What is cxmail virus?

Results 3601 - 3620 · Support. It's either a false positive or a Windows malware attachment in email (a common occurrence for most email users. I installed an antivirus Sophos home and ran the scan. (Sophos's information page on CXmail/OleDl-BI says that it occurs in both.

Program entry point, most likely the entry point of the PE file.

A code location where a decision has been made to avoid execution of potentially malicious behavior.

Code which has been generated at runtime, often referred to as unpacked or self-modifying code.

Code section which is responsible for unpacking or decrypting a portion of dynamic code.

Code which has been executed at runtime.

Code which has not been executed at runtime.

Code for which it is unknown if it has been executed or not at runtime.

Code which matches a behavioral signature.

Path through the execution graph which shows a lot of behavior (e.g. with respect to called API functions).

Effective defenses against software malware and other threats

more

ONLY an Example-

i.e. if you download an attachment from outlook and open in word it is where you saved it, plus in the temp folders for word.

If you opened it through outlook via preview it would be in the temp folders for outlook.

There is a Sophos page here: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/CXmail~EncDoc-B.aspx

Here: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/CXmail~EncDoc-B/detailed-analysis.aspx

What I have been trying to figure out is.  Does Sophos give malicious code their own Sophos approved name or is this something generic used everywhere, each time I search for them the only reference I find is Sophos which leans me towards their own naming.

Ignore what you've been told. AV is important. Whilst it's true that Word Macro Viruses are unlikely to harm Mac users (unless potentially you're running Windows Word in Parallels / VMWare Fusion), it is never a good idea to leave malware lying around. False positives are always possible however it's quick and easy to check - did the document come from someone you know? Were you expecting it? If so, get them to validate the document. If not then not only is is spam, it's likely malware.

I run Sophos AV for Mac and it does NOT slow my machine down - even in high performance scenarios like gaming or HD Video editing, I have benchmarked with and without and found no difference.

Contrary to the "advice" from others, Mac Malware does exist and is growing. Apple is doing a fantastic job at protecting users from huge numbers of malware threats through systems like Gatekeeper (only download and run apps which are signed and therefore likely clean) however even that is not fault-proof as a recently compromised download of "Transmission" proved - the software author got compromised and they managed to sign and distribute malware-laden software. In their defence, they fixed this REALLY quickly. Most Mac Malware (so far) has been transmitted through pirate software where a user has had to over-ride GateKeeper. However, Windows Crypto-ransomware variant Locky generated over US$325mil in ransoms from Windows users in 2015. How long until something clever hits MacOS?

Apple is also doing a good job at adding known malware into it's XProtect function, but Apple is not a Security Company. It is very good that the core OS will do what it can to protect users however security companies like Sophos live and breathe AV protection and therefore they will be more dynamic at finding and protecting against new things.

Modern AV systems have a spectacularly low false positive rate.

Macs are not immune. The more that people band around this nonsense that they are, the easier it will be for hackers to compromise systems. Do a quick Google search for Mac Malware or Mac Ransomware and you'll see articles from plenty of companies about the rise of attacks.

Sophos are giving Mac (and Windows) AV away for free to home users so they're not trying to make you buy something. This isn't a money maker for them in the home user space.

So. To answer your original question, Sophos will (by default) detect and quarantine the malware. You can then open the preferences and clean the threat. If for some reason the AV was unable to automatically clean this, you will be told the path to the file so that you can delete it yourself.

Even if the threat does not affect your machine, it could affect someone else's so it's best to not harbour it. It's like saying "I've got this tumour but it's benign so I'll just leave it there. It probably will never become cancer...".

I know this is a very late reply but sadly I only just found your post.