X

OSX/Inqtana.A, OSX/Inqtana.B worm (#3): Sophos fixes false positive flaw

OSX/Inqtana.A, OSX/Inqtana.B worm (#3): Sophos fixes false positive flaw

CNET staff
2 min read

As we noted yesterday, Sophos' AntiVirus software was generating false positives for the "OSX/Inqtana.B worm", invoking users to delete critical application and system files and causing serious issues.

The company has now fixed the issue (actually, a patch was issued only a few hours after the release of the flawed definition) and users now report running Sophos AntiVirus without generation of false positives.

In a statement, Sophos says:

"Sophos apologizes for any inconvenience that this problem has caused. Measures have been put in place to ensure that the problem does not occur again. Any customers who require further guidance are recommended to contact Sophos Technical Support."

Still, many users did not receive the second patch until it was too late.

One reader writes:

"Indeed Microsoft, Stuffit and Adobe applications where soon in a fine mess and not usable at all. From the ± 190.000 files scanned with Sophos there were about 43 files infected and deleted in the same sweep. After the "virus" was removed/deleted by running Sophos a couple times, and bearing in mind that in the worst case I had to rebuild the Mac I simply started to test which programs where not usable or responding.

"All the Stuffit related programs I had to reinstall, and in my case reinstalling the latest update for the Microsoft Office application, was enough to make things work again, hence, I didn't have a lot of time to test it all proper, but they are at least accessible and one can work in it."

This issue should serve as a reminder to refrain from enabling automatic deletion of "infected" files in AntiVirus scanning software, opting instead to manually delete such items after verifying the possibility of infection.

In this case for instance, no user running Mac OS X 10.4.5 could possibly have been infected with the Inqtana worm in its current known forms, so a report of infection on a system running Mac OS X 10.4.5 should raise suspicion.

Feedback? Late-breakers@macfixit.com.

Previous coverage:

Resources

  • Late-breakers@macfixit.com
  • OSX/Inqtana.A, OSX/Inqtana...
  • OSX/Inqtana.A worm affects...
  • More from Late-Breakers