This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does Sophos linux free sends scanned files to Virustotal?

I was scanning my client's file using Sophos Linux free and now he is complaining that the same file is available in Virus total. Sophos Linux free sends the files to virus total?

This thread was automatically locked due to age.

0 QC over 4 years ago

Hello Sophos User464,

never heard that SAV would upload any files to a third party.

Question is, what the same file is - if the hashes are from a proprietary file that has definitely not been disseminated there'd be a reason to complain. Otherwise it'd be no surprise that others have seen the same file. And, BTW, there's a number of tools and utilities that would check if a file is known at VT and upload it if not.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophos User464 over 4 years ago in reply to QC

Thanks for the update. Checking with the client on the files. But I now have the clarity that SAV does not upload files to any third-party.
Cancel
Vote Up 0 Vote Down

Cancel
0 Avir Testov over 4 years ago in reply to Sophos User464

Still you brought valid concern. There were allegations against Carbon Black that it shares customers' files. VirusTotal was mentioned there.

https://www.csoonline.com/article/3214487/pentest-firm-calls-carbon-black-worlds-largest-pay-for-play-data-exfiltration-botnet.html

The gist of this issue is the following:

In Cb Response, there is an optional ... configuration (disabled by default) that allows the uploading of binaries (executables) to VirusTotal for additional threat analysis. ... When enabled, executable files will be uploaded to VirusTotal, a public repository and scanning service owned by Google,"
Cancel
Vote Up 0 Vote Down

Cancel