Same PROBLEM - I am NOT happy and soooo frustrated!!!

I just had the same problem occur and found this thread - attaching to it rather than starting anew.  

I just installed Evernote on an additional Mac notebook and am trying to connect it to my existing account.  

When I start Evernote, Sophos pops up saying that DrodZp-A has been detected.  I have attached a screen shot of the Sophos message and the crash note that happens shortly thereafter. 

Most of the time, the malware noted in the Quarantine Manager just disappears shortly after the crash.  One time it stayed long enough for me to unlock QM and direct it to clean it up - Sophos indicated that clean up was complete.  The path name was into the library files for Evernote.  

I wonder if it is possible for my synced notes to have malware in them, and the act of initial sync into the new Mac is trigging Sophos and the Quarantine actions interfere with Evernote causing the crash?

Thanks,,,

---

khoyme wrote:

I wonder if it is possible for my synced notes to have malware in them, and the act of initial sync into the new Mac is trigging Sophos and the Quarantine actions interfere with Evernote causing the crash?

Thanks,,,

---

This is the most likely cause.  Find out what file is triggering the detection and look for it in Evernote via a browser.

Ths is still happening to me.  Each time I open Evernote (the latest version, 5.4.5) the Sophos quarantine manager opens up while Evernote is syncing, then Evernote crashes.  

What information do you need to resolve this?  I'm on Sophos Version 8.0.22.

---

rjtumble wrote:

Ths is still happening to me.  Each time I open Evernote (the latest version, 5.4.5) the Sophos quarantine manager opens up while Evernote is syncing, then Evernote crashes.  

What information do you need to resolve this?  I'm on Sophos Version 8.0.22.

---

Version 8 is being retired soon.  First thing: I'd suggest upgrading to version 9 (just run the installer over the top of 8) and test again.

If it's a pure detection issue this probably won't fix it (samples to SophosLabs required etc.) but it's best to be on v9 going forwards.

If you still have the problem look in the /Library/Logs/Sophos Anti-Virus.log for what is being detected.

Post back what you find.

I have a similar problem.  

I am working at a University where we use sophos for security.  I have an iMac running OSX 10.8.  We are using sophos 8.0.22 (I tried installing sophos 9 but it is not "allowed" while I have sophos 8.0.22 installed.

Evernote will open, but it will no longer sync, crashing if I try to do so.

 The sophos log shows this as the problem. 

com.sophos.intercheck: 2014-02-11 10:05:50 +0000 Threat: 'Mal/BredoZp-B' detected in /Users/pss623/Library/Containers/com.evernote.Evernote/Data/Library/Application Support/Evernote/accounts/Evernote/pgmm03/sync-downloads/primary/resource-AC5675DF4EC3A82316AC829DEF1FDE25-41271

This file is removed by quarantine manager and this seems to then cause the evernote crash.  Any ideas would be appreciated.  Evernote seems to work fine with sophos on my laptop, so it would be great if I could get it to work on my desktop as well.

Paul.

I don't know anything about Evernote, hence: Can you have a file that was personally uploaded to, or sent to your Evernote account that is malware?  Maybe that is triggering the detection - it's syncing a file that you have saved 'in the cloud' that is malware.

Otherwise I'd say the way Evernote is opening non-malicious files is causing SAV to detect and it could be a false positive - SophosLabs would need a sample of the file detected.  I'd suggest something like setting the on-access scanner to move a threat, and then recreate the error.  With the detected file in the default 'infected' folder you can submit it as a sample.

Submitting samples of suspicious files to Sophos

http://www.sophos.com/en-us/support/knowledgebase/11490.aspx