This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Antivirus and Time Machine

Does anyone else find that the default "Scan This Mac" option gets stuck unless you exclude your Time Machine backup volume from the scan? I was really disappointed with the speed of the scan until I thought to try this, as I was finding it would get stuck about a third of the way in and stay there for hours until I gave up. The only reason I can think of for this though would be if it's scanning the full contents of every backup, but that would be a staggering number of files to get through (my system has millions of files as it is, totalling around 2.5tb).

I would think that an antivirus product for Mac would be aware of Time Machine's file structure and have methods for accelerating the scan. For example, it's pretty easy to figure out which files have changed between two Time Machine backups by comparing inodes, since Time Machine uses hard-links, so only original files and changed files should need to be scanned. Also, since a Time Machine backup is just a snapshot of the rest of your system, it should be easy enough for Sophos antivirus to determine if the file is identical to one already scanned (or waiting to be scanned) on the main system or not, so that copies don't need to be scanned more than once.

Does Sophos antivirus already account for these things? Otherwise I can't figure out why excluding my Time Machine backup would solve the problem. Should I submit a support ticket somewhere?

:1015215


This thread was automatically locked due to age.
Parents

  • kevs40 wrote:

    Ok Bob thanks, you are with Sohpos cool.

    Ok, I added Time Machine to the excluded items tab.

    But didn't it scan Time Machine effeciently a few months ago, did something happen?

    And it does identity threats there. Can something in Time Machine be a problem?


    Don't think anything significant has changed in the product, we haven't released anything significantly new since last October.

    As for potentially bad things contained in your Time Machine backup, here is a good way to think about it:

    (1) by design, you cannot use things from the Time Machine backup directly, you always have to restore / export the content back to your regular drive

    (2) when you try to use that restored item, our on-access scanner will inspect it - it will be blocked if its considered a threat

    (3) this is true even if we didn't consider that item a threat when it was backed up, we will scan it again after the restore

    Hopefully that makes sense.

    :1020235

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Reply

  • kevs40 wrote:

    Ok Bob thanks, you are with Sohpos cool.

    Ok, I added Time Machine to the excluded items tab.

    But didn't it scan Time Machine effeciently a few months ago, did something happen?

    And it does identity threats there. Can something in Time Machine be a problem?


    Don't think anything significant has changed in the product, we haven't released anything significantly new since last October.

    As for potentially bad things contained in your Time Machine backup, here is a good way to think about it:

    (1) by design, you cannot use things from the Time Machine backup directly, you always have to restore / export the content back to your regular drive

    (2) when you try to use that restored item, our on-access scanner will inspect it - it will be blocked if its considered a threat

    (3) this is true even if we didn't consider that item a threat when it was backed up, we will scan it again after the restore

    Hopefully that makes sense.

    :1020235

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Children
No Data