This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint detect cache2 folder of Thunderbird as malware

Hi,

I have some clients with the same issue as below:

Sophos Endpoint detect files under the folder named cache2/entries of Thunderbird (mail client) as malware, here is one of them:

c:\users\ken.nguyen\appdata\local\thunderbird\profiles\4e6914bn.default-release\cache2\entries\807431c7383bcad28c9a958ee68092b64294cdcc

Almost every day Sophos reports that the files in the cache2/entries folder are malware even though they have been deleted.

Is this incorrect detection? How do get it fixed? Thanks



This thread was automatically locked due to age.
Parents
  • Hello Hung,

    Thank you for reaching out to the Sophos Community. 

    From the behavior you’re describing, it sounds like the mail application has cached part of an email that was received previously. The cached information is then being scanned by Sophos and getting picked up as potentially malicious. 

    Do you know if the detections correspond with any specific navigation/re-loading of old inbox items through the mail client? 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh,

    I discovered one thing is that when I search or install any extensions/themes on Thunderbird, Sophos Endpoint detects malware. I also try to go to Firefox to search or install extensions/themes, everything is fine. Both products are from Mozilla.

    I’m using Thunderbird version 91.2.0 (64-bit). Can you help test it?

  • Using virustotal.com to scan the file that Sophos Endpoint detects as malware, the result from that site is "No security vendors flagged this file as malicious"

Reply Children