With the SAV7 release Sophos introduced the Sus/ detection class (Suspicious files) This is designed to cater for the more paranoid among us by utilizing looser-style generic identities. These identities detect characteristics that are deemed questionable enough to warrant concern but may not actually be of a malicious nature. The reporting of suspicious files are off by default this may change in future releases, but can easily be enabled. The modern threat landscape warrants a more aggressive approach to proactive detection which entails a higher rate of unwated detections.”]
Source: https://nakedsecurity.sophos.com/2008/05/13/the-usual-suspects/

