Sophos Antivirus for Mac shows ‘Issues detected’

Let me set the scene: You’re happily running a scan with Sophos Anti-Virus for Mac 9…

scanthismac_running

…and before the scan completes you see a warning in the Scans window that says Issues detected

scanthismac_running_issuesdetected_hightlighted

The questions now are: What are these issues detected?  How do I fix them?  Why does the scan report Issues detected and then also No threats found?  Surely the only issues should be that the scan found threats right?

Spoiler:  These issues are nothing to worry about.

The ‘issues’ are caused by the scanner finding encrypted and/or corrupt files and simply not being able to access them.

On your Mac there will be a number of encrypted files and the scanner is not able to access them because they are…encrypted.  Protected.  Locked.  It should not be able to access them otherwise what’s the point of the file being encrypted?  If SAV can break in whenever it wants and have a peek then so can other programs and the encryption is pointless.

Your Mac is also going to have a few ‘corrupt’ files.  Well…they may not be exactly corrupt.  The structure of the file – or more precisely the file header – is not recognizable to Sophos Antivirus.

When any application (like SAV) ‘reads in’ a file it expects certain information, in a certain order. Usually there is a header, where global information about the particular file is kept.

If this information is not what SAV expects then the file is deemed corrupt.  In actuality the file is most likely a system file or a file called only by a particular program that knows how to access or use it – nothing other than that program may be able to work with the file.

So shouldn’t you worry that Sophos didn’t scan these files?  They could be malicious right?  You don’t need to worry.  Yes SAV didn’t scan the file, however the file itself cannot run on its own and hence cannot cause a problem to your computer.

I did say that the file could be called by another program, so maybe that program is malware?  Maybe but if it’s able to run (execute on Mac OS X) then it has to properly present itself to the operating system and hence it cannot appear as a ‘corrupt’ file and therefore SAV would properly scan that program.

So the takeaway from this is:  You’re absolutely fine.  Don’t worry.

I want to see these corrupt and encrypted files

A reasonable request.  Open Console from Spotlight…

utility_open_console

From the left-hand menu select the Sophos log for the type of scan you ran.

In the screenshot below the ‘Issues detected’ was reported during a ‘Scan this Mac’ scan and hence is under the Scans > Scan Local Drives section.  If you run a custom scan the log would be listed under ‘Scan’ > theNameYouGaveTheScan.

scanthismac_consolelog_corruptfile

Recreate the problem with sweep

You can recreate the behavior with the command line version of Sophos Antivirus (sweep).  Open Terminal…

sweep_openingterminal

…and then type in the command below and press enter.

sweep /Library/Caches/

Tip: If you don’t see any errors try another folder like /Library/ (without the Caches/ bit) for example.

The program will quickly run a scan on the Caches folder and you will see something like this in the scan summary in the Terminal window…

5628 files swept in 25 seconds.
4 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.

The ‘X errors were encountered’ is the same thing as the Issues detected message that is reported in the graphical frontend of SAV – sweep doesn’t report anything to the frontend so Terminal is the only place you’ll see issues for this scan.

Above the scan summary you will be able to see the actual files that caused the errors.  It will be different messages for different computers but you may see Could not open messages etc.

Again: Don’t lose any sleep over these messages.

Advertisements
Posted in Antivirus for Mac, Fighting malware | Tagged , , , , , | 7 Comments

Remove Sophos Antivirus system files

If you have read my post on uninstalling Sophos Antivirus for Mac 9 you may recall that I mentioned under the part about uninstalling with the script (but the same is true for running the main uninstaller application), that…

it removes all of the main parts of the program.  I say ‘main parts’ because the script may not remove every tiny bit of the installation but rest easy that the program has gone

It’s true – the program has gone, but it’s equally true that some file are lurking in rarely seen parts of the system.  Have I got you shivering at the thought of these files hanging around your beloved computer?

Sometimes you truly don’t feel clean again unless you have scrubbed a bit harder than is required – ‘no pain, no gain’ is the doctrine.  Hence some people go looking for every darned mention of ‘Sophos’ in the quest for purification.  If you’re screaming ‘yes, yes YES’ at the screen by now read on and be cleansed.

Note: Before followed the steps below ensure you have uninstalled SAV 9 with the proper uninstaller (either the remover application or the remove_v9.sh script).  These steps are to follow up after you have uninstalled.

Open a Finder window and select hard drive icon for your computer (so you are looking at the top level folder).

1_remove_all

Search for the word sophos and click the + button as highlighted below.

2_remove_all

On the Kind drop-down menu select Other.

3_remove_all

Search the current window for system, select the attribute System files and click OK.

4_remove_all

Change the value of the second drop-down menu (immediately to the right of the ‘Kind’ drop-down) from ‘aren’t include’ to ‘are include.  The Finder window now displays all the system files left over from the Sophos Anti-Virus for Mac 9 installation.

Tip: Look through all the files and make sure there is nothing you want to keep.  The best way is to scan down the ‘Name’ column and look for anything you recognize – it could be a file you created yourself or an email that mentions ‘Sophos’.  As the next step is to remove all the files don’t blindly delete everything without checking.  There shouldn’t be anything interesting listed but this tip is provided to cover the possibility.

5_remove_all

Select them all and move them to Trash (e.g. with the Finder window active, from the menu bar select Edit > Select All.  Then again from the menu bar select File > Move to Trash).

Tip: Don’t be in a rush to empty the Trash immediately.  Reboot the computer and use the computer for a day before clearing out the files permanently.

You’re done!

Posted in Antivirus for Mac | Tagged , , , , , , , , , , , , , | Leave a comment

Uninstall Sophos Antivirus for Mac 9

Need to uninstall SAV for Mac 9?  Or need to cleanly remove it before reinstalling it?  With the release of version 9 there is a totally new way of removing the program – in fact there are two ways to uninstall.

For Sophos Antivirus 8 the process of uninstalling is different.  I’ll put a section about uninstalling 8 at the bottom of this post but be aware you don’t need to uninstall 8 before installing 9.

Method One: Run the uninstaller

Very easy: Open a Finder window, open your Applications folder, and double-click the Remove Sophos Anti-Virus application.

applicationsFolder

Let the uninstaller run and you’re done!

Method Two: Run the removal script

Unlike version 8 Sophos have decided to include a script called remove_v9.sh to uninstall version 9.  Removing SAV for Mac 9 is extremely quick and easy however you have to use Terminal to do it – you can’t run the script from Finder.

Tip: Make sure you’re not running a scan or using the program as this could prevent the script from running properly.

Open Terminal from Spotlight

sweep_openingterminal

Then change directory to the /Library/Sophos Anti-virus folder by typing:

cd /Library/Sophos\ Anti-Virus/

Finally run the uninstall script (.sh extension) prefixing it with the sudo command (as it needs administrative rights):

sudo ./remove_v9.sh

Type in your password that you use to log on with (that’s assuming under ‘System Preferences > ‘Users & Groups’, under your account the option ‘Allow user to administer this computer’ is checked).

When the script runs it removes all of the main parts of the program.  I say ‘main parts’ because the script may not remove every tiny bit of the installation but rest easy that the program has gone and furthermore you are now unprotected – so watch what files you click on or websites you browse.  The script outputs all of the actions as it does them and the last line should be done.

That’s it!

Errors in the uninstall

At the time of writing there are two errors that appear below the word ‘done’ when I run the script (these may be fixed in future versions)…

error: leftover path /Library/Caches/com.sophos.installer/ needs to be removed
error: leftover path /Library/Caches/com.sophos.sxld/ needs to be removed

Looking inside the removal script the ‘com.sophos.installer’ folder isn’t mentioned – maybe an oversight by Sophos.  The ‘com.sophos.sxld’ isn’t mentioned either, but ‘com.sophos.sxl’ is – maybe a typo where .sxl should be .sxld.

