Anti Virus 2008 and 2009

Similar Messages

• I have a 6.1.6 MAC desktop and my bank has recommended anti-virus software and turn on Firewall - require advise please

  I have a 6.1.6. MAC desktop and my on-line bank has recommended I download  separate anti-virus software and turn on Firewall
  Please advise
  Thank you
  Karinband

  I concur with Etresoft. If they persist in their demands for you to install AV software and turning on a firewall, ask to speak to a manager of the bank and suggest to them that you are seriously considering changing banks. That usually changes their tune.

• HT203163 I cannot access iTunes store from my laptop. I could for years but suddenly - no. Have removed all recently installed software. Have uninstalled and re-installed both my anti-virus software and iTunes. Have allowed pop-ups. Have flushed the DNS.

  I cannot access iTunes store from my laptop. I could for years but suddenly - no.
  Have removed all recently installed software. Have uninstalled and re-installed both my anti-virus software and iTunes.
  Have allowed pop-ups.
  Have flushed the DNS. Nothing.
  Still can't access the store. Please help!

  Close your iTunes,
  Go to command Prompt -
  (Win 7/Vista) - START/ALL PROGRAMS/ACCESSORIES, right mouse click "Command Prompt", choose "Run as Administrator".
  (Win XP SP2 n above) - START/ALL PROGRAMS/ACCESSORIES/Command Prompt
  In the "Command Prompt" screen, type in
  netsh winsock reset
  Hit "ENTER" key
  Restart your computer.
  If you do get a prompt after restart windows to remap LSP, just click NO.
  Now launch your iTunes and see if it is working now.
  If you are still having these type of problems after trying the winsock reset, refer to this article to identify which software in your system is inserting LSP:
  iTunes 10.5 for Windows: May see performance issues and blank iTunes Store
  http://support.apple.com/kb/TS4123?viewlocale=en_US

• Anti virus software  and patching os

  Can anyone tell me their views on anti virus software running on a database server? We are windows 2003 / 11g.
  I have not allowed it in the past but our networking folks think we should have it installed so we can at least scan the C: drive.
  Also, what is your policy for updating the OS. I currently do not update the OS unless I have a know issue. Others seem to think this is crazy but this policy has worked well for the last 3 years. I should add that we replace our databases every 4 or 5 years and they are all behind two firewalls - access is only thru the web app or file server.
  I would be very interested in other's policies.
  Thanks,
  Kathie

  Personal opinion: I'd never put AV on a proper, production Oracle server -and by "proper", I essentially mean what you indicate: it's not accessible directly by the public; it's behind firewalls; it has no functioning connection to the Internet etc etc etc
  We also disable automatic updates on all our Windows servers, because otherwise there's a tendency for a production database to die unannounced as the automatic updates kick in!
  As for manual updates: we tend not to bother on a routine basis. We've fully patched a server when we were planning to take it offline for other reasons (an Oracle CPU patch, for example), so periodically everything becomes as up-to-date as it can. But during normal running, we just let it run without interruption (i.e., without updates) for as long as we can. Only

• Anti virus - detect and delete - in Snow leopard

  Hello
  They say Snow Leopard has excellent built in anti-virus software, but I'm not sure. I just taken a job to the printer and his PC virus detection said I had serious virus problems on my Mac.
  This seems likely, and could explain the problems I've been having with OS applications like Fontbook - it's so slow it's useless. And Adobe CS3 is also playing up, I have to force quit programs, they work OK for a while, then the most basic elements of the application fail (like quiting, and cropping in Photoshop).
  I have spoken to Adobe (useless) and I have reinstalled the OS, and CS3.
  How can I check and eliminate a worm or virus from my HD and external backup HD.
  I'd be very grateful for any help.
  John

  I'm with you there. I had been running OS 10.4.11 with absolutely no problems whatsoever. Now I have Snow Leopard and CS3. And, the ONLY reason I upgraded to Snow Leopard was to use the iLife suite, which has some software I need. Now there are problems all over the place. I can't use some of the CS3 plugins that I paid good money for, CS3 has a strange artifact that shows up every time it opens (fortunately the artifact doesn't print), video downloads through Firefox, Chrome or Safari have numerous cache issues, startup is slow, some apps crash randomly, and Word doesn't function properly (don't chastise me on using Word. I have to use it.) I've even installed the proper updates and reinstalled CS3 (like you, I can't afford CS5 yet -- starving artist, you know.)
  I am VERY disappointed in Snow Leopard (not to mention Apple support). Macs used to be the machine to beat when it came to bugs and crashes. Now a Mac is just like any PC -- you never know what's going to happen.

