04-16-2012 06:53 AM
I recieved this virus in an email attachment without warning. It came in via a standard account user. My back-up software was denied access to copy it. This is how it was discovered without any warning from Sophos. I know this is a Windows virus and doesn't affect the Mac, but still I should recieve an alert that Sophos qurantined it.
04-16-2012 10:50 AM
I had a Sophos notice this AM that this same virus had been found and placed in quarantine
When I opened the quarantine folder, the virus was listed. But it disappeared within 5 seconds! All by itself.
The log shows that the virus was indeed found.
Sophos tech support would not comment on this, but referred me to this forum.
A second complete scan failed to detect this virus.
04-17-2012 05:29 AM
one reason for an item to disappear is that the threat is no longer found by QM when you open it. This can happen when the threat is detected in a cache or temporary location and later deleted by the application which stored it. Deletes are not blocked or intercepted so QM isn't notified of this - but it checks for the existence of the files when it is opened and prunes the list (i.e. removes the items for which it is safe to assumed to be no longer there).
Another possible reason (but it doesn't apply in your case) is that the detection triggers a more complex cleanup routine which takes some time to complete. From detection to cleanup completion the item will appear in QM.
BTW: it is not a quarantine folder, what's displayed when you open Quarantine Manager is the list of detected and presumably still existing threats.
04-17-2012 05:05 PM
04-17-2012 05:36 AM
if the attachment is not "read back" after it has been written to disk it is not scanned. I assume it was SAV which denied access but when it did so you did not receive a desktop alert? Was this a scheduled back up and under which account does the software run?