These folders are empty and harmless but if you want to remove them (and while you have Terminal open), type the following one line at a time:

sudo rm -r /Library/Caches/com.sophos.installer
sudo rm -r /Library/Caches/com.sophos.sxld

…you’ll need to enter your password after each line.

Removing Sophos Antivirus 8

Removing Sophos Antivirus for Mac 8 involves running the Remove Sophos Anti-Virus.pkg file.  Do NOT drag the Sophos Anti-Virus.app (from the Applications folder) to Trash – this will not work.

Don’t hack away at the program to remove it.  If you have attempted to delete files and find yourself stuck then see ‘Hacked Off?’ at the bottom of this post for recovery advice.

The funny thing about the uninstaller is that the program actually makes you think that you are installing, because the button says ‘Install’…

uninstall_sav8

…but press ahead and you’ll be fine.

Tip: You need to be able to see the root of your hard drive in Finder to use the steps below.  If you don’t see your computer’s hard drive under DEVICES in the sidebar of a Finder window you should: Open a Finder window and have it active.  Then from the menu bar select ‘Finder’ > ‘Preferences’.  From the ‘Sidebar’ tab locate your hard drive under ‘DEVICES’ and check the option.  In the Finder window you will now see an icon under DEVICES that allows you to access the root (top level) of your hard drive.

Now you can locate the uninstaller and run it:

  1. In Finder select your hard drive icon (see tip above if required) and browse to the folder Library > Sophos Anti-Virus.
  2. In the Sophos Anti-Virus folder double-click the ‘Remove Sophos Anti-Virus.pkg’ file.
  3. Follow the installer through (yes it does say ‘Install’ to remove) and when it completes SAV for Mac 8 will be removed.

Hacked off?

If you have previously attempted to manually hack SAV 8 off your computer by deleting files manually the uninstall will fail – and if you deleted the uninstaller file you obviously can’t run that.  Some Mac applications can be simply dragged to the Trash but not SAV for Mac – it’s not a self-contained application.

The quickest and easiest way to successfully uninstall is to download SAV 8 again, run through the install (to replace all missing files) and then follow steps one to three above to remove it properly.

Posted in Antivirus for Mac, Fighting malware | Tagged , , , , , | 3 Comments

Scanning a Mac with Sophos Antivirus 9

With my last post regarding being up to date done I’m free to talk about scanning with SAV 9 – make sure you are up to date before scanning your computer.

There are pretty much four ways of scanning your computer:

  1. Selecting ‘Scan This Mac’ from the Sophos shield in the menu bar or from the ‘Scans’ window
  2. Setting up a custom scan so you can control what is scanned and what it does with the things it finds
  3. Right-clicking on a particular file or folder and selecting ‘Scan with Sophos Anti-Virus’
  4. Using the command line scanner (a program called sweep) and really tune what happens

Summary

Scan Type Good Bad
Scan This Mac Scans whole drive and all local drives; set up for you out-of-the-box; one click is all it takes No automatic clean-up option; lack of control; can take a long (long) time depending on size of drive/ number of files
Custom scan Can configure clean-up options; selecting only folders of interest and removing the scanning of compressed files shortens scan time Only certain folders are scanned so you may have missed something
Right-click scan Simple to perform; if you prefer real time scanning off the option does allow scanning of a particular file just before you open it With on-access scanning on right-click scanning before opening is not required and hence the option is redundant; have to remember to do it before clicking a file
sweep extremely powerful; does everything the graphical frontend does and a heck of a lot more Requires knowledge of Mac’s Terminal application; semi-complex syntax is off putting to beginners

In the sections below I discuss each one in more detail.

Scan This Mac

This is the simplest and easiest option to go for when you want to scan your computer, however it may not be the best.  The ease of the one-click scan comes at a price – how long the scan takes to complete and computer performance during that long scan.

When you scan your computer (by what every method you choose) the computer’s resources are going to be lower.  When you scan with this option the entire hard drive(s) and all local drives are scanned and hence you’re going to experience that reduced performance for longer.

This doesn’t mean you shouldn’t use this option, however take on board that this scan is designed to give you maximum protection.  It’s a damn good way to be sure your system is clean, but don’t expect your computer to behave normally (in terms of performance) while it’s running – leaving the computer alone to finish the scan is better than having a load of applications open and complaining the computer is dog slow.

The scan also doesn’t have automatic clean-up enabled.  This means that anything it finds will not be deleted immediately, but you will be able to use the Quarantine Manager to review a list of detections after the scan has finished and clean them up at that point – in some ways that’s actually a better way of doing it so you know what was there.

The main reasons for this scan taking so long are because (a) the entire main hard drive is scanned for all files (b) it scans all other local drives (connected USB and FireWire) and (c) the scan also checks all compressed files (like zip files, etc.).  All this adds up to a lengthy scan time.

Run a ‘Scan This Mac’ scan

From the Sophos shield in the menu bar select ‘Scan This Mac’

scanthismac_shieldmenu

Alternatively you can select ‘Open Scans’ from the same menu shown above and in the ‘Scans’ window click ‘Scan now’.

scanthismac_never_run

The program will calculate the files it needs to scan.

scanthismac_calculating

At the end on the scan, if anything is found you can click the ‘Quarantine Manager’ button to review and clean-up malware.

scanthismac_complete

If the scan takes a log time or you need to troubleshoot, it’s handy to know where the log of the scan is.  To access the log open Console (type ‘console’ into Spotlight) and expand ‘~/Library/Logs/’ > ‘Scans’ > ‘Scan Local Drives’.  Then select the most recent log file based on date and time.

In the screen grab below I have included in the highlighting that the scan name is ‘Scan Local Drives’ and that all local drives are included.

scanthismac_logfile

Custom scan

I’ve previously posted about this.  To save repeating myself see: Creating a custom scan with Sophos AV for Mac.

What I will add now is that using a custom scan means the time of a scan can be dramatically reduced as you control the drives and folders on those drives that are scanned.  Plus you can uncheck ‘Scan inside archives and compressed files’ on the ‘Options’ tab.

If you find the ‘Scan this Mac’ option takes forever (or maybe never completes) then stop using that and break down hard drive into more manageable chunks. I recommend starting with just your Users folder for one scan (as that’s where most malware will be) and only adding system folders as and when required.

Using ‘Scan with Sophos Anti-Virus’

This is a handy option if you’re unsure where a particular file came from, or think it may be malware.  Simply right-click on a file and select the option Scan with Sophos Anti-Virus.

scanwithsav

Once the scan has completed the Finder Item Scan windows will report if it found something or not.

scanwithsav_completed

Click the View Log button and Console opens showing further details of the scan called Finder Item Scan.

scanwithsav_log

In summary the right-click option is handy but if you have real time scanning (aka on-access scanning) running – so every file is checked by SAV before it has run – then doing a right-click scan is redundant.  However it’s there and it does add some peace of mind.

The power of sweep

Some Mac users are immediately going to shy away from anything Terminal related – thinking that it’s too hard.  Honestly it’s not.  Get your geek on and play with sweep!

If ‘Scan This Mac’ takes too long, or a custom scan just isn’t customizable enough for you then sweep is the answer to your prayers.

The first step is to open Terminal from Spotlight.

sweep_openingterminal

To run the sweep program simply type sweep and you’ll see the program start, list all the signature files, blurt out the usage options and then shutdown – with no scan.  This is because sweep requires options (aka parameters) to run so that it knows what you want it to do.

I’ve listed the full usage options at the end of this post, however below are a few examples you may find handy and will definitely get you started.

