This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Troj/DocDl-CMF'

Hi

I'm getting numerous detections this morning for 'Troj/DocDl-CMF' . The documents are originating from our intranet page. Though the odd thing I can download is, right click scan it and it comes back clean, but whenever I go to  'save as..' its flags it as a virus. and states 'The disk is Full. Free some space on the drive...'

I uploaded to document to virustotal.com and this even came back as clean from all the scan engines even Sophos. Is this a false detection? if so how do I stop it?

We are running Endpoint 10.6 and Enterprise console 5.3.1



This thread was automatically locked due to age.
Parents
  • Running Mac OS 10.6.8 and Sophos 9.4.2. I also have repeatedly been getting the same alert -  cleaning appeared to work, but then in a few minutes I would get another alert.


    Sophos tells me the problem document is this: /Users/ME/Library/Mail/IMAP-ME@gmail.com@imap.gmail.com/[Gmail]/Spam.imapmbox/Messages/522349.2.emlxpart (where I have substituted "ME" for my name).


    I went to 522349.2.emlx and put it in the trash, then emptied the trash. It appeares to be gone - I haven't had any alerts for about 30 minutes. Fingers are crossed.

Reply
  • Running Mac OS 10.6.8 and Sophos 9.4.2. I also have repeatedly been getting the same alert -  cleaning appeared to work, but then in a few minutes I would get another alert.


    Sophos tells me the problem document is this: /Users/ME/Library/Mail/IMAP-ME@gmail.com@imap.gmail.com/[Gmail]/Spam.imapmbox/Messages/522349.2.emlxpart (where I have substituted "ME" for my name).


    I went to 522349.2.emlx and put it in the trash, then emptied the trash. It appeares to be gone - I haven't had any alerts for about 30 minutes. Fingers are crossed.

Children
  • I'm not sure why the above post is a suggested answer?  It's just a file that's been flagged as a trojan.

    Anyone heard back from Sophos yet, I'll give them a call later today if they haven't got back to me

  • "How do I stop it" was the question. The answer for me was going to and eliminating the offending doc made the problem go away.

    I didn't see anyone else offer this, and so I thought it might help. Many other people may not be as sophisticated as yourself and might not have understood to go to the bad document and delete it.

    True, it didn't fix whatever bug made Sophos cycle back and forth, but that's way above my pay scale.  ;)