Most Mac users have not even seen a virus in many years. But it could happen. I’ve been trying out Sophos AV for Mac (Free) for some time now in both Mac OS X 10.6 Snow Leopard & Mac OS X 10.8 Mtn Lion. It seems to run OK, without causing noticeable problems. One of the important features of Sophos AV is that it does not need to waste time scanning the whole hard drive over & over. No, it just scans every file that you open or run. This seems like a great idea as it prevents you from running a virus accidentally.
It seemed like a great idea until I noticed that my twice weekly SuperDuper boot drive clone had been failing to complete for months. (!) The logs revealed that SD was unable to copy certain files – apparently it was losing access to the hard disk, so it halted. More interesting, these files it was losing access to were almost all located in the email spam folder. Some poking around and I figured out that Sophos AV locks access to virus infected files. Meaning that SuperDuper was being prevented from copying the files, tricking SD into assuming there was something wrong with the whole disk. AH HA!
The cure, obviously is to disable Sophos AV before running a back up. But the best, most reliable backups are the ones that run themselves on schedule. Humans can be so unreliable at backing up, even the good humans.
Happily SuperDuper can run a script before starting a backup, and Sophos AV is AppleScriptable. A perfect match! … Or so you might think. I have to admit I haven’t had a need to become proficient with AppleScript. Instead I got comfortable with QuicKeys which very sadly met its demise a few years ago. Poking around in Sophos with the AppleScript Editor showed some useful script commands, but no examples of how to use them. I asked for syntax help over at the Sophos Free Forum, but did not find resolution there. I did find other seekers looking for the answer to my question, all unresolved, and some dating back many years.
So I found another way. I used a Macro app: Keyboard Maestro. It’s really awesome.
See attached screen photo (below) of my Keyboard Maestro script that will disable Sophos AV for Mac On-access Scanning. This script is triggered by launching the backup app, or by a keystroke, or by running an AppleScript to call KM & tell it which script to run. I would use AppleScript for this except that Sophos for Mac has so little popular support that apparently nobody at Sophos nor the whole internet knows how to send it basic AppleScript commands not even “Stop On-access Scanning”. If you search the Sophos Forums you’ll see a few similar requests, left unresolved.
Anyway, I’ve found a number of uses for Keyboard Maestro, so even though it is not free, it is well worth the small price they charge for it. And there is a vibrant KM support community. Fun & powerful, but most importantly, able to resolve the problem.
I made a second, similar KM script to re-enable On-access Scanning which the backup app can activate when it is finished backing up. The only differece is the Start or Stop button, which I needed to identify by graphic appearance. Because of the non-standard way it was programmed, it is not identifiable by button label.
Because this is automated, you’ll need to save an admin username & pw in the script in cleartext. That needs to be your call, balancing your need for security against being able to run both Anti Virus and run a backup that doesn’t lose access to the disk due to AV locking files. Anyway, this is going to work for me, and I wanted to let you all know one way how to disable Sophos Anti Virus for Mac via script. And how to re-enable it again.
Click pictures to view larger