Windows Thread, Sophos false positives in Technical; I have had a number of virus alerts from Sophos v7 this morning of the form: Virus/spyware 'W32/Sohana-AR' has been ...
17th January 2008, 10:57 AM #1
- Rep Power
Sophos false positives
I have had a number of virus alerts from Sophos v7 this morning of the form: Virus/spyware 'W32/Sohana-AR' has been detected in "file.exe", where the files in question are scripts I wrote myself and compiled using Auto-it. The suposed malware is a network worm not an .exe infector, so I am pretty sure this is a false positive.
Has anyone else had a similar experience with the latest Sophos update?
17th January 2008, 11:00 AM #2
Yes, Sophos detected the autoit v3 setup.exe as containing W32/Sohana-AR here. I assume it was tripping up over the example scripts in the archive.
Virus/spyware 'W32/Sohana-AR' has been detected in "C:\Documents and Settings\Administrator.CARRHILL\Desktop\autoit-v3-setup.exe\FILE:0385". Cleanup unavailable.
Infected file "C:\Documents and Settings\Administrator.CARRHILL\Desktop\autoit-v3-setup.exe" has been deleted.
17th January 2008, 11:54 AM #3
Oh yes, I've had quite a few PCs Blue Screen on me after applying the latest updates. Sophos also maxed out the CPU on our MIS server Monday. The last false positve I got was on the peazip utility which I reported to them.
I have loads of AutoIT scripts doing bits and bobs on our network so I'll double check. Thanks for the heads up.
17th January 2008, 05:55 PM #4
- Rep Power
I've just had a reply from Sophos as follows:
I've done the update & rescan, and my utilities are no longer detected as malware. Hopefully that should also fix the problem for others.
There was indeed a false-positive report on W32/Sohana-AR which has now been corrected. Please ensure that you have all the latest IDE files applied and re-scan the files. They should no longer be detected.
17th January 2008, 08:40 PM #5
That was quick !! Last time I sent them a false positive it took quite a few E-mails and attachments to convince them.....
17th January 2008, 09:13 PM #6
Must admit Sophos is about to be screamed at, its gobbling up well over 100mb physical ram on my box every day again Kill the Savadmin server and it drops to 40 which is better than 100
By mattx in forum Windows
Last Post: 5th January 2010, 04:21 PM
By nawbus in forum Windows
Last Post: 25th April 2007, 09:02 AM
Last Post: 13th February 2006, 05:05 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread