Sophos Antivirus for Mac shows ‘Issues detected’

Let me set the scene: You’re happily running a scan with Sophos Anti-Virus for Mac 9…

scanthismac_running

…and before the scan completes you see a warning in the Scans window that says Issues detected

scanthismac_running_issuesdetected_hightlighted

The questions now are: What are these issues detected?  How do I fix them?  Why does the scan report Issues detected and then also No threats found?  Surely the only issues should be that the scan found threats right?

Spoiler:  These issues are nothing to worry about.

The ‘issues’ are caused by the scanner finding encrypted and/or corrupt files and simply not being able to access them.

On your Mac there will be a number of encrypted files and the scanner is not able to access them because they are…encrypted.  Protected.  Locked.  It should not be able to access them otherwise what’s the point of the file being encrypted?  If SAV can break in whenever it wants and have a peek then so can other programs and the encryption is pointless.

Your Mac is also going to have a few ‘corrupt’ files.  Well…they may not be exactly corrupt.  The structure of the file – or more precisely the file header – is not recognizable to Sophos Antivirus.

When any application (like SAV) ‘reads in’ a file it expects certain information, in a certain order. Usually there is a header, where global information about the particular file is kept.

If this information is not what SAV expects then the file is deemed corrupt.  In actuality the file is most likely a system file or a file called only by a particular program that knows how to access or use it – nothing other than that program may be able to work with the file.

So shouldn’t you worry that Sophos didn’t scan these files?  They could be malicious right?  You don’t need to worry.  Yes SAV didn’t scan the file, however the file itself cannot run on its own and hence cannot cause a problem to your computer.

I did say that the file could be called by another program, so maybe that program is malware?  Maybe but if it’s able to run (execute on Mac OS X) then it has to properly present itself to the operating system and hence it cannot appear as a ‘corrupt’ file and therefore SAV would properly scan that program.

So the takeaway from this is:  You’re absolutely fine.  Don’t worry.

I want to see these corrupt and encrypted files

A reasonable request.  Open Console from Spotlight…

utility_open_console

From the left-hand menu select the Sophos log for the type of scan you ran.

In the screenshot below the ‘Issues detected’ was reported during a ‘Scan this Mac’ scan and hence is under the Scans > Scan Local Drives section.  If you run a custom scan the log would be listed under ‘Scan’ > theNameYouGaveTheScan.

scanthismac_consolelog_corruptfile

Recreate the problem with sweep

You can recreate the behavior with the command line version of Sophos Antivirus (sweep).  Open Terminal…

sweep_openingterminal

…and then type in the command below and press enter.

sweep /Library/Caches/

Tip: If you don’t see any errors try another folder like /Library/ (without the Caches/ bit) for example.

The program will quickly run a scan on the Caches folder and you will see something like this in the scan summary in the Terminal window…

5628 files swept in 25 seconds.
4 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.

The ‘X errors were encountered’ is the same thing as the Issues detected message that is reported in the graphical frontend of SAV – sweep doesn’t report anything to the frontend so Terminal is the only place you’ll see issues for this scan.

Above the scan summary you will be able to see the actual files that caused the errors.  It will be different messages for different computers but you may see Could not open messages etc.

Again: Don’t lose any sleep over these messages.

Advertisements
This entry was posted in Antivirus for Mac, Fighting malware and tagged , , , , , . Bookmark the permalink.

7 Responses to Sophos Antivirus for Mac shows ‘Issues detected’

  1. wmcp4short says:

    You’ve answered my question. Thank you.

  2. RockRacoon says:

    WOW, what a GREAT RESPONSE!! Thanks for the detailed but easy-to read help – even I as a tech-challenged user found this extremely helpful!!

  3. pomonaljane says:

    Yes, that’s a very clear explanation, and helped me to.
    But this is what happened with my very first scan after downloading SA for Mac: when my ‘issues’ were detected the scan paused with 99,000 files remaining. The scan just didn’t finish, the blue line stopped progressing. The ‘stop scan’ button didn’t respond. I had to quit the program manually. Same thing happen with second attempt next day. Any thoughts?
    Many thanks.

  4. Rob Sayre says:

    My Sophos is stuck in the middle of a scan. Do I need to delete it and reinstall?

  5. Paul Christie says:

    Very helpful comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s