Discussion in 'Mac Basics and Help' started by briantroutman, Feb 11, 2014.

  1. briantroutman macrumors newbie

    Feb 11, 2014
    Like (I would assume) most Mac users, I’ve not kept a regular antivirus routine. And I’m not the blissfully ignorant sort that thinks Macs can’t get viruses—I know that they can. But I also know that the greatest part of prevention is your own behavior—not installing unknown software, not opening unknown attachments, etc.

    I did download ClamXav some time ago and ran it a few times (updating the virus definitions before each scan), never finding anything.

    I updated and ran it again today, and it found something:

    Oddly enough, the only reference I could find to this specific infection name was a list of viruses added to the ClamAV database—literally on today’s date. What are the chances of that?

    I did search for “sniperspy” and found that the company sells a variety of key-logging, screen-monitoring, and general purpose snoop-ware for different platforms. I’m assuming this is the same sniperspy; I don’t really know, though.

    The file that’s listed as “infected” is an official Adobe plug-in for an old version of Photoshop that I don’t use anymore. And revealing the file in the Finder, it still shows created and modified dates/times as the same—July 19. 2011 8:56 p.m., apparently when I installed it from the DVDs. (The exact same day and time as all of the other plug-ins in the same folder, by the way.) The only possible red flag is that the Save for Web(PS).plugin file is 11.9 MB and the others are less than 1 MB each.

    So is this a false positive? I don’t have anyone (known to me personally) that would have a compelling reason to spy on me, and they wouldn’t have the administrator password access to install anything, anyway. And how could that specific file be infected? Would the infection become activated only if/when that plug-in was used?
  2. GGJstudios, Feb 12, 2014
    Last edited: Feb 12, 2014

    GGJstudios macrumors Westmere


    May 16, 2008
    You're right that Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below).

    Yes, it's a false positive. It appears that the ClamXav has labeled SniperSpy as a virus, which it clearly isn't, although I'm sure most Mac users would want to be alerted to its presence. Also, it appears the definition is not accurate, as can happen from time to time.

    From the SniperSpy FAQ:
    If antivirus apps can falsely identify SniperSpy as malware, it's likely they can also falsely identify other files as being related to SniperSpy.

    3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

Share This Page