I want to… Run the command (all on one line)…
scan my Downloads folder (don’t take any action) sweep ~/Downloads
scan my home folder (called ‘diz’) and save a handy log to the desktop (but don’t take any action) sweep /Users/diz > ~/Desktop/savscan.txt
scan my home folder (called ‘diz’) and see what files are being scanned (handy if ‘Scan This Mac’ hangs) – but don’t take any action sweep /Users/diz/ -dn 2> ~/Desktop/manualscan.txt
scan my Downloads and take action to disinfect all malware files sweep –di ~/Downloads
scan my Downloads and take action to delete all malware files sweep –remove ~/Downloads
scan the entire main drive, disinfect what is found and log it sudo sweep –di / > ~/Desktop/scanHD.txt

Note: Using the ‘~/Desktop’ is the same as typing ‘/Users/diz/Desktop’ (where ‘diz’ is your username) and hence ‘~’ means the logged on user’s home folder.  If you prefer you can type out the full path but ~ is quicker (ie cd ~ gets you straight to your home folder in Terminal).  If you get lost in Terminal type pwd to display the folder path you are currently in – it standards for print working directory.  Changing folders in Terminal is done with cd (change directory) so you can do cd /Users/diz/Downloads to go to your Downloads folder or cd .. to move up a level to the next folder.

Full sweep usage options

  Usage: sweep [options] <path1> <path2>... <pathN> [include/exclude options]

  where <path1>, <path2>... <pathN> may refer to files, directories or
  filesystems.

  Note: With the exception of the -include and -exclude options, it does not
  matter where on the command line you specify an option: you can specify it
  before, in the middle of, or after, a list of paths. Regardless of where it
  appears, it is applied to all the paths on the command line. However, the
  -exclude and -include options control whether the paths after them are
  scanned, and therefore the position of these options does matter. If you
  specify options which have opposing effects to each other (for example,
  -archive followed by -narchive), then the latest one on the line takes effect
  (in this example, -narchive would take effect).
The following options may be prefixed with 'n' to invert their meaning
(for example, '-nsc' is the inverse of '-sc'). [*] indicates the option
is the default:

  -sc         [*] : Scan dynamically compressed executables
  -f          [ ] : Full scan
  -extensive  [ ] : Scan complete contents of files
  -di         [ ] : Disinfect infected items
  -s          [*] : Run silently (do not list files swept)
  -c          [*] : Ask for confirmation before disinfection/deletion
  -b          [*] : Sound bell on virus detection
  -all        [*] : Scan all files
  -rec        [*] : Do recursive scan
  -remove     [ ] : Remove infected objects
  -dn         [ ] : Display file names as they are scanned
  -ss         [ ] : Don't display anything except on error or virus
  -eec        [ ] : Use extended error codes
  -ext=extension,..     : Specify additional extensions to SWEEP
  -p=<file>       : Write to logfile <file>

  -idedir=<directory>   : Read IDEs from alternative directory
  -exclude        : Exclude the following objects from scanning
  -include        : Include the following objects in scanning
                    (use after -exclude)
  -v              : Display complete version information
  -vv             : Display complete version information and details on
                    extensions and archive types supported
  -h              : Display this help and exit

The following options are related to archives and other special file types:

  -zip        [ ] : Scan inside ZIP archives
  -gzip       [ ] : Scan inside GZIP compressed files
  -arj        [ ] : Scan inside ARJ archives
  -cmz        [ ] : Scan inside Unix-compressed files
  -tar        [ ] : Scan inside TAR archives
  -rar        [ ] : Scan inside RAR archives
  -archive    [ ] : All of the above
  -cab        [ ] : Scan inside Microsoft Cabinet files
  -loopback   [ ] : Scan inside loopback-type files
  -mime       [ ] : Scan files encoded in MIME format
  -oe         [ ] : Scan Microsoft Outlook Express mailbox files
                    (requires -mime)
  -tnef       [ ] : Scan inside TNEF files
  -pua        [ ] : Scan for adware/PUAs
  -suspicious [ ] : Scan for suspicious files

The following options may be prefixed with 'no-' to invert their meaning
(for example, '--no-reset-atime' is the inverse of '--reset-atime'.  [*]
indicates the option is the default:

  --reset-atime          [*] : Reset file access time after scanning
  --stop-scan            [*] : Abort scanning of files such as 'zip bombs'
                               which require excessive amounts of time,
                               disk space or memory to scan
  --ignore-could-not-open[ ] : If a file cannot be opened, don't treat it as
                               an error

The following options are Unix-specific, and may be prefixed with 'no-'
to invert their meaning (for example, '--no-follow-symlinks' is the
inverse of '--follow-symlinks'). [*] indicates the option is the default:

  --follow-symlinks      [*] : Scan the object pointed to by symbolic links
  --stay-on-filesystem   [ ] : Attempt not to leave the starting filesystem
                               (i.e. do not traverse mount points)
  --stay-on-machine      [*] : Attempt not to leave the starting machine
                               (i.e. do not traverse remote mount points)
  --skip-special         [*] : Do not scan 'special' objects (/dev, /proc,
                               /devices etc.)
  --backtrack-protection [*] : Prevent repetition of work ('backtracking')
                               due to symbolic links
  --preserve-backtrack   [*] : Preserve the backtracking information for
                               the duration of this run
  --examine-x-bit        [ ] : Check files with an execute bit set
  --show-file-details    [ ] : Show file ownership and permissions when
                               displaying filenames
  --quarantine           [ ] : (Simple form of --quarantine option)
                               If file is infected with virus, attempt to
                               change file owner to user running Sophos
                               Anti-Virus, and permissions to
                                 -r-------- (0400)

  --quarantine:<uid=nnn>,<user=user>,
               <gid=nnn>,<group=group>,<mode=ppp>
                         [ ] : (Detailed form of --quarantine option)
                               If file is infected with virus, attempt to
                               change file ownership, group ownership, and
                               permissions to those specified as
                               uid/user, gid/group, and mode.

  -move=<quarantine directory>
                         [ ] : Move infected files to a quarantine directory
  -rename                [ ] : Append filename extension 'infected' to names of
                               infected files (unless they already have this
                               extension).
  --args-file=<file>         : Read command line arguments (both options and
                               directory/filenames) from file, taking
                               arguments from the command line again when
                               the end of the file is reached. A value of -
                               for <file> specifies taking input from stdin.
                               A small number of command line options may
                               not be used within an args file, namely:-
                               -eec, -neec, -p=, -s, -ns, -dn, -ndn.
                               These can only be specified from the command
                               line.

The following options are specific to Linux and FreeBSD only.

  -mbr        [ ] : Scan master boot records on all (physical) hard disks
  -bs=X,...   [ ] : Scan boot sector of each drive listed
  -bs         [ ] : Scan boot sectors on all (logical) drives
  -cdr=X,...  [ ] : Scan boot sector in bootable image of each CD drive listed

You need to have superuser rights in order to scan boot sectors.

Posted in Antivirus for Mac, Fighting malware | Tagged , , , , , , | Leave a comment

Updating Sophos Antivirus for Mac 9

I wanted to talk about scanning a Mac for malware (I could say ‘virus’ but I don’t want to start the ‘there are no viruses for Macs’ argument.

A virus is a certain type of Windows malware that is commonly and incorrectly used – by those not-in-the-know – for different types of malware.  You may hear a friend say ‘I have a virus on my computer’.  Maybe, if it’s Windows but probably not.  Chances are it’s a Trojan or something else.

I’ll discuss malware in another post (maybe).

Anyway, before I can mention scans I should mention your antivirus has to be up to date.  It’s a waste of time to run a (possibly lengthy) scan and find nothing because the scanner wasn’t up to date.

All antivirus software needs to be up to date.  Generally speaking, the way it works is that you download and install the main scanning software and then that software has to connect back to a server (provided by the company that sold you the software) for regular updates.

You configure the software with an address to contact, a user name and a password and small signature files are downloaded.  When the antivirus software runs these signature files tell the main scanner about all the latest malware.

New nasties are being passed round the internet all the time so if you’re out of date you’re unprotected.  If you see antivirus software as a prophylactic then you have just torn a big hole in it.

So it’s important to update.  As I have Sophos Antivirus 9 installed I thought I would share the process of updating.

Sophos Antivirus for Mac 9 (or SAV 9) has signatures called IDE files and Sophos seems to release them around the clock – 24/7.  Compare that to McAfee who only releases daily and you may think it is excessive if you’re on a slow connection or have a download cap.  Not really, these files are tiny.

