This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is my scan taking so long?

I have a powerful MacBook Pro with SSD drive. I started a full scan at 11 AM and now it's 7 PM and it still says 297,009 files to go, and 4 out of 8 cores are churning constantly at about 50% CPU. It's my first ever scan after installing the latest version. In the logs I see lots of SophosSXLD EARLY TIMEOUT dns context warning messages. I also get the feeling that certain files are being scanned over and over again. For example, I have seen jdk-8u11-macosx-x64.dmg come up several times. Also, from time to time the log says 'Corrupt file' when trying to read a '*.dmg.part' file. I'm running OS X Yosemite.

Is it normal to take so long? If not, what can I do to fix it?

If I tell it to stop the scan then it says "This scan has never been completed. No threats found. Issues detected." What issues? Quarantine Manager says nothing...?!

If I tell it to start the scan then it start at 1,3xx,xxx files and counts down rapidly like it did the first time. However, the mysterious 'Issues detected' text is missing.

What's going on and how can I determine what the issues are?



This thread was automatically locked due to age.
  • Yeah, so after restarting the scan then it goes through about 1 million files in an hour or so but then starts to go really slow when it gets down to 3xx,000 files. And the 'Issues detected' text is back... but how to see what they are?!
  • So I left it scanning overnight and it's now been about 13 hours. There are still 24,xxx files left to scan. The log shows that it has started to complain sometimes about .gz files being 'Corrupt' although on the command line I can access the files perfectly well?! It also seemed to have some problems with these .zip & .gz files:

    2015-09-03 05:42:05 -0700 Issue: engine found an unrecognised file format at: /Users/simon/mcrypt/php-5.4.38/ext/phar/tests/zip/files/compress_unsup2.zip

    2015-09-03 05:42:33 -0700 Issue: engine found an unrecognised file format at: /Users/simon/mcrypt/php-5.4.38.tar.gz

    2015-09-03 05:41:53 -0700 Corrupt file: /Users/simon/mcrypt/php-5.4.38/ext/bz2/tests/004_2.txt.bz2

    Which circumstances cause the AV to think that the file is corrupt?

    Many files seem to exist multiple times and the AV complains that they are encrypted:

    2015-09-03 04:54:33 -0700 Encrypted file: /Users/simon/Library/Containers/com.apple.WeatherKitService/Data/Downloads/AdobeFlashPlayerInstaller_16au_ltrosxd_aaa_aih.dmg

    2015-09-03 05:04:01 -0700 Encrypted file: /Users/simon/Library/Containers/com.getdropbox.dropbox.garcon/Data/Downloads/AdobeFlashPlayerInstaller_16au_ltrosxd_aaa_aih.dmg

    2015-09-03 05:13:27 -0700 Encrypted file: /Users/simon/Library/Containers/com.google.GoogleDrive.FinderSyncAPIExtension/Data/Downloads/AdobeFlashPlayerInstaller_16au_ltrosxd_aaa_aih.dmg

    Is that normal?

    Looks like the dns early timeout warnings have been going on every few minutes through the night...
  • So I switched off looking inside archives and the entire scan finishes without 'issues' or threats found in only 33 minutes. And even with the dns context early timeout warnings...

    So is the code that looks inside archives somehow buggy? Or what's causing it to run so slowly?