This story couldn’t be more perfect for a Friday. Sophos, a leading anti-virus provider, issued its detection updates as usual yesterday, and while this usually goes off without a hitch, there was a problem with this one. Somehow, the update managed to begin detecting Sophos itself as a virus. Shh/Updater-B, to be exact (I guess we’re to keep it quiet?).
If that’s where the story ended, it wouldn’t be quite so humorous. What makes it so is that this resulted in Sophos essentially purging parts of the application, causing it to simply remain corrupted and unuseable. While Sophos eventually released another update that either fixed or prevented the issue (depending on whether you were quick to grab the original), those who were already affected didn’t receive it – on account of their scanner being broke.
Sophos updated its support article, though, stating that if you had Live Protection turned on, and the Cleanup Setting is “deny”, you should be fine. If for some reason your scanner is still broken, there are further links to in the article that might be able to help. In the worst case, I’d assume a re-install of the application would be required.
It hasn’t become clear exactly how this happened, but this is in effect one of the worst nightmares a virus-scanner provider can experience, especially since much of Sophos business is in the enterprise. I wouldn’t expect this issue to go down easy with some companies.