How to update SAV 9

Click on the Sophos shield in the menu bar and then click ‘Update Now’

updatenow

A status window appears and shows the progress.  The screen grab below shows the initial download immediately after installing SAV 9 and yes, it is large.  It’s as big as the original installer download for SAV 9.  However future updates will be small.

downloading_a_lot

Tip: If the download process seems to have hung, reboot your computer and try again.  Otherwise wait for an off-peak time when internet speeds will improve.

Once the download has completed the status windows shows you the Last Updated date and time.

download_complete

During the update the computer can slow down a bit.  Hence closing other applications and leaving the computer alone for a bit will help.  Don’t sit there screaming that the download is taking forever when you have Hulu or Netflix streaming on another computer.

Reminder: if it gets stuck reboot the computer and wait for a quieter time.

Posted in Antivirus for Mac, Fighting malware | Tagged , , , | Leave a comment

Installing Sophos Antivirus for Mac 9

Tip: In you already have SAV 8 installed on your Mac the process below still applies.  Upgrade, install – it’s all the same.

So why this post?  I was hunting around for the process of installing/updating to SAV 9 and I couldn’t find it.  The Sophos webpage for documents on the free Mac Home Edition lists a ‘Technical Guide’ for SAV 7 (dated 2010), an ‘Installation Guide’ which looks like it’s for SAV 8, and an ‘FAQ’ which doesn’t mention the steps.  I think it’s useful to check the process before attempting it so you know what’s involved.

Installation really is a breeze – no sign in, no form filling, just straight to the download – which is 117.4MB in size.  Once the file is downloaded just open Finder and go to your Downloads folder (or wherever your saved it) and double-click the file.  The custom installer immediately opens (no mounting like in SAV 8).  I say ‘custom installer’ as the program is not a self-contained app that can be dragged to your Applications folder – you must run the installer.  The key installation screens are shown below.

Introduction

install1_introduction

License

install2_license

…which you must agree to…

install3_agree

Completion

install4_successful

It really is simple.

Something went wrong

‘But wait!’ I hear your cry.  What if it doesn’t install and there are problems?  Check the very bottom of the install.log file through Console (search for ‘console’ in Spotlight) for errors and post them to the Sophos FreeTalk forum for help.  Below is an example of what to look for in the install.log – from the bottom scroll up until you see the line Installing he (that’s home edition).

console_installlog

Tip: Restart your Mac and have another go – it’s quick, easy and flushes out many problems.  You should also close any other applications that may be interfering with the install if there is was a problem on the first go.

Posted in Antivirus for Mac, Fighting malware | Tagged , , , , , | Leave a comment

Creating a custom scan with Sophos AV for Mac

Tip: If you don’t already have Sophos Antivirus for Mac 9 upgrade/download it now.

Previously I ran a scan and found a ‘threat’ (some kind of virus, trojan, malware – whatever you call it, it’s not good)…

scanthismac

So I thought I’d create a custom scan and set the scanner to remove whatever is being detected.

Tip: To create a custom scan you should click on the Sophos shield (in the menu bar), select ‘Open Scans’, expand the ‘Custom Scans’ panel and then click on the plus (+) button.

I created a scan called full and in the ‘Scan Settings’…

scansettings

…I set the folders I wanted to scan to the whole hard drive (‘/’)…

scansettings2

On the ‘Options’ tab I set what the program should do when it finds something to ‘Clean up threat’…

scanoptions

…and click ‘Done’.

In the list of custom scans I now have full listed so I click ‘Scan Now’ to start it.  Because I chose to scan the whole drive the program will have to look in all folders and hence I was prompted to ‘Authenticate and Scan all’ – if I don’t authenticate then the scanner may be prevented for going everywhere it needs to and cleaning up all the malware…

authscan

I typed in the same password used to unlock panels in system applications and away the scan went.  Job done.

Posted in Antivirus for Mac, Fighting malware | Tagged , , , , , , | 1 Comment