The question is, do we care if we pass on Windows viruses and Trojans? After all, before we installed the new Sophos Anti-Virus, we didn’t know that much of our junk mail arrives with Trojans attached. ClamXav and iAntiVirus had sat like Bhuddists contemplating their digital navels as the Trojans slipped past.

That is the problem for British firm Sophos plc, which offers Mac users a dependable tool at a great price, i.e., free. iAntiVirus and ClamXav are also free. ClamXav is the work of another Brit: Mark Allan, who asks for donations. Mark has been making the Mac version of ClamAV for years, based on the open-source anti-virus toolkit for Unix and Windows.

We use Sophos for Windows at work, largely because it has multi-layered access points for users and administrators. Which, in effect, means “them” in IT can keep their jobs by justifying they are needed to make sure the company server is updated with the latest virus definitions.

In reality it means machines bog down as they try to access the servers at the same time as every other computer in the company. Sophos doesn’t seem to work 100%, either, or why would a lot of individual computers suddenly announce they have the lurgi or some type of virus infection?

After installing Sophos on a Mac, which has always had an anti-virus installed, Sophos found a handful of Trojans. Admittedly, they were all archived e-mail attachments, which Apple’s Mail had correctly identified as junk mail. The previous anti-virus packages had been ClamXav and iAntivirus. ClamXav had never been completely stable, scanned very slowly and had been replaced with iAntiVirus, which didn’t like running under 64-bit Mac OS X. The upshot of this is that Sophos will stay on the Mac for long-term testing.

The initial scanning of four internal hard disks, totaling 250 TB, took 36 hours. Since then, Sophos is invisible unless an infected file is downloaded or clicked on. Once a threat has been detected, Sophos can delete it, move it to a quarantine folder, or attempt to clean it up.

If files are in a Time Machine archive, Sophos cannot touch them. They have to be found and deleted manually. Path names are lengthy (too long to display in Sophos’s Quarantine Manager) and have to be searched for in the Sophos log via Console. They can then be navigated to and deleted in Time Machine using its toolbar utility. It would be much easier if clicking on the infected file listed in the Quarantine Manager opened the file’s enclosing folder. Once deleted, the filenames automatically clear from the Quarantine Manager list.

There are a few other slightly annoying glitches—for example, windows and sheets open up in awkward and unmovable positions—but in daily use Sophos is easy to use.

Copyright © 2010 Mark Tennent.