ClamXAV detected infection...false positive?

Discussion in 'Mac Basics and Help' started by xTRIGGER092x, Feb 26, 2012.

  1. xTRIGGER092x macrumors regular

    Joined:
    Jul 21, 2011
    #1
    I just did one of my occasional virus scans on ClamXAV, and it found a file infected with a certain CVE_2012_0754-5. However, the file in question wasn't in some odd place; it was an .m4a in my iTunes Music folder. Considering I've had this file for months and done scans since without anything picked up, and the fact that this is an iTunes-purchased song, I can't help but think that there's nothing wrong with the file and that this is a false positive. But, there's the chance it isn't, too. So, I ask you, what's the best course of action in this situation?
     
  2. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #2
    Considering there are no actual OS X viruses for ClamXAV to reference, I would just ignore it for now.
     
  3. alust2013 macrumors 601

    alust2013

    Joined:
    Feb 6, 2010
    Location:
    On the fence
    #3
    I'm not sure what it thought it detected, but if you bought the song from itunes, it's fine, and probably would be fine even if you hadn't.
     
  4. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #4
    I'd delete ClamXav and move on, but that's just me. :p
     
  5. xTRIGGER092x thread starter macrumors regular

    Joined:
    Jul 21, 2011
    #5
    Maybe not for OS X, but I do have Windows computers on my network, so if it is an infection, I'd prefer to get it taken care of.
     
  6. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #6
    It may be a Windows virus, but unless that file has been modified since the last scan, I still think it isn't anything to worry about.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    You need to update your Adobe software.

    http://www.adobe.com/support/security/bulletins/apsb12-03.html
     
  8. xTRIGGER092x thread starter macrumors regular

    Joined:
    Jul 21, 2011
    #8
    I just did, and it still detects the infection in the song.

    Also, I put the file on a flash drive and scanned it with Microsoft Security Essentials on my Windows PC, and it detected nothing, so, yeah. I guess it's a false positive?
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    Sounds like a false positive. What exactly does it show about the file?
     
  10. xTRIGGER092x thread starter macrumors regular

    Joined:
    Jul 21, 2011
    #10
    Nothing except the file name (a song), the path (Music subfolder in iTunes), and the infection (CVE_2012_0754-5).
     
  11. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    As I thought. That's not an infection. It's not malware of any kind. It's a vulnerability in Adobe software. To get rid of the false positive, you can import the song into iTunes and create a new copy (iTunes > Advanced > Create xxx version) (where xxx is your preferred file type.)
     
  12. xTRIGGER092x thread starter macrumors regular

    Joined:
    Jul 21, 2011
    #12
    That's good, but the copy also had the vulnerability detected. Would it work if I just deleted it, then redownloaded the song from iCloud?
     
  13. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #13
    Yes, that should do it.
     
  14. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    You can certainly try that, but if it doesn't work, use an app like Audacity to create a new file.
     
  15. xTRIGGER092x thread starter macrumors regular

    Joined:
    Jul 21, 2011
    #15
    Yeah, that oddly didn't work, lol. I might do that, or just make the vulnerability an exception.
     
  16. MrFaceless macrumors newbie

    Joined:
    Mar 1, 2012
    #16
    More False Positive

    Hey, sorry for resurrecting an old thread, but i would like to add that i am receiving the same infection code for my Bjork album "Biophilia"
    Either ClamXav seriously found something or is telling me it doesn't like Bjork (yet it didn't detect it on her other albums lol) Is anyone else getting false positives on anything else that is obviously not infected?
     
  17. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #17
    It's definitely a false positive, as there is no Mac OS X malware in the wild that is found in music files.
     

Share This Page