Full Scan will not complete

I have the same problem.  Scan hangs and then does not move.  Running OS X Lion 10.7.  Looked at the log file and found this which is about the time the scan hung:

com.sophos.intercheck: 

com.sophos.intercheck: Info:On-access scanner started at 17:46 on 12 August 2011

com.sophos.intercheck: 

com.sophos.autoupdate: Info:Checked primary server at 17:46 on 12 August 2011

com.sophos.autoupdate: Sophos Anti-Virus was updated

com.sophos.autoupdate: 

com.sophos.autoupdate: Info:Checked primary server at 18:46 on 12 August 2011

com.sophos.autoupdate: Sophos Anti-Virus is up to date

com.sophos.autoupdate: 

com.sophos.autoupdate: Info:Checked primary server at 19:46 on 12 August 2011

com.sophos.autoupdate: Sophos Anti-Virus is up to date

com.sophos.autoupdate: 

com.sophos.intercheck: Corrupt file: /private/var/db/mds/messages/se_SecurityMessages

com.sophos.autoupdate: Info:Checked primary server at 20:46 on 12 August 2011

com.sophos.autoupdate: Sophos Anti-Virus is up to date

com.sophos.autoupdate: 

com.sophos.autoupdate: Info:Checked primary server at 21:46 on 12 August 2011

com.sophos.autoupdate: Sophos Anti-Virus is up to date

com.sophos.autoupdate: 

com.sophos.autoupdate: Info:Checked primary server at 22:46 on 12 August 2011

com.sophos.autoupdate: Sophos Anti-Virus is up to date

com.sophos.autoupdate: 

com.sophos.autoupdate: Info:Checked primary server at 23:46 on 12 August 2011

com.sophos.autoupdate: Sophos Anti-Virus is up to date

com.sophos.autoupdate: 

com.sophos.intercheck: Info:On-access scanner stopped at 00:46 on 13 August 2011

com.sophos.intercheck: 12272 items scanned, 0 threats detected, 1 issues

com.sophos.intercheck: 

com.sophos.intercheck: Sophos Anti-Virus

com.sophos.intercheck: Version 4.68, 01 August 2011

com.sophos.intercheck: Includes detection for 2785218 viruses, trojans and worms

com.sophos.intercheck: Copyright © 1989-2010 Sophos Group. All rights reserved.

com.sophos.intercheck: 

Notice the corrupt file message.  What is this file? Can it be deleted?

Thanks, David

Same problem here, starting with the upgrade to OS X 10.7 Lion:  Sophos Anti-Virus (a non-free version provided by my workplace, but the free version behaved identically) has never completed a scan under Lion, it always stops with the 'Scan cannot be completed' dialog box, and this problem never occurred before Lion.

About 'Corrupt File' notifications:  There are lots of files that Sophos considers corrupt even though they work perfectly when opened/unarchived/executed/treated-in-whatever-way-suitable-for-that-type-of-file, so I would recommend that you ignore this type of notification unless it is a mainstream file format such as *.pdf or *.html --- presumably Sophos just thinks that it knows what the correct format is (based on the file name and/or other hints), and then it complains if that assumption is wrong.

As others have noted, there is no problem if 'Scan inside archives and compressed files' is disabled.

However, I do not think that it is caused by a disk full problem.  It is in fact a PDF related activity that creates the problem, and the problem is in fact a low-level crash, SIGBUS, not just normal termination of the program with a programmer-specified error message.  In all cases that I have logs for, it stops as follows with a SIGBUS error:

Thread 4 Crashed:

0   com.sophos.sav.savi           0xc00639c5 analyse_pdf_object + 160

1   com.sophos.sav.savi           0xc00644bf process_xref_table + 225

2   com.sophos.sav.savi           0xc0067124 pdfAutomataParse + 5682

3   com.sophos.sav.savi           0xc008634d SARCpdfInit + 854

It is possible that the unarchiving process creates ill-formatted PDF documents (otherwise, how come we only see the problem in archives?), but analyse_pdf_object+160 should of course have checked for format errors rather than naively using a bad pointer.

  best regards, Erik

I get the same error as you (Erik).

Checking or unchecking scan archives has no effect for me and will cause the error when attempting to scan all local drives or  my Mac partition. Also it happily scans my bootcamp partition just not my Mac.

To get by this, I created a custom scan and added all the dir under root, as Sophos is able to successfully scan it.

Buff

I had this problem until I disabled "scan inside archives and compressed files."  It is nice to see a scan finish finally, but isn't the inability to scan inside archives and compressed files a rather large security hole?  Can someone confirm that this deficiency will be fixed?

I also noticed that the software makes a lot of false reports that files are corrupt.  In particular, I have MacPorts on this computer and, therefore, quite a few .gz files on my hard drive.  This is a common compression format.  When I was still trying to scan inside archives and compressed files, the software described a lot of the MacPorts .gz files as corrupt.  This is certainly incorrect.  OS X has no problem handling them.  Shouldn't Sophos be able to handle everything that the OS can handle?  Should we assume that these false corruption reports, too, will be fixed?

"Scan inside archives and compressed files" being disabled on the on-access scan isn't really a big issue in most situations, as most of the time, an archive has to be unpacked in order to do anything with the contents -- at which point, any malicious files inside the archive are detected.

However, I'm pretty sure the development team is aware of the issue.

The "corrupt files" issue has been discussed in another thread; what's happening is that the scanner attempts to identify the file type, and if it detects it as one format but doesn't find the contents match that format, it labels it as corrupt.

Thanks for pointing to the MacPorts .gz files as being the issue; this likely relates to your other post about on-access scan failure too, and should be investigated.

Would you be able to post a list of some ports packages that are being flagged as corrupt?  That way the labs and dev teams have some test data to work with.

As for "Shouldn't Sophos be able to handle everything that the OS can handle," the answer is "it should be, in theory."  However, as a security product being installed on a system that might be infected, SAV tends to use its own toolset, as the OS tools might be compromised by malware.

I have kinda same issue.

I read most of the above response in the thread, but issue on my end is, it stops (the Sophos box disapears)!!! and when i start the program again, it says "This scan has never been completed. No threars detected"

I am not sure how I can see logs so that I can provide here, which can be useful for diagnosis.

I am using OSX 10.8.2.

Any help much appreciated.

Same issue with Mac OS X 10.11.  I added my NAS to expedition.  Also external HDD.  Will try again.  Gets 3/4 done then just sits there.  Looks to be operating normally. Just never finishes  

Try adding /User/myname/Library/Mobile Documents/ to the Excluded Items tab. You can also try disabling the iCloud Drive in System Preferences.  It appears there is something in that folder that was causing my scans to not complete.