This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

can't clean up threats from quarantine manager

Hi everyone - hope someone can help with this. 

I recently had two threats (Troj/Invo-Zip and Mal/DrodZp-A) appear in my quarantine manager which I can't seem to remove. I've selected the items and clicked on 'Clean Up Threat", authenticated as adminstrator, but Sophos can't seem to get rid of them. After a few minutes of whirring I get an error message saying "Cannot remove threat. An error occurred while cleaning up the selected threats."

One threat (Troj/Invo-Zip) is in some junk email (the path refers to user/library/mail/v2/IMAP etc etc). The other threat (Mal/DrodZp-A) doesn't show a path or filename.

I'm running Sophos Antivirus v. 9.0.7 on a MacBook Pro (Mavericks). I've tried rebooting and am experiencing the same problem. 

Any ideas on what's going wrong and how to resolve it?

Many thanks for your time. 

James

:1015831


This thread was automatically locked due to age.
  • SAV can have problems when the items are in your mail box and/or Time Machine - it can detect things and then hasn't got the permission to delete them.

    For the email see this post: http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Mal-Phish-A-threat-from-mail-keeps-coming-back/m-p/15243/highlight/true#M7039

    And for the blank path: Did you scan the Time Machine volume?  If so you can either check the scan log, enter TM, and then delete the file manually.  Or just exclude the volume from future scanning and clear the currently detected item from the list in the Quaratine Manager.

    May help:

    :1015839

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • I have a similar problem as the one posted by James. The quarantine manager found "Troj/Fondu-G pdf-efax_5139803082..". I logged in,pressed the cleaning button, the cleaning sign blinked for a short time , then stopped and nothing happened, no message no sign and the manager still shows the threat. What shall I do ? Maybe nothing as on the sophos home page this new virus is marked as only attacking Windows (I have an imac with OS X 10.9.1). Can anyone help?

    Werner

    :1015845

  • hontonton wrote:

    What shall I do ?


    I'd suggest watching the video above to see how to check the log.  Confirming where the item is located is the first step.

    It may be Windows only and hence not going to hurt you Mac (so there isn't anything to really worry about) but if you can locate the item that's better.  Have a look in the logs.

    :1015853

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Regarding the quarantine manager, I have done the "cleanup" many times but the infected Mail file keeps coming back in larger amounts.  The file is called "Wells Fargo Online Account Profile Notification".  I have no relationship with Wells Fargo (a bank) but I have never actually seen that message displayed on my monitor.  I only found it by going to the "Messages" folder within the "Sent Mail.imapmbox" of the Google Gmail account but now there are dozens of such messages that keep coming back everytime I do a "Cleanup" in the Quarantine Manager.  I do not know if "cleanup" is actually different from a simple "delete" command.  I want only to delete the infected file or multiple duplicate files to restore my system back to "normal" and I thought that Sophos would do that job.

    I  used to use Norton Anti-Virus for Mac but the newer version that I need "costs a bundle" and I read about Sophos Home AV for Mac and decided to try that.  Perhaps I need to buy a new Norton AV version to install -- the old version is deleted and unavailable to me now.  Or perhaps there are other AV softwares available out there such as McAffe AV that may clean up this mess in my Mac.

    Any helpful suggestions before I abandon Sophos?

    :1015855
  • Is it the same mail being re-downloaded?  If so you shouls log into your webmail account (via a browser) and delete the mail from there.

     on the thread below resolved that problem by:

    "unchecked the checkbox in the preferences panel in the mac mail client (accounts > advanced) 'Automatically download all attachments'. This way spam that's being sent to me containing virusses is not automatically downloaded and stored on my computer. "

    http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Mal-Phish-A-threat-from-mail-keeps-coming-back/m-p/15243/highlight/true#M7039

    :1015863

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • I have a similar problem. Mal/DrodZp-A was mentioned as a threat, I pressed the "clean up" button in the quarantine manager and it has been whirling around ever since - about 8 hours so far.   Have just read the comment on unchecking "automatically download attachments",  followed the advice but still do not know what action to take regarding the everlasting clean up.