Run Clamxav to DAMAGE hard drive?

Discussion in 'Mac Apps and Mac App Store' started by 030108, Mar 2, 2008.

  1. 030108 macrumors member

    Joined:
    Mar 2, 2008
    #1
    Installed and ran Clamxav on my C drive under my standard user account. My C drive is where leopard and all my apps, etc, are installed.

    It found 3 infected files in Thunderbird 2.0.0.12 which were 2 phishing attempts and 1 domain spoof.

    Before I ran Clamxav my C drive looked like:
    ( > means folder; without means file)

    >Applications
    >Library
    >System
    >User Guides And Information
    >Users

    After I ran Clamxav my C drive is scrambled: ?
    (numerous new folders and files have appeared)

    >Applications
    >builtin
    CHANGELOG
    >configs
    >dispatches
    >doc
    >environments
    >examples
    fresh_rakefile
    >helpers
    >html
    >lib
    >library
    LICENSE
    MIT-LICENSE
    NEWS
    Rakefile
    README
    >System
    >test
    THANKS
    >User Guides And Information
    >Users

    From my perspective it looks like running Clamxav on my C drive has scrambled/screwed it up.

    My time machine backups confirm the change in my C drive as corresponding with my running Clamxav.

    I am making this post online with the machine that I ran Clamxav on so, so far, it seems to be working as usual, but my C drive was never like that before.

    Are the new folders and files that appeared when I ran Clamxav newly created or did they already exist on my C drive and Clamxav moved them from their proper/original location? Are the newly created folders and files leftovers that Clamxav should have deleted?

    Any information and help regarding this would of course be very much appreciated.

    note: I am new to Apple Computers/Apple Operating system. The Macbook is essentially new so I would like to determine if Clamxav has caused damage that requires me to, either, reinstall Leopard or restore from Time Machine backup.

    I am not sure if I should trust restoring the C drive from the Time Machine backup, but, whatever the case, I want to reinstall or restore now because I am just learning Apple so I have not put a lot of stuff on the macbook at all. I don't relish the task of reinstalling, but I would rather do it now if this Clamxav thing has caused me a problem.
    _________________
    macbook: 4mb - 250gb - leopard

    Opera 9.26 (primary)

    Firefox (was primary until checked secunia.com for unpatched issues)

    Thunderbird 2.0.0.12

    NetbarrierX4 (30 day trial)
    VirusbarrierX4 (30 day trial)

    More information regarding my problem here:
    http://www.markallan.co.uk/BB/viewtopic.php?t=1215&start=0&postdays=0&postorder= asc&highlight=&sid=37fcdfb445e7319a193f19ec538ac91 3

    and here:

    http://forums.macnn.com/82/applications/363220/run-clamxav-damage-your-hard-drive/#post3613743

    note: I posted the links to more information, if anyone here feels that they can help me, because I am trying not to re-type the considerable amount of information about the issue that I already typed at those forums.
     
  2. karenflower macrumors 6502a

    karenflower

    Joined:
    Dec 7, 2007
    #2
    Hmm. I had a look at the links you provided and it looks like the conclusion has already been found - Ruby on Rails was installed in that directory. I don't see the connection to ClamXav, so it should be alright for you to just delete those files you don't want.

    If you did delete them, and rescanned your hard drive, it would be interesting to see if they returned.
     
  3. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #3
    RoR should be moved to its own folder in the ~/Applications directory ("~" indicates the User directory - you). ClamXAV shouldn't have relocated all that to your root; are you positive you didn't download that and specify root? You shouldn't ever send anything there, it will make a mess of things real quickly.

    BTW, even though we know what you mean by "C" drive, there's no such animal on a Mac (or any *nix OS). Get a basic primer on Unix/BSD file structure for info - it's pretty specific as to what needs to be where, and is build to keep you out of trouble.

    What you had in the first part of the post shows the root level (I'll add where your downloaded applications should normally go):
    >Applications
    >Library
    >System
    >User Guides And Information
    >Users >Your Username>Applications
     
  4. 030108 thread starter macrumors member

    Joined:
    Mar 2, 2008
    #4
    Thankyou for replying karenflower.

    What is Ruby on Rails?

    Did it come with Leopard?

    I was just thinking about copying those folders/files out and working without them for some days or a week or so to see if a problem occurs.

    The macbook is essentially new and I don't have a lot of stuff on it, but I just don't feel like reinstalling if I do not have to; although, I would probably be more comfortable just reinstalling instead of restoring from Time Machine. I did only scan the drive I named C drive(root drive) with Clamxav; so, if I can put things back the way they were by just removing those files/folders I guess I will. I just want to be confident that the only screwed up issue is those folders/files else I should just reinstall.

    On the other hand, I am trying to make a decision and, regardless of whether they are a problem or not, I would like to understand how the hec they got there and that is why I keep probing(asking questions) at various forums. It is in an effort to, at least, know the "mechanism" of what Clamxav did wrong even if I am going to abandon Clamxav in favor of Intego virusbarier/netbarrier or something and even if I do not completely understand every detail.

