+ Post New Thread
Results 1 to 6 of 6
Windows Thread, Sophos false positives in Technical; I have had a number of virus alerts from Sophos v7 this morning of the form: Virus/spyware 'W32/Sohana-AR' has been ...
  1. #1

    Join Date
    Oct 2005
    Location
    West London
    Posts
    55
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Question Sophos false positives

    I have had a number of virus alerts from Sophos v7 this morning of the form: Virus/spyware 'W32/Sohana-AR' has been detected in "file.exe", where the files in question are scripts I wrote myself and compiled using Auto-it. The suposed malware is a network worm not an .exe infector, so I am pretty sure this is a false positive.
    Sophos Linky
    Has anyone else had a similar experience with the latest Sophos update?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Yes, Sophos detected the autoit v3 setup.exe as containing W32/Sohana-AR here. I assume it was tripping up over the example scripts in the archive.

    Code:
    Virus/spyware 'W32/Sohana-AR' has been detected in "C:\Documents and Settings\Administrator.CARRHILL\Desktop\autoit-v3-setup.exe\FILE:0385". Cleanup unavailable.
    
    Infected file "C:\Documents and Settings\Administrator.CARRHILL\Desktop\autoit-v3-setup.exe" has been deleted.

  3. #3

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,228
    Thank Post
    1,051
    Thanked 1,065 Times in 623 Posts
    Rep Power
    739
    Oh yes, I've had quite a few PCs Blue Screen on me after applying the latest updates. Sophos also maxed out the CPU on our MIS server Monday. The last false positve I got was on the peazip utility which I reported to them.
    I have loads of AutoIT scripts doing bits and bobs on our network so I'll double check. Thanks for the heads up.

  4. #4

    Join Date
    Oct 2005
    Location
    West London
    Posts
    55
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Smile Update

    I've just had a reply from Sophos as follows:
    There was indeed a false-positive report on W32/Sohana-AR which has now been corrected. Please ensure that you have all the latest IDE files applied and re-scan the files. They should no longer be detected.
    I've done the update & rescan, and my utilities are no longer detected as malware. Hopefully that should also fix the problem for others.

  5. #5

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,228
    Thank Post
    1,051
    Thanked 1,065 Times in 623 Posts
    Rep Power
    739
    That was quick !! Last time I sent them a false positive it took quite a few E-mails and attachments to convince them.....

  6. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Must admit Sophos is about to be screamed at, its gobbling up well over 100mb physical ram on my box every day again Kill the Savadmin server and it drops to 40 which is better than 100

SHARE:
+ Post New Thread

Similar Threads

  1. Sophos Does It Again !!
    By mattx in forum Windows
    Replies: 31
    Last Post: 5th January 2010, 03:21 PM
  2. Virus False Positive?
    By nawbus in forum Windows
    Replies: 3
    Last Post: 25th April 2007, 08:02 AM
  3. Sophos
    By andy in forum Mac
    Replies: 2
    Last Post: 13th February 2006, 04:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •