ClamXav Scan

Discussion in 'MacBook Pro' started by Classiclays, Oct 15, 2012.

  1. Classiclays, Oct 15, 2012
    Last edited: Oct 15, 2012

    Classiclays macrumors member

    Feb 28, 2012
    I did a scan and got
    filename: install-pear-nozlib.phar
    infection name: PHP.exploit.cve_2011_4153-2

    Is this a problem and should I remove it? I have no idea how I got it and what damage it does.

    EDIT: I just realized the Mac Firewall is automatically off, any ideas why? I just turned it on.
  2. alvarnell macrumors newbie

    Jan 11, 2009
    Mountain View, CA
    The Mac firewall is not needed as long as you are behind a router which has one. Turning it on will even extract a small performance hit.

    If you take your computer to Starbucks, then turn the firewall on.

    I'll provide answers to your other question on the ClamXav Forum.
  3. GGJstudios macrumors Westmere


    May 16, 2008
    It's off by default, but you should enable it. The "infection" doesn't appear to be anything that could affect Mac OS X. If you delete the file, you should be fine.

    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X 10.6 and later versions have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
    1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall

    2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General

    3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)

    4. Change your DNS servers to OpenDNS servers by reading this.

    5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.

    6. Never let someone else have access to install anything on your Mac.

    7. Don't open files that you receive from unknown or untrusted sources.

    8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.

    9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
    That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. While you may elect to use it, 3rd party antivirus software is not required to keep your Mac malware-free.
  4. Classiclays, Oct 15, 2012
    Last edited: Oct 15, 2012

    Classiclays thread starter macrumors member

    Feb 28, 2012
    Okay thanks. I have been advised to not delete it on Mark's Software (basically the ClamXav forum) since it might be a false positive.

    The user wrote, "I was able to easily locate a copy of that file on-line at, so I copied it to a text file, saved and scanned it with the same results as you got, so I'd guess there is a good chance it's a false positive."
    Edit: above quote was by alvarell, who also posted here

    Since there are no viruses on Mac, is it possible for it to get on the USB (assuming that it is a thread) I have (which I use on my PC occasionally)?
  5. GGJstudios macrumors Westmere


    May 16, 2008
    Only if you drag and drop it there.
  6. Classiclays thread starter macrumors member

    Feb 28, 2012
    That was a quick response. And thanks again. I have no idea how to even access the file and it doesn't seem to be one that I normally use (.mp4, .doc) so I should be fine.

    EDIT: Just found out alvarnell is the other person who gave me advice on the other forum.

Share This Page