Sophos 9.4 hanging on every scan

Sophos just jumped the first "hurdle" and continued past a spot it's hung before .... after setting excluded items *.dmg. ... Developing ...

To exclude your backups, you would either add an exclusion for the backups' location, or else you can go into the settings and disable archive scanning. Be careful with this though as it disables scanning *all* archives.

Also, I would like to add that that engineering is currently looking into this issue. Unfortunately we haven't managed to isolate the root cause but it is being looked at. Sorry to keep you all waiting - this issue has definitely been going on a lot longer than I would have liked, and I appreciate all your patience.

It seems to have something to do with archives and compressed files. I've been having this problem for a long time. When "Scan inside archives and compressed files" is turned off (by unchecking that box in preferences), the scans complete in short order. But when it is turned *on*, the scans always slow down severely at about the 90% completed point. For me this was always happens at approx 610,000 of 775,000 files scanned (no file names are displayed). From that point, it would slow down to the rate of about another 1,000 files scanned every 45 minutes or so. That calculates out to approx 48 hours to finish the scan! And my fans also start racing almost continuously from then on. So I always stopped it instead.

Trouble is, I have no idea if skipping scanning inside archives and compressed files might be missing potential threats. And I don't think it should take over 2 days to find out.

P.S. Sorry I missed Serra's entries from December 16, 2015 when I replied here. I certainly hope engineering can fix this. It's been a very long standing issue. And yes, probably not a good idea to exclude all archives and compressed files.

I don't find this the problem as I don't have "scan inside archives" blah blah blah set. I got it to work, again, on the 2015 MacMini, but not the 2009 MacBookPro both running El Capitan, both running the latest Sophos. I simply added *.dmg to both. I also added "basesystem.dmg" to the latter since it is hanging on that. No luck. I have rebooted. No luck.

I suspect the problem has multiple triggers then. FYI, I have an early 2011 MBP running El Capitan 10.11.2

It cannot get past something called basesystem.dmg

After uninstalling and reinstalling Sophos AV Home Edition for Mac, I'm now able to see some of the file names being scanned and iWork_9.3_Update.dmg is one of the files my scan hangs at for more than 2 minutes. What's even more mysterious is that even after having added this file to the exclusions (following the method you described above with the "+" and "Choose" buttons), it still repeatedly comes back and tries to scan this file. Actually. I am observing the same long repetitions for quite a few .dmg files, all in my Downloads folder. Though the "remaining files" number continues to count down at a crawl, this seems to be where the entire scan just stalls, repeatedly scanning these files!

P.S. I just noticed that when I added the iWork file to the Exclusions tab from the "Scans" window by clicking on "Scan Settings" (from the gear dropdown at the bottom of the Scans window), the file did NOT appear in the Exclusions tab in Preferences. I had to add it there additionally. Am trying another scan now to see if that works. I'll edit the outcome to this comment later. (I also added all the .dmg files in my Downloads folder to both Exclusions lists as well—totalling about 14 files.)

P.P.S. Ok, with the previously noted changes, with about 153,000 files remaining, the scan DID attempt to scan each of the excluded .dmg files. After about 5 minutes, it continued counting down to about 70,000 files remaining when it again appeared to repeat scanning each of the excluded .dmg files for about 5 minutes or more. At this point the repetition continued several times until I stopped the scan. Hope this helps engineering with a speedy solution.

And FYI, here is the log:

Sophos Anti-Virus
Product version: 9.4.1
Threat detection engine version: 3.63.1
Threat data version: 5.22
Release date: 08 December 2015
Detects 10436456 threats
Copyright © 1993-2012 Sophos Ltd. All rights reserved.

Using IDE files:
age-apdu.ide age-apie.ide age-apiq.ide age-apiu.ide age-apja.ide age-apjc.ide age-apjg.ide age-apjy.ide age-aplw.ide
age-aplz.ide age-apqp.ide andro-ew.ide andro-ez.ide auto-bgq.ide bank-gmw.ide bank-gmx.ide banl-cid.ide banl-cja.ide
banl-cjb.ide banl-cjr.ide bepush-a.ide blada-as.ide blada-at.ide chepro-z.ide chisb-ca.ide cidox-aq.ide cryakl-c.ide
delf-fzd.ide docd-ahr.ide docd-aii.ide docd-ajm.ide docd-ajn.ide docd-ajs.ide docd-aka.ide docd-akj.ide docd-akm.ide
docd-ali.ide docd-alk.ide docd-alq.ide docd-amf.ide docd-amo.ide docd-ano.ide docd-anq.ide docd-anu.ide docd-aoc.ide
docd-aof.ide docd-aou.ide docd-apo.ide docd-apr.ide docd-apu.ide dride-iu.ide dride-iz.ide dride-je.ide dride-ji.ide
dride-js.ide dride-ky.ide dwnl-mxz.ide dwnl-myk.ide dynam-cg.ide ecckrp-c.ide farei-uh.ide farei-ul.ide farei-um.ide
farei-un.ide farei-uq.ide farei-vd.ide farei-vr.ide farei-wu.ide farei-wz.ide farei-xs.ide farei-xy.ide fsysna-g.ide
gatak-y.ide gozi-t.ide hawkey-h.ide inje-bth.ide inje-btl.ide java-abh.ide java-abq.ide jsdld-ct.ide jsdow-bm.ide
jsdow-bn.ide kimsu-a.ide limit-es.ide malage-t.ide msil-exk.ide msil-exl.ide msil-exn.ide msil-exp.ide msil-eyi.ide
msil-eyt.ide msil-ezg.ide msil-ezx.ide msil-fai.ide msil-faj.ide msil-fax.ide msil-fay.ide msil-fdq.ide msili-jj.ide
neurev-z.ide nivdo-ae.ide nivdo-af.ide nivdo-am.ide nivdo-bg.ide nivdo-bj.ide nivdo-bx.ide pdfj-aiv.ide ramdo-am.ide
rans-bpm.ide rans-bpy.ide rans-bqm.ide rans-bqp.ide rans-bqx.ide rans-bqz.ide rans-bre.ide rans-bro.ide rans-bsb.ide
rans-bsk.ide rans-bsm.ide rans-bsp.ide rans-bss.ide rans-bsy.ide rans-btb.ide rans-btv.ide rans-bvc.ide ranso-dl.ide
rat-e.ide redlon-m.ide remexi-a.ide rovnix-s.ide shioto-g.ide skeey-an.ide slackb-d.ide sofacy-h.ide swfdl-n.ide
teslac-a.ide teslac-b.ide thudoo-a.ide tinba-dc.ide upatr-wq.ide vawtr-cq.ide vawtr-cx.ide vb-iwc.ide vb-iwy.ide
vb-ixd.ide vbinj-ma.ide vbinj-mi.ide vbinj-ml.ide vbs-if.ide vbzbo-de.ide vbzbo-di.ide vbzbo-dw.ide virtu-be.ide
wonknu-b.ide xtrat-am.ide yakbee-g.ide yakbee-u.ide yakes-ct.ide zbot-kgl.ide zbot-kgp.ide zbot-kgt.ide zbot-kgy.ide
zbot-khd.ide zbot-khx.ide zbot-kih.ide zbot-kit.ide zegos-if.ide zeus-c.ide

Scan name: "Scan Local Drives"
Scan items:
Exclusions:
Path: "/Users/Jeff/Downloads/iWork_9.3_Update.dmg"
Path: "/Users/Jeff/Downloads/YummyFTP.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2014.4-AP-20-15.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2013.5-AP-21-14.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2012-2.1-AP-12-13.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2011-OC-2-12.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2010.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2009.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2008.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2007.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2006.dmg"
Path: "/Users/Jeff/Downloads/MBAM-Mac-1.1.3.72.dmg"
Path: "/Users/Jeff/Downloads/maccleanse.dmg"
Path: "/Users/Jeff/Downloads/ClamXav_2.8.7.dmg"
Path: "/Users/Jeff/Downloads/avast_free_mac_security_online.dmg"
Path: "/Users/Jeff/Downloads/AlesisFirewireMountainLionDriver8:19:11[v3.5.6].dmg"
Configuration:
Scan inside archives and compressed files: Yes
Automatically clean up threats: No
Scan for adware and potentially unwanted applications (PUA): Yes
Automatically clean up adware and potentially unwanted applications (PUA): No
Action on infected files: Report only
Live Protection enabled: Yes

Scan started at 2015-12-17 19:59:23 -0500

New volume detected at /
2015-12-17 20:11:23 -0500 Corrupt file: /private/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/com.apple.SoftwareUpdate/CFNetworkDownload_GRPaZO.tmp
Scan cancelled at 2015-12-17 20:45:08 -0500

****************************************************************

I just tried a scan with "Scan inside archives and compressed files" turned OFF in the Options tab of the Scan Settings accessed from the Gear dropdown at the bottom of the Scans window and the scan completed without a hitch in about an hour and a half. So it seems the exclusions were ignored this time with "inside archives..." turned off. There were however 13 issues which you can see in this log. Maybe you can explain them?:

Sophos Anti-Virus
Product version: 9.4.1
Threat detection engine version: 3.63.1
Threat data version: 5.22
Release date: 08 December 2015
Detects 10436473 threats
Copyright © 1993-2012 Sophos Ltd. All rights reserved.

Using IDE files:
age-apdu.ide age-apie.ide age-apiq.ide age-apiu.ide age-apja.ide age-apjc.ide age-apjg.ide age-apjy.ide age-aplw.ide
age-aplz.ide age-apqp.ide andro-ew.ide andro-ez.ide auto-bgq.ide bank-gmw.ide bank-gmx.ide banl-cid.ide banl-cja.ide
banl-cjb.ide banl-cjr.ide bepush-a.ide blada-as.ide blada-at.ide chepro-z.ide chisb-ca.ide cidox-aq.ide cryakl-c.ide
delf-fzd.ide docd-ahr.ide docd-aii.ide docd-ajm.ide docd-ajn.ide docd-ajs.ide docd-aka.ide docd-akj.ide docd-akm.ide
docd-ali.ide docd-alk.ide docd-alq.ide docd-amf.ide docd-amo.ide docd-ano.ide docd-anq.ide docd-anu.ide docd-aoc.ide
docd-aof.ide docd-aou.ide docd-apo.ide docd-apr.ide docd-apu.ide dride-iu.ide dride-iz.ide dride-je.ide dride-ji.ide
dride-js.ide dride-ky.ide dwnl-mxz.ide dwnl-myk.ide dynam-cg.ide ecckrp-c.ide farei-uh.ide farei-ul.ide farei-um.ide
farei-un.ide farei-uq.ide farei-vd.ide farei-vr.ide farei-wu.ide farei-wz.ide farei-xs.ide farei-xy.ide fsysna-g.ide
gatak-y.ide gozi-t.ide hawkey-h.ide inje-bth.ide inje-btl.ide java-abh.ide java-abq.ide jsdld-ct.ide jsdow-bm.ide
jsdow-bn.ide kelih-ag.ide kimsu-a.ide limit-es.ide malage-t.ide msil-exk.ide msil-exl.ide msil-exn.ide msil-exp.ide
msil-eyi.ide msil-eyt.ide msil-ezg.ide msil-ezx.ide msil-fai.ide msil-faj.ide msil-fax.ide msil-fay.ide msil-fdq.ide
msili-jj.ide neurev-z.ide nivdo-ae.ide nivdo-af.ide nivdo-am.ide nivdo-bg.ide nivdo-bj.ide nivdo-bx.ide pdfj-aiv.ide
ramdo-am.ide rans-bpm.ide rans-bpy.ide rans-bqm.ide rans-bqp.ide rans-bqx.ide rans-bqz.ide rans-bre.ide rans-bro.ide
rans-bsb.ide rans-bsk.ide rans-bsm.ide rans-bsp.ide rans-bss.ide rans-bsy.ide rans-btb.ide rans-btv.ide rans-bvc.ide
ranso-dl.ide rat-e.ide redlon-m.ide remexi-a.ide rovnix-s.ide shioto-g.ide skeey-an.ide slackb-d.ide sofacy-h.ide
swfdl-n.ide teslac-a.ide teslac-b.ide thudoo-a.ide tinba-dc.ide upatr-wq.ide vawtr-cq.ide vawtr-cx.ide vb-iwc.ide
vb-iwy.ide vb-ixd.ide vbinj-ma.ide vbinj-mi.ide vbinj-ml.ide vbs-if.ide vbzbo-de.ide vbzbo-di.ide vbzbo-dw.ide
virtu-be.ide wonknu-b.ide xtrat-am.ide yakbee-g.ide yakbee-u.ide yakes-ct.ide zbot-kgl.ide zbot-kgp.ide zbot-kgt.ide
zbot-kgy.ide zbot-khd.ide zbot-khx.ide zbot-kih.ide zbot-kit.ide zegos-if.ide zeus-c.ide

