This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Full Scan will not complete

I have tried many times to complete a full scan and each time it stops at about a third left to go with the following error:

"Scan cannot be completes.  An error occured running the scan."

I have tried redownloading, removing and reinstalling Sophos, and get the same result.  In case it was an issue with the bootcamp partition I excluded it in a custom scan and the same error still appears.

It is running on an iMac 3.06GHz intel core i3, which has been upgraded from Snow Leopard to Lion.  I had no problems running the full scan prior to upgrading to Lion.  I am running the latest version of Sophos (7.3.2c with threat detection engine 3.22.0), so it should be a Lion compatible version.

Another problem that has developed since the upgrade is the shield icon on the top bar intermitently disappears and the setting to display in status bar needs to be rechecked to enable it again.

Any help with this would be much appreciated as until now I've had no problems at all with this great free tool!

:1003679


This thread was automatically locked due to age.
  • I have the same problem.  Scan hangs and then does not move.  Running OS X Lion 10.7.  Looked at the log file and found this which is about the time the scan hung:

    com.sophos.intercheck: 

    com.sophos.intercheck: Info:On-access scanner started at 17:46 on 12 August 2011

    com.sophos.intercheck: 

    com.sophos.autoupdate: Info:Checked primary server at 17:46 on 12 August 2011

    com.sophos.autoupdate: Sophos Anti-Virus was updated

    com.sophos.autoupdate: 

    com.sophos.autoupdate: Info:Checked primary server at 18:46 on 12 August 2011

    com.sophos.autoupdate: Sophos Anti-Virus is up to date

    com.sophos.autoupdate: 

    com.sophos.autoupdate: Info:Checked primary server at 19:46 on 12 August 2011

    com.sophos.autoupdate: Sophos Anti-Virus is up to date

    com.sophos.autoupdate: 

    com.sophos.intercheck: Corrupt file: /private/var/db/mds/messages/se_SecurityMessages

    com.sophos.autoupdate: Info:Checked primary server at 20:46 on 12 August 2011

    com.sophos.autoupdate: Sophos Anti-Virus is up to date

    com.sophos.autoupdate: 

    com.sophos.autoupdate: Info:Checked primary server at 21:46 on 12 August 2011

    com.sophos.autoupdate: Sophos Anti-Virus is up to date

    com.sophos.autoupdate: 

    com.sophos.autoupdate: Info:Checked primary server at 22:46 on 12 August 2011

    com.sophos.autoupdate: Sophos Anti-Virus is up to date

    com.sophos.autoupdate: 

    com.sophos.autoupdate: Info:Checked primary server at 23:46 on 12 August 2011

    com.sophos.autoupdate: Sophos Anti-Virus is up to date

    com.sophos.autoupdate: 

    com.sophos.intercheck: Info:On-access scanner stopped at 00:46 on 13 August 2011

    com.sophos.intercheck: 12272 items scanned, 0 threats detected, 1 issues

    com.sophos.intercheck: 

    com.sophos.intercheck: Sophos Anti-Virus

    com.sophos.intercheck: Version 4.68, 01 August 2011

    com.sophos.intercheck: Includes detection for 2785218 viruses, trojans and worms

    com.sophos.intercheck: Copyright © 1989-2010 Sophos Group. All rights reserved.

    com.sophos.intercheck: 

    Notice the corrupt file message.  What is this file? Can it be deleted?

    Thanks, David

    :1003763
  • Same problem here, starting with the upgrade to OS X 10.7 Lion:  Sophos Anti-Virus (a non-free version provided by my workplace, but the free version behaved identically) has never completed a scan under Lion, it always stops with the 'Scan cannot be completed' dialog box, and this problem never occurred before Lion.

    About 'Corrupt File' notifications:  There are lots of files that Sophos considers corrupt even though they work perfectly when opened/unarchived/executed/treated-in-whatever-way-suitable-for-that-type-of-file, so I would recommend that you ignore this type of notification unless it is a mainstream file format such as *.pdf or *.html --- presumably Sophos just thinks that it knows what the correct format is (based on the file name and/or other hints), and then it complains if that assumption is wrong.

