Sophos detected a virus Mal/Phish-A is located in the file "containers” of a "Library”. Sophos seems unable to Clean Up Threat. I am administrator of this machine, but the access of "containers” is forbidden for me. How could I get rid of yhis virus?
I use Mac OS X.9.3 on a MacBookPro.
Hi Rachinc,
I have had issues with the Quarantine Manager window as well. It is fixed and can't be re-sized so long paths can't be viewed. I'm sure that on an earlier version of SAV the file path was clickable and would expand. It seems that this feature has been removed, accidently or otherwise. It is crazy that finding a reported threat is so obtuse. Also. I have had Quarantine Manager hang up and not apparently do anything after clicking the Cleanup button. As for the Show In Finder, perhaps the threat HAS been cleaned up which means the file has been deleted and can't be displayed (but the QM display has not been refreshed). Anyway, enough of speculation.
If I knew whether the threat had been detected by the on-access scanner or the main GUI scan it would be easier to diagnose but I suspect you may not know?
1) To check the on-access scanner logs
Select "Open Preferences" from the Sophos shield icon menu at the right hand side of the menubar (top of screen)
Click the Logging icon at the right hand side of the preferences window
Then click the View LOg Contents button.
This will be mostly full of AutoUpdate reports and lists of ide files.
Use the COMMAND/F shortcut to open the Find box where you can enter "threat"
If a threat was reported by on-access it will be shown in this log. There may well be more than one entry. Use the right arrow to navigate to the most recent which I guess may be the one you have listed in QM.
Anyway it will show the full file path.
The other option is that the threat was detected by a GUI scan. In which case:
2) To check the GUI scanner logs
We can try some investigation using the Console app.
Launch Console from Applicatiolns/Utilities.
You should see a list of logs on the lefthand side. If not, select Show Log List from the View menu.
In this log list use the reveal triangles to bury down: LOG FILES ---> ~/LibraryLogs (N.B. ~/Library differs from /Library) ---> Sophos Anti-Virus ---> Scans
Each type of scan has a name. The main one "Scan this Mac" is called "Scan Local Drives" in the log list.
There may be others if you have created any custom scans.
Each scan name will have a list of all its logs beneath it. You need to check the most recent of these probably and any threat will have the full path listed.
Hope this helps somewhat. I realise it's rather convoluted but the Quarantine Manager interface leaves something to be desired.
Hi Rachinc,
I have had issues with the Quarantine Manager window as well. It is fixed and can't be re-sized so long paths can't be viewed. I'm sure that on an earlier version of SAV the file path was clickable and would expand. It seems that this feature has been removed, accidently or otherwise. It is crazy that finding a reported threat is so obtuse. Also. I have had Quarantine Manager hang up and not apparently do anything after clicking the Cleanup button. As for the Show In Finder, perhaps the threat HAS been cleaned up which means the file has been deleted and can't be displayed (but the QM display has not been refreshed). Anyway, enough of speculation.
If I knew whether the threat had been detected by the on-access scanner or the main GUI scan it would be easier to diagnose but I suspect you may not know?
1) To check the on-access scanner logs
Select "Open Preferences" from the Sophos shield icon menu at the right hand side of the menubar (top of screen)
Click the Logging icon at the right hand side of the preferences window
Then click the View LOg Contents button.
This will be mostly full of AutoUpdate reports and lists of ide files.
Use the COMMAND/F shortcut to open the Find box where you can enter "threat"
If a threat was reported by on-access it will be shown in this log. There may well be more than one entry. Use the right arrow to navigate to the most recent which I guess may be the one you have listed in QM.
Anyway it will show the full file path.
The other option is that the threat was detected by a GUI scan. In which case:
2) To check the GUI scanner logs
We can try some investigation using the Console app.
Launch Console from Applicatiolns/Utilities.
You should see a list of logs on the lefthand side. If not, select Show Log List from the View menu.
In this log list use the reveal triangles to bury down: LOG FILES ---> ~/LibraryLogs (N.B. ~/Library differs from /Library) ---> Sophos Anti-Virus ---> Scans
Each type of scan has a name. The main one "Scan this Mac" is called "Scan Local Drives" in the log list.
There may be others if you have created any custom scans.
Each scan name will have a list of all its logs beneath it. You need to check the most recent of these probably and any threat will have the full path listed.
Hope this helps somewhat. I realise it's rather convoluted but the Quarantine Manager interface leaves something to be desired.