• Should I protect my iMac with anti virus software and if yes what do you recommend thanks

  should i prtect i mac with anti virus software?

  If desired, use ClamXav. Any Mac OS X antivirus software which people actually charge for, as opposed to free downloads, should be avoided.
  (70900)

• I am getting a network connection lost message everytime I try to update to the newest Iphone software. Tried reinstalling ITunes, turning firewalls/Anti Virus on and off, and no luck. ANy other tips?

  Can anyone help me?

  Update server busy.
  Try direct downloads. search for it . ( Google it )
  Then restore your phone clicking Shift + restore.

• Anti virus's and home button problem

  Hi
  1)i want to
  We Need antiviruse in My iPhone 5s ?
  2)how to understand my iPhone when produce???
  Due to home button problem .
  Thanks

  There is no home button problem, the problem is with the power button on some iPhone 5 devices: https://ssl.apple.com/support/iphone5-sleepwakebutton/

• How can i tell if I have malware and what anti virus program is best?

  please suggest the best anti virus program and how I can determine if I have a virus

  The fact that your bank account was hacked doesn't mean that you have a "virus," despite what the bank may have told you. It means either that the bank had a breach of its internal security, which it prefers to blame on you, or that you chose a weak password or weak security questions that someone was able to guess. The password should a be a random string of at least 10 random upper- and lower-case letters and digits. You don't need to, and should not be able to, remember it.

• Question:  Do I need to run and anti virus program with MAC OSX Lion? Have heard different opinions! If so what would you recommend? Was looking at Sophos. Does anyone have any experience with this? Thanks

  Question:  Do I need to run and anti virus program with MAC OSX Lion? Have heard different opinions! If so what would you recommend? Was looking at Sophos. Does anyone have any experience with this? Thanks

  Do I need to run and anti virus program with MAC OSX Lion? Have heard different opinions!
  You will continue to hear different opinions here, where thoughts range everywhere between "anti-virus software is the evil spawn of Satan" to "anyone not running anti-virus software is a fool."
  Truth is, this is still a very personal decision on a Mac. Depending on circumstances, it is still very easily possible to stay safe without using anti-virus software, but circumstances and personal preferences vary widely. Besides which, anti-virus software cannot even remotely provide you a guarantee of protection!
  To learn how to stay safe (with or without anti-virus software), and how to decide whether to use anti-virus software, see my Mac Malware Guide.

• Bootcamp and anti-virus and is getting VMware or Parallel better?

  I am starting research that requires me to download File Warden in Windows, so I loaded Windows onto my Mac by using bootcamp. Is this partitioned hard drive that is now I guess a mini-PC in my Mac require its own anti-virus programs and such?
  Also, the research program that I will be using will analyze the data using Excel, so I guess I would also have to download Excel into Windows. However, if I just got VMware or Parallel, and ran the research program on my Mac, would that data be converted automatically to "Numbers" which I have on my computer? If I used VMware or Parallel would I still need anti-virus?
  Apologies if these questions are obvious, I'm new to this.
  Message was edited by: karym

  Yes you need AV/anti-malware.
  http://www.microsoft.com/Security_Essentials/
  You need to buy and install Office though you might want to see if Office 2011 for Mac will do for your needs.
  I would guess Numbers is not going to do more than import and may or may not be suitable.

• Good anti-virus and question...

  Is Sophos a good Anti-Virus? and also if i did have a virus, i erased my HD. Would that get rid of any virus/malware i had? Also i will be re-installing Lion.
  There is still 3 folders and 2 files on my HD, will that be the malware/virus?
  Thanks.

