I was browsing the Web yesterday, and all of a sudden I got a message from Safari stating that my comp. was infected with a virus. I quickly ran a scan with ClamAv, and found a Trojan virus hiding among my personal files. I used ClamAv to quarantine the virus, then I tossed the virus containing file into the trash. I emptied the trash and ran the ClamAv again too see if I had in fact removed the virus. Which, I did....
My question is: Is ClamAv a good antivirus utility, and did I follow the correct procedure to get rid of the virus??
As stated, if it came from Safari, it would have been a bogus scam ad aimed at getting you to install a rogue Windows spyware program. Javascript attached to a picture link on Myspace could have done it. ClamXav finding something is a coincidence as you got spooked into doing a scan. As it was among your personal items (Documents folder, Downloads folder etc), it means it wasn't installed, but could have been anything with a hidden Windows virus/trojan downloaded or given you from somewhere. An MS Office file can contain a Macro virus, which can spread on version of Office supporting Visual Basic, but not affect Mac systems. I've seen one spread across a network of Macs programmed to erase the C drive on a certain date, though obviously it would have been ineffective on the Macs. A Word document can be cleaned, for instance by disabling Macros, trashing the Normal template, and copying the contents over to a new document and saving, but generally deleting infecting files is a wise move.
If ClamXAV could detect the trojan, then it was a Windows trojan. ClamXAV does not detect OS X threats.
Apart from the Leap-A Trojan it doesn't, unfortunately. The ClamAV people were sent a sample of the virus early on, but so far ClamXav doesn't detect the original iServices Trojan, which I downloaded specifically to test on. I might track down a copy of the CS4 variant as well. McAffee on my PC detects and removes it if I copy it over.
ClamAV is an opensource project by volunteers, so it's hard to cast blame, but it does point out you cannot rely on it.
VirusBarrier has been reported by people here to have stopped the original iServices Trojan when it came out, and Indigo are the ones who found the CS4 variant as well. There is also
MacScan.
r.j.s said:
There are 0 viruses, look up the definition if needed, in the wild for OS X. There are a handful of trojans, ALL of them require the admin password in order to install, and NONE can replicate.
...Leap-A is NOT a virus. It's a trojan
Semantics are irrelevant. Whether it is self-replicating or needs user interaction to download and install, the end result is the same. Whether it relies on a browser plugin vulnerability or social engineering, it can still be devastating. From what I remember, Leap-A was reported by some forum members to not have asked for a password, and it did spread on the local network, and if not for flaws in its coding, could have done worse.
Eddyisgreat said:
Oh yeah, Macs' can't get viruses. OS X/UNIX != Windows. You can't even sneeze outside your home directory on a *nix box without going SU first.
Unix Elitism, lol. That's like saying Unix can't get hacked. Assuming that Unix programmers are perfect and don't inadvertently introduce security vulnerabilities belies the fact that there are regular security updates to fix buffer overflows and other permission escalation threats. Not to mention vulnerabilities introduced by 3rd party programs, like Flash, or Apple's own, Quicktime.
Turmoil said:
There is ZERO need for virus software for the Mac
um, right. Stick your head back in the sand.
Personally I only have ClamXav, as I don't want to pass on Windows viruses, least of all to my own PC, and have it set to scan downloads from Firefox. I have no real-time protection installed, as I am loath to put it on unless I feel I really need it.