Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 10 subscribers
  • Views 2716 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

We are seeing IMG files not being scanned correctly.

nhidalgo

This file came through as a IMG file.  The user mounted it and contained an .exe malware file.  Is it possible to make Sophos scan these as they are currently not detecting it.

 

https://www.virustotal.com/gui/file/0b870bdee59bf37923b12c6fc93832c14620172ea2b010ad65c4f4cb40502e97/detection

 

 



This thread was automatically locked due to age.
Parents

  • Hi nhidalgo,

    As correctly pointed out by QC, The IMG FILE is a perfectly safe Disc Image file which cannot infect a machine by its own. Unless there are manual actions taken on it like Mounting and Execution [SAV blocks the execution immediately], there is no point having a detection on this file. 

    What's of interest is the Executable file inside of it. If you Extract the IMG using 7ZIP, the executable will immediately be quarantined before it could be executed. Hence it depends on different vendors on how they want to tackle/detect/clean this particular IMG file. 

    Thanks,

    Vikas

Reply

  • Hi nhidalgo,

    As correctly pointed out by QC, The IMG FILE is a perfectly safe Disc Image file which cannot infect a machine by its own. Unless there are manual actions taken on it like Mounting and Execution [SAV blocks the execution immediately], there is no point having a detection on this file. 

    What's of interest is the Executable file inside of it. If you Extract the IMG using 7ZIP, the executable will immediately be quarantined before it could be executed. Hence it depends on different vendors on how they want to tackle/detect/clean this particular IMG file. 

    Thanks,

    Vikas

Children
No Data
Unfiltered HTML