    As others have noted, there is no problem if 'Scan inside archives and compressed files' is disabled.

    However, I do not think that it is caused by a disk full problem.  It is in fact a PDF related activity that creates the problem, and the problem is in fact a low-level crash, SIGBUS, not just normal termination of the program with a programmer-specified error message.  In all cases that I have logs for, it stops as follows with a SIGBUS error:

    Thread 4 Crashed:

    0   com.sophos.sav.savi           0xc00639c5 analyse_pdf_object + 160

    1   com.sophos.sav.savi           0xc00644bf process_xref_table + 225

    2   com.sophos.sav.savi           0xc0067124 pdfAutomataParse + 5682

    3   com.sophos.sav.savi           0xc008634d SARCpdfInit + 854

    It is possible that the unarchiving process creates ill-formatted PDF documents (otherwise, how come we only see the problem in archives?), but analyse_pdf_object+160 should of course have checked for format errors rather than naively using a bad pointer.

      best regards, Erik

    :1003767
  • I get the same error as you (Erik).

    Checking or unchecking scan archives has no effect for me and will cause the error when attempting to scan all local drives or  my Mac partition. Also it happily scans my bootcamp partition just not my Mac.

    To get by this, I created a custom scan and added all the dir under root, as Sophos is able to successfully scan it.

    Buff

    :1003791
  • I had this problem until I disabled "scan inside archives and compressed files."  It is nice to see a scan finish finally, but isn't the inability to scan inside archives and compressed files a rather large security hole?  Can someone confirm that this deficiency will be fixed?

    I also noticed that the software makes a lot of false reports that files are corrupt.  In particular, I have MacPorts on this computer and, therefore, quite a few .gz files on my hard drive.  This is a common compression format.  When I was still trying to scan inside archives and compressed files, the software described a lot of the MacPorts .gz files as corrupt.  This is certainly incorrect.  OS X has no problem handling them.  Shouldn't Sophos be able to handle everything that the OS can handle?  Should we assume that these false corruption reports, too, will be fixed?

    :1003805
  • "Scan inside archives and compressed files" being disabled on the on-access scan isn't really a big issue in most situations, as most of the time, an archive has to be unpacked in order to do anything with the contents -- at which point, any malicious files inside the archive are detected.

    However, I'm pretty sure the development team is aware of the issue.

    The "corrupt files" issue has been discussed in another thread; what's happening is that the scanner attempts to identify the file type, and if it detects it as one format but doesn't find the contents match that format, it labels it as corrupt.

    Thanks for pointing to the MacPorts .gz files as being the issue; this likely relates to your other post about on-access scan failure too, and should be investigated.

    Would you be able to post a list of some ports packages that are being flagged as corrupt?  That way the labs and dev teams have some test data to work with.

    As for "Shouldn't Sophos be able to handle everything that the OS can handle," the answer is "it should be, in theory."  However, as a security product being installed on a system that might be infected, SAV tends to use its own toolset, as the OS tools might be compromised by malware.

    :1003811
  • I have kinda same issue.

    I read most of the above response in the thread, but issue on my end is, it stops (the Sophos box disapears)!!! and when i start the program again, it says "This scan has never been completed. No threars detected"

    I am not sure how I can see logs so that I can provide here, which can be useful for diagnosis.

    I am using OSX 10.8.2.

    Any help much appreciated.

    :1011242
  • Same issue with Mac OS X 10.11.  I added my NAS to expedition.  Also external HDD.  Will try again.  Gets 3/4 done then just sits there.  Looks to be operating normally. Just never finishes  

  • Try adding /User/myname/Library/Mobile Documents/ to the Excluded Items tab. You can also try disabling the iCloud Drive in System Preferences.  It appears there is something in that folder that was causing my scans to not complete.