  While Sophos certainly receives numerous high marks from thiose who do use it, the value of such a product is mush less clear cut than it is for a Windows user.
  While I have an antivirus on my Macs, I do not have it running as a background application when I am using my Mac. Currently there are no "Viruses" in the wild right now that are any significant threat to OS X. The Security inherrent to the system is also robust enough to prevent infection from other malware types that have ever been encountered. That is not to say that my system is 100% protected from ALL forms of malware.
  First, by using a good antivirus, the application may (I said, "may") help protect Windows users from shared media that could be infected with code. That is to say, that the Mac AV Software would be the first line of defense to Windows-Only for which you might be the proverbial "typhoid Mary", infected but not sick.
  This presumes that your Mac software is more capable than your Windows users at catching Windows malware.
  I use rather robust malware and anti-virus protection on my Windows machines that I manage, so I don't see a need to augment it with a Mac solution that is likely to be wasted. Moreover, since I feel fairly confident that my Mac security is adequate, I don't run a Mav AV product continually. Nor would I want to keep one running, giving me a false sense of security at the cost of arunning process.
  Then again,
  I practice a thrice weekly Time Machine backup regimen. I am very careful about letting any process run, unless I am sure about the process. And I am fastidious about knowing the operating system's components (what should be running or stored, and what should not.
  If you are a user who wants peace of mind, and does not want to think about security, then an AV program will indeed help in some regard. However, I am not one to think that it replaces diligence at all. Any AV program can be fooled by a brand new threat, before your AV has the stored virus signature from a rencet update. Heuristics can only go so far. The best Antivirus is the user who knows his system, and keeps backups.
  The bottom line: Get Sophos, and concurrently learn OS X, so that you might transition to better malware protection, which is yourself.

• Can anyone recommend a good anti virus/security suite?

  I have a friend recommending "MacKeeper" but the Apple online store only has "ESET" with two reviews which are both one star!

  VIRUSES
  No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
  It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download  from:
  http://www.clamxav.com/download.php
  Note: ClamAV adds a new user group to your Mac. That makes it a little more difficult to remove than some apps. You’ll find an uninstaller link in ClamXav’s FAQ page online.
  If you are already using ClamXav: please ensure that you have installed all recent  Apple Security Updates  and that your version of ClamXav is the latest available.
  Do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.
  FAKE ANTI-VIRUS SOFTWARE and associated MALWARE
  Do not be tricked by 'scareware' that tempts computer users to download fake anti-virus software that may itself be malware.
  Fake anti-virus software that infect PCs with malicious code are a growing threat, according to a study by Google. Its analysis of 240m web pages over 13 months showed that fake anti-virus programs accounted for 15% of all malicious software.
  Scammers trick people into downloading programs by convincing them that their PC is infected with a virus.
  Once installed, the software may steal data or force people to make a payment to register the fake product.
  Beware of PDF files from unknown sources. A security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009.:
  http://www.computerworld.com/s/article/9157438/in whichRogue_PDFs_account_for_80_of_all_exploits_says_researcher
  TROJANS and RE-DIRECTION TO FAKE WEBSITES
  The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
  If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's  (that's you!)  DNS records stay modified on a minute-by-minute basis.
  You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:
  http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X.  It's available here:
  http://macscan.securemac.com/
  First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected] [/b]
