On-access scanning defaults

I don't have a Mac handy …

Excluding network volumes

Does the software still default to not scan files on network volumes and if so, is this a sane default?

Emphasis on protection, not performance.

Excluding compressed/archived files

I understand the wish for Sophos software to be perceived as having a minimal impact on performance but again, is this a sane default?

From Sophos Recommendation for Scan Compressed/Archives Setting (2010):  

> … It is not set for on-access and you better leave it off. See Jupp's post for an explanation. …

From a Wayback Machine capture of a Jupp post in that topic:

> … Running the On-Access scanner without it scanning in archive files doesn't reduce your protection, any files accessed within an archive are scanned, and if you were to manually open, for example, a zip file its contents are scanned at this point. …

Unless I'm missing something:

  • it's to easy for a user of Sophos to inadvertently pass on an infected (non-scanned) file to someone else.

True: an e-mail service provider might offer limited protection e.g. MessageLabs (now under the Norton LifeLock umbrella?), and so on, but the point of weakness – where Sophos is installed – is less than ideal.

  • Hello Graham Perrin,

    not scan files on network volumes
    the default for manged (Enterprise) installations is to not exclude remote files, and similarly scanning of network files is enabled in Sophos Home.

    too easy [...] to inadvertently pass on
    admittedly this is possible, but that someone forwards an archive that he or she doesn't use is ..., well, not a common scenario, is it? Keep in mind that on-access would have to scan "all the way down", could be quite time (and space) consuming, access to the archive is blocked until the scan has finished, and if you unpack an archive it is unpacked twice.

    Christian