Scan name: "Scan Local Drives"
Scan items:
Exclusions:
Path: "/Users/Jeff/Downloads/iWork_9.3_Update.dmg"
Path: "/Users/Jeff/Downloads/YummyFTP.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2014.4-AP-20-15.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2013.5-AP-21-14.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2012-2.1-AP-12-13.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2011-OC-2-12.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2010.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2009.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2008.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2007.dmg"
Path: "/Users/Jeff/Downloads/TaxTron2006.dmg"
Path: "/Users/Jeff/Downloads/MBAM-Mac-1.1.3.72.dmg"
Path: "/Users/Jeff/Downloads/maccleanse.dmg"
Path: "/Users/Jeff/Downloads/ClamXav_2.8.7.dmg"
Path: "/Users/Jeff/Downloads/avast_free_mac_security_online.dmg"
Path: "/Users/Jeff/Downloads/AlesisFirewireMountainLionDriver8:19:11[v3.5.6].dmg"
Configuration:
Scan inside archives and compressed files: No
Automatically clean up threats: Yes
Scan for adware and potentially unwanted applications (PUA): Yes
Automatically clean up adware and potentially unwanted applications (PUA): Yes
Action on infected files: Move to folder at path "/Users/Jeff/Desktop/Threats not cleaned"
Live Protection enabled: Yes

Scan started at 2015-12-18 00:47:04 -0500

New volume detected at /
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~Keynote/.ginger
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~mail/Data/MailData/Signatures/ubiquitous_19BBE9BE-199F-43A4-9551-F5282E781FA1.mailsignature
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~mail/Data/MailData/Signatures/ubiquitous_1EDFC9E2-28A5-4AB7-B270-231768908368.mailsignature
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~mail/Data/MailData/Signatures/ubiquitous_A26959AE-3F11-4720-9FF7-FA584D0A8BE0.mailsignature
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~mail/Data/MailData/Signatures/ubiquitous_AllSignatures.plist
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~mail/Data/MailData/Signatures/ubiquitous_FC0160A1-A280-4BE0-B127-ACE20285F7F1.mailsignature
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~mail/Data/MailData/ubiquitous_SyncedRules.plist
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~mail/Data/MailData/ubiquitous_SyncedSmartMailboxes.plist
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~Numbers/.ginger
2015-12-18 01:14:57 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~Pages/.ginger
2015-12-18 01:14:58 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~Pages/iWorkPreviews/Blank.jpg
2015-12-18 01:14:58 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~Pages/iWorkPreviews/Untitled.jpg
2015-12-18 01:14:58 -0500 Corrupt file: /Users/Jeff/Library/Mobile Documents.127842904/com~apple~TextInput/Dictionaries/.baseline/UserDictionary/SAlQVUhF7208e6_gvZx_zdKx1U1AzKGem3HO2pLKjgY=/baseline.zip

Scan completed at 2015-12-18 01:15:44 -0500.
650453 files scanned, 0 items detected, 13 issues

Has there been any update to this? Any additional diagnostic or troubleshooting steps we can take? We're trying to be patient but the lack of answers is worrisome.

I've heard nothing yet from any admins. It seems Sophos is dropping the ball on support for their free app. I don't understand why there hasn't even been a progress report on these issues. And the new online version (Sophos Home) is, IMO, no better.