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  (Note that a 30 day trial version of MacScan can be downloaded free of charge from:
  http://macscan.securemac.com/buy/
  and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.
  A white paper was published on the subject of Trojans by SubRosaSoft, available here:
  http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=document_ general_info&cPath=11&products_id=174
  Also, beware of MacSweeper:
  MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
  http://en.wikipedia.org/wiki/MacSweeper
  On June 23, 2008 this news reached Mac users:
  http://www.theregister.co.uk/2008/06/23/mac_trojan/
  More on Trojans on the Mac here:
  http://www.technewsworld.com/story/63574.html?welcome=1214487119
  This was published on July 25, 2008:
  Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
  The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
  Net security groups say there is anecdotal evidence that small scale attacks are already happening.
  Further details here:  http://news.bbc.co.uk/2/hi/technology/7525206.stm
  A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites like Twitter and MySpace etc), as reported here on December 9, 2008:
  http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
  As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:
  http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613
  You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
  http://www.securemac.com/
  HOW TO AVOID RE-DIRECTION
  Adding Open DNS codes to your Network Preferences, should give good results in terms of added security as well as speed-up:
  If you are using a single computer: Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:
  208.67.222.222
  208.67.220.220
  (You can also enter them if you click on Advanced and then DNS)
  Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:
  http://support.apple.com/kb/TS2296
  If your computer is part of a network: please refer to this page: http://www.opendns.com/start/best_practices/#your_network and follow the advice given.
  There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
  WHAT TO DO IF YOU THINK YOUR MAC HAS BECOME 'INFECTED'
  If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:
  http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/
  Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
  1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.
  2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program. A recent example is of malware distributed through innocent looking free screensavers:  http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bund led-with-spyware/6560?tag=nl.e589
  3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through this AV application.
  4. Use Mac OS X's built-in Firewalls and other security features.
  5. LimeWire (now defunct) and other peer-to-peer sharing applications and download torrents supplying pirated software, movies etc are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking:  http://news.bbc.co.uk/1/hi/technology/8420233.stm
  6. Resist the temptation to download pirated software. After the release of iWork '09, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan were downloaded.  SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:
  http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg
  YOUR PRIVACY ON THE INTERNET and the latest risks to look out for:
  There is the potential for having your entire email contact list stolen for use for spamming:
  http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1
  NOTE: Snow Leopard, OS 10.6.x, offers additional security to that of previous versions of OS X, but not to the extent that you should ignore the foregoing:
  http://www.apple.com/macosx/security/
  Apple's 10.6.4 operating system upgrade silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook.
  http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates
  And if you are using iPhone Apps you are also at risk of losing all privacy:
  http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/
  The advent of HTML5  may also be a future threat to internet privacy:
  http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp
  Security of OS X generally:
  http://www.apple.com/macosx/security/
  http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
  Security Configuration for Version 10.5 Leopard:
  http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf

• 10.5.5 break anti-virus mail server stops working

  We updated to 10.5.5 and suddenly our server stopped forwarding mail.
  I noticed in the logs that the anti-spam and anti-virus (clamav etc.) were failing to update and run. The server was brutally slow. I turned off the anti-virus checks and everything is working again after two days of searching.
  Any idea what broke and how a newbie could fix it?
  Thanks,
  Ryan

  Good morning,
  Thank you very much for offering to help.
  Here is the amavis.log:
  5625-13) smtp resp to greeting: 220 roy.nanuc.ualberta.ca ESMTP Postfix
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp cmd> EHLO localhost
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp resp to EHLO: 250 roy.nanuc.ualberta.ca\nPIPELINING\nSIZE 10485760\nVRFY\nAUTH GSSAPI\nETRN\nENHANCEDSTATUSCODES\n8BITMIME\nDSN
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) AUTH not needed, user='', MTA offers 'GSSAPI'
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp cmd> MAIL FROM:<[email protected]> BODY=7BIT
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp cmd> RCPT TO:<[email protected]> ORCPT=rfc822;[email protected] NOTIFY=NEVER
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp cmd> DATA
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp resp to MAIL (pip): 250 2.1.0 Ok
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp resp to RCPT (pip) (<[email protected]>): 250 2.1.5 Ok, id=25625-13, from MTA([127.0.0.1]:10025): 250 2.1.5 Ok
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF>
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp cmd> QUIT
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp resp to data-dot (<[email protected]>): 250 2.0.0 Ok: queued as 4F2A79DDF40
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) smtp resp to QUIT: 221 2.0.0 Bye
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) FWD via SMTP: <[email protected]> -> <[email protected]>,BODY=7BIT 250 2.6.0 Ok, id=25625-13, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4F2A79DDF40
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) Passed CLEAN, [142.231.77.1] [142.103.48.148] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: lTLSt8bShtqL, Hits: -2.399, size: 1420, queued_as: 4F2A79DDF40, 5644 ms
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) TIMING [total 5663 ms] - SMTP greeting: 3 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 3 (0%)0, SMTP DATA: 1 (0%)0, check_init: 1 (0%)0, digest_hdr: 0 (0%)0, digest_body: 0 (0%)0, genmailid: 1 (0%)0, mime_decode: 10 (0%)0, get-file-type1: 30 (1%)1, decompose_part: 4 (0%)1, parts_decode: 0 (0%)1, check_header: 3 (0%)1, spam-wb-list: 10 (0%)1, SA msg read: 2 (0%)1, SA parse: 3 (0%)1, SA check: 5464 (96%)98, update_cache: 8 (0%)98, decidemaildestiny: 1 (0%)98, fwd-connect: 44 (1%)99, fwd-mail-pip: 37 (1%)99, fwd-rcpt-pip: 0 (0%)99, fwd-data-chkpnt: 0 (0%)99, write-header: 1 (0%)99, fwd-data-contents: 0 (0%)99, fwd-end-chkpnt: 10 (0%)100, prepare-dsn: 1 (0%)100, mainlogentry: 7 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 1 (0%)100, SMTP response: 0 (0%)100, unlink-1-files: 14 (0%)100, rundown: 1 (0%)100
  Sep 23 10:44:57 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) load: 5 %, total idle 1269.245 s, busy 61.959 s
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-09) process_request: fileno sock=14, STDIN=14, STDOUT=14
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) ESMTP::10024 /var/amavis/tmp/amavis-20080923T102933-25702: <[email protected]> -> <[email protected]> SIZE=2658 Received: from roy.nanuc.ualberta.ca ([127.0.0.1]) by localhost (brodeur.nanuc.ualberta.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <[email protected]>; Tue, 23 Sep 2008 10:47:21 -0600 (MDT)
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) body hash: 317adbdde036e2d63027358ccd2878f4
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) Checking: LZdT8Jzafapz [88.87.242.247] <[email protected]> -> <[email protected]>
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) 2822.From: <[email protected]>
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) p003 1 Content-Type: multipart/alternative
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) p001 1/1 Content-Type: text/plain, size: 536 B, name:
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) p002 1/2 Content-Type: text/html, size: 951 B, name:
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) Checking for banned types and filenames
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) collect banned table[0]: [email protected], tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0xae3b80)
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) p.path [email protected]: "P=p003,L=1,M=multipart/alternative | P=p001,L=1/1,M=text/plain,T=asc"
  Sep 23 10:47:21 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) p.path [email protected]: "P=p003,L=1,M=multipart/alternative | P=p002,L=1/2,M=text/html,T=html"
