
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/185.emlxWin.Trojan.Androm-66
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/187.emlxEmail.Trojan-465
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/218.emlxSuspect.DoubleExtension-zippwd-15
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/221.emlxEmail.Trojan-465
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/3318.emlxEmail.Trojan-465
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/40868.emlxEmail.Trojan-465
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/41447.emlxEmail.Trojan-465
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/415.emlxEmail.Trojan-465
/Users/josephlracheljrphd/Library/Mail/POP-shm-jlr@pop.atsat.com/Deleted Messages.mbox/Messages/42227.emlxEmail.Trojan-290
Starting scan…
----------- SCAN SUMMARY -----------
Known viruses: 2163592
Engine version: 0.97.6
Scanned directories: 27504
Scanned files: 104259
Infected files: 38
Data scanned: 30234.80 MB
Data read: 19517.10 MB (ratio 1.55:1)
Time: 4607.627 sec (76 m 47 s)
One or more infected files were found, but were left where they are. You can either deal with them yourself, or scan again with the preferences set to move them into a different folder.
**Also had an error message about trying to open a Screensaver file. I did not copy the message.
Hello Joseph,
thanks, this is fine.
All suspect items seem to be mail messages. Likely they all fall into one of the following categories (this is my personal view only, I'm not Sophos):
This is just a quick reply - feel free to ask if you have further questions
Christian
Hello Christian,
Thank you so much.
Sophos seems to be doing its job.
In your opinion, do I need to go to more robust AV software or is this really enough for my Macs?
That question asked, I found ClamXav too complex for my skills in knowing what to do with the "infected" files.
I even found emails from the author of ClamXav saying to be very careful about quarenteening files. That ones entire mail box could be pullend into quarenteen and not be recoverable.
Seems a bit extreme for AV protection.
So, is Sophos enough for my needs. Your opinion please.
Many thanks,
Joseph
