Does Sophos linux free sends scanned files to Virustotal?

I was scanning my client's file using Sophos Linux free and now he is complaining that the same file is available in Virus total. Sophos Linux free sends the files to virus total?

  • Hello Sophos User464,

    never heard that SAV would upload any files to a third party.

    Question is, what the same file is - if the hashes are from a proprietary file that has definitely not been disseminated there'd be a reason to complain. Otherwise it'd be no surprise that others have seen the same file. And, BTW,  there's a number of tools and utilities that would check if a file is known at VT and upload it if not.

    Christian

  • In reply to QC:

    Thanks for the update. Checking with the client on the files. But I now have the clarity that SAV does not upload files to any third-party. 

  • In reply to Sophos User464:

    Still you brought valid concern. There were allegations against Carbon Black that it shares customers' files. VirusTotal was mentioned there.

    https://www.csoonline.com/article/3214487/pentest-firm-calls-carbon-black-worlds-largest-pay-for-play-data-exfiltration-botnet.html

    The gist of this issue is the following:

    In Cb Response, there is an optional ... configuration (disabled by default) that allows the uploading of binaries (executables) to VirusTotal for additional threat analysis. ... When enabled, executable files will be uploaded to VirusTotal, a public repository and scanning service owned by Google,"