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) spam_scan: score=16.479 autolearn=spam tests=[BAYES99=3.5,DOS_OE_TO_MX=2.75,FH_HELO_EQ_D_D_D_D=0.001,HTML_MESSAGE=0.001,RCVD_IN_BL_ SPAMCOP_NET=1.96,RCVD_IN_SORBS_DUL=0.877,RDNS_DYNAMIC=0.1,URIBL_AB_SURBL=1.86,UR IBL_BLACK=1.955,URIBL_JP_SURBL=1.501,URIBL_OB_SURBL=1.5,URIBL_SCSURBL=0.474]
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) blocking contents category is (6) for [email protected]
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) donotify_andquar: ccat=Spam (6,0) ("6":Spam, "5":Spammy, "1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(6), q_mth=local:spam-%m.gz, qar_mth=
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) local delivery: -> <spam-quarantine>, mbx=/var/virusmails/spam-LZdT8Jzafapz.gz
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) SPAM, <[email protected]> -> <[email protected]>, Yes, score=16.479 tag=2 tag2=6 kill=6 tests=[BAYES_99=3.5, DOSOE_TOMX=2.75, FHHELO_EQ_D_D_DD=0.001, HTML_MESSAGE=0.001, RCVDIN_BL_SPAMCOPNET=1.96, RCVDIN_SORBSDUL=0.877, RDNS_DYNAMIC=0.1, URIBLABSURBL=1.86, URIBL_BLACK=1.955, URIBLJPSURBL=1.501, URIBLOBSURBL=1.5, URIBLSCSURBL=0.474], autolearn=spam, quarantine LZdT8Jzafapz (spam-quarantine)
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) DSN: FILTER 554 Spam, spam level 16.479 exceeds cutoff level 10, <[email protected]> -> <[email protected]>
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) Blocked SPAM, [88.87.242.247] [88.87.242.247] <[email protected]> -> <[email protected]>, quarantine: spam-LZdT8Jzafapz.gz, Message-ID: <000501c91d9c$05859a88$8f5aeeab@bdrxi>, mail_id: LZdT8Jzafapz, Hits: 16.479, size: 2658, 5391 ms
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) TIMING [total 5516 ms] - SMTP greeting: 2 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 36 (1%)1, SMTP DATA: 2 (0%)1, check_init: 1 (0%)1, digest_hdr: 0 (0%)1, digest_body: 0 (0%)1, genmailid: 1 (0%)1, mime_decode: 27 (0%)1, get-file-type2: 199 (4%)5, decompose_part: 2 (0%)5, parts_decode: 0 (0%)5, check_header: 2 (0%)5, spam-wb-list: 7 (0%)5, SA msg read: 2 (0%)5, SA parse: 5 (0%)5, SA check: 5012 (91%)96, update_cache: 54 (1%)97, decidemaildestiny: 2 (0%)97, write-header: 24 (0%)98, save-to-local-mailbox: 1 (0%)98, prepare-dsn: 2 (0%)98, mainlogentry: 8 (0%)98, update_snmp: 2 (0%)98, SMTP pre-response: 1 (0%)98, SMTP response: 0 (0%)98, unlink-2-files: 120 (2%)100, rundown: 2 (0%)100
  Sep 23 10:47:26 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25702]: (25702-10) load: 5 %, total idle 1017.355 s, busy 56.145 s
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-13) process_request: fileno sock=14, STDIN=14, STDOUT=14
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) ESMTP::10024 /var/amavis/tmp/amavis-20080923T102246-25625: <[email protected]> -> <[email protected]> SIZE=101053 Received: from roy.nanuc.ualberta.ca ([127.0.0.1]) by localhost (brodeur.nanuc.ualberta.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <[email protected]>; Tue, 23 Sep 2008 10:51:15 -0600 (MDT)
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) body hash: c3cd040b5047389196bd53fb2d5a8109
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) Checking: FK2K9OKp4N1Z [129.128.5.19] <[email protected]> -> <[email protected]>
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) 2822.From: <[email protected]>
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) p003 1 Content-Type: multipart/alternative
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) p001 1/1 Content-Type: text/plain, size: 11777 B, name:
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) p002 1/2 Content-Type: text/html, size: 80574 B, name:
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) Checking for banned types and filenames
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) collect banned table[0]: [email protected], tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0xae3b80)
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) p.path [email protected]: "P=p003,L=1,M=multipart/alternative | P=p001,L=1/1,M=text/plain,T=txt"
  Sep 23 10:51:15 brodeur.nanuc.ualberta.ca /usr/bin/amavisd[25625]: (25625-14) p.path [email protected]: "P=p003,L=1,M=multipart/alternative | P=p002,L=1/2,M=text/html,T=html"
  I've had to turn off virus scanning to get any forwarding done.
  The spam filter is working but the server grinds to a halt every few minutes, then catches up. Like it's trying something, gives up, and then goes back to work for a bit until it tries again.
  The server is running web services and mail forwarding to the University only.
  Our firewall restricts outgoing (internet) from the server only accepting incoming requests. That way if it gets hacked it can't attack anyone. We're able to run mac updates via the University software update server (local outgoing is allowed).
  Thank you again for any help you can offer.