    I was really hoping that by describing the problem with the level of detail that I have some expert would instantly understand exactly and definitively what happened. That has not happened yet and it does not look like it will.

    I hate just leaving such things as a mystery in my mind because then I am apprehensive about inadvertently recreating conditions where the same thing could happen again. If some problem happens to me once I like to be able to take steps to rule out the possibility of it happening again so I don't waste my time later.

    The machine that this has occurred on is the same one I am making these posts, etcetera, with and it does not seem to be functioning any differently at all. I suppose if those folders/files were moved from somewhere else on my root drive, as opposed to copied or just created by Clamxav, I would be experiencing obvious problems when the app that needs those files does not find them where they are supposed to be.

    Again, what is Ruby on Rails? Did it come with Leopard?
     
  5. karenflower macrumors 6502a

    karenflower

    Joined:
    Dec 7, 2007
    #5
    Please calm down. Your Mac is fine, you don't need to reinstall anything. :) Ruby on Rails (from what I can gather) is something that helps programmers make their code - we don't know how it got on your drive, but it's not harmful. It does not come with Leopard, no.

    Is it possible that somebody else used your Mac and downloaded it? In any case, it really is fine for you to just delete these extra files and carry on as normal. Crisis averted! :D

    Btw: Macs are pretty well protected, the majority of people don't use any anti-virus software and are fine. There are very few, if any, viruses out there that could do damage. It would be fine to delete ClamXav too if you're still worried.
     
  6. 030108 thread starter macrumors member

    Joined:
    Mar 2, 2008
    #6
    >...are you positive you didn't download that and specify root?

    Really I am. I am very careful. I don't just click on stuff and I read alerts/messages and write them down if I don't understand.

    I have installed a number of apps on this macbook with no problems. I click on the .dmg file and then take the resulting .app file and put it in my applications folder. I chose to show my file extensions in my applications folder and elsewhere to make things even more "fool proof" for myself. Really, I just dump whatever .app file, as indicated, in the applications folder that shows a whole lot of other .app files because I opted to show the extensions.

    I actually had Clamxav installed for about 3 weeks on this macbook before I reinstalled Leopard. I reinstalled because I considered what I was doing, as a new Apple user, before the reinstall as "playing" around. I even stayed off the Internet during that period until I had more of an understanding of things in my own mind.

    Anyway, I did not experience any problems whatsoever, but I felt more comfortable just reinstalling before I started serious use of the macbook.

    Reinstalling seemed so easy that I even liked it. By the way, I reinstalled about 4 weeks ago; long before I installed a number of third party apps.

    The only time I deviated from what Clamxav instructions said was when I did the following: (I copied scanwithclamxav.plugin to cdrive/library/contextual menu items/ instead of doing what Clamxav stated below.)

    How to install the "Scan with ClamXav" contextual menu plugin.
    In the Finder, go to the Go menu and choose Home.
    Open the Library folder which is in there.
    If you don't see a folder called "Contextual Menu Items" within that Library folder, create a new folder now and name it exactly:
    Contextual Menu Items

    Copy "ScanWithClamXav.plugin" to that Contextual Menu Items folder.

    Log out and back in again to load the plugin.

    You may now control-click on any item(s) you have selected in the Finder and scan them directly with ClamXav.

    (I copied scanwithclamxav.plugin to cdrive/library/contextual menu items/ because that is where I found the virusbarriercm.plugin and it seems to be working correctly.)
     
  7. 030108 thread starter macrumors member

    Joined:
    Mar 2, 2008
    #7
    >Is it possible that somebody else used your Mac...

    No. Password protected and I am the only one around my machine. Even if I have guests over I don't let anyone use my computer(s) or network to them and if I am entertaining my computer room is locked.

    I never entertain though and, over about 15 years, I have invited about 5 people into my home tops on about 3 or 4 occasions at most for one of those people. I am really not a social person.

    If a repair person comes out I am there looking over his or her shoulder.

    >It does not come with Leopard, no.

    You really have answered what was nagging me. There is no way I would have Ruby on Rails around based on your description of its use, but even more so because I did not even know what it was. If I downloaded it I would, AT THE LEAST, recognize its name.

    You answered my question. My Clamxav installation "package" installed it; either, the application itself installed it or the clamxav engine installed it. Obviously, it was probably an error, but that is definitely how this happened.

    Thankyou for solving this who dunnit karenflower.
     
  8. karenflower macrumors 6502a

    karenflower

    Joined:
    Dec 7, 2007
    #8
    That's alright, I'm glad you've got it solved finally. :) Yay!
     
  9. Cromulent macrumors 603

    Cromulent

    Joined:
    Oct 2, 2006
    Location:
    The Land of Hope and Glory
  10. kuwisdelu macrumors 65816

    Joined:
    Jan 13, 2008
    #10
    Apparently he named Macintosh HD "cdrive."
     

Share This Page