Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 9 subscribers
  • Views 1239 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos flagging 'malware' incorrectly?

Carl Weiss

Back in November, there was a problem with an npm - flatmap-stream (v 0.1.1) - (github.com/.../116) which introduced malware related to CoPay (you can read the details in the link provided). The issue was addressed in 0.1.2 and then ultimately it was determined that the 'bad actors' code was an artificial dependency and was completely removed. The problem is at this point - Sophos is still flagging 0.1.2 as containing the malware (although there is no execution path to that code). Symantec as well does flag (and cleans) 0.1.1 BUT it does allows downloading of 0.1.2 (which seems correct). I am wondering - other than just looking at the js files in the node module for a particular signature - how did Sophos determine that v 0.1.2 also contains malware?

 

Thanks

Carl



This thread was automatically locked due to age.
  • 0

    Hello Carl,

    could you provide the details of this flagging? AFAIK protection for Linux is essentially the basic AV, with the addition of MTD in SAV 10.x for Central managed servers. MTD observes actual communication though and is thus "version agnostic". I'm not aware that Sophos flags a particular version of a file or a package just because of the version but I'm not up-to-date regarding Server Protection and especially 10.x and their current features.

    Christian

Unfiltered HTML