• Anti-Virus Opinion

  I know Apple Mac's typically do not get virus or malware, but what in your guy's opinion is the best anti-virus software out there for the Mac? Just curious what other Mac owners think... Thanks

  VIRUSES
  No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
  It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger from:
  http://www.clamxav.com/download.php#tiger
  and for Leopard, Snow Leopard and Lion from here:
  http://www.clamxav.com/
  Note: If you wish to uninstall ClamXav: keep a copy of the disk image from when you downloaded it, or download it again - the uninstaller is included with the application. To uninstall, quit ClamXav Sentry (if you use it) and make sure it's not set to launch at log in. The uninstaller will remove the engine and any schedules you've got set up, then just drag ClamXav.app to the trash.
  If you are already using ClamXav: please ensure that you have installed all recent  Apple Security Updates  and that your version of ClamXav is the latest available.
  Do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.
  FAKE ANTI-VIRUS SOFTWARE and associated MALWARE
  Do not be tricked by 'scareware' that tempts computer users to download fake anti-virus software that may itself be malware.
  Fake anti-virus software that infect PCs with malicious code are a growing threat, according to a study by Google. Its analysis of 240m web pages over 13 months showed that fake anti-virus programs accounted for 15% of all malicious software. Examples include MacKeeper, MacDefender and iAntivirus, but there are others.
  Scammers trick people into downloading programs by convincing them that their PC is infected with a virus.
  Once installed, the software may steal data or force people to make a payment to register the fake product.
  Beware of PDF files from unknown sources. A security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009.:
  http://www.computerworld.com/s/article/9157438/in which Rogue_PDFs_account_for_80_of_all_exploits_says_researcher
  TROJANS and RE-DIRECTION TO FAKE WEBSITES
  The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
  If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's  (that's you!)  DNS records stay modified on a minute-by-minute basis.
  You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:
  http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X.  It's available here:
  http://macscan.securemac.com/
  First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected]
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  (Note that a 30 day trial version of MacScan can be downloaded free of charge from:
  http://macscan.securemac.com/buy/
  and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
  A white paper was published on the subject of Trojans by SubRosaSoft, available here:
  http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=document_ general_info&cPath=11&products_id=174
  Also, beware of MacSweeper and MacDefender (also goes under the name of MacProtector, MacGaurd, MacSecurity or MacShield) :
  These are malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer in an attempt to obtain payment.
  Mackeeper is equally worthless and should also be avoided. Again, the developer seeks to obtain payment for an application that does nothing that free utilities do not also offer, and in many cases it will also mess up your system.
  You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
  http://www.securemac.com/
  HOW TO AVOID RE-DIRECTION
  Adding Open DNS codes to your Network Preferences, should give good results in terms of added security as well as speed-up:
  Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:
  208.67.222.222
  208.67.220.220
  (You can also enter them if you click on Advanced and then DNS)
  Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:
  http://support.apple.com/kb/TS2296
  There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
  WHAT TO DO IF YOU THINK YOUR MAC HAS BECOME 'INFECTED'
  If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:
  http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/
  Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
  1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.
  2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.
  3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through this AV application.
  4. Use Mac OS X's built-in Firewalls and other security features.
  5.  Peer-to-peer sharing applications and download torrents (such as the now defunct LimeWire) supplying pirated software, movies etc are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking:  http://news.bbc.co.uk/1/hi/technology/8420233.stm
  6. Resist the temptation to download pirated software. They can contain Botnet Trojans.  SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:
  http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg
  YOUR PRIVACY ON THE INTERNET and the latest risks to look out for:
  There is the potential for having your entire email contact list stolen for use for spamming:
  http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1
  And if you are using iPhone Apps you are also at risk of losing all privacy:
  http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/
  The advent of HTML5  may also be a future threat to internet privacy:
  http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp
  Security of OS X generally:
  http://www.apple.com/macosx/what-is/security.html
  http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
  Security Configuration for Version 10.5 Leopard:
  http://manuals.info.apple.com/en_US/Leopard_Security_Config_2nd_Ed.pdf
  NOTE: Apple's Snow Leopard and Lion operating systems silently update the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook: Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.
  Few malicious titles actually exist for Mac OS X, and those that do rely almost entirely upon duping users to install software that pretends to be legitimate.
  http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates
  However, if you are running Lion Server:
  Apple's new server operating system -- OS X Lion -- is so inherently insecure that Stamos recommends keeping it off the network altogether and using Macs only as standalone machines connected to IP or Windows networks, not those designed for Macs.
  The Mac Server's networking protocols -- especially DHX User Authentication -- are designed for ease of use, not security. It is trivial, Stamos said, for hackers to set up a Mac user to download a file that will overflow the buffer protecting the heap segment of the server's memory, allowing the file's malicious payload to run uncontrolled in the server's memory and give itself whatever access rights it wants.
  http://www.macworld.co.uk/mac/news/index.cfm?newsid=3301796&olo=email