No help for virus

Similar Messages

• I try to open mozilla this last week and it will not open it for me. It sais it is open already but there is nothing on my computer. I had mcafee check for viruses and said there was none. I tryed uninstalling and reinstalling but it did not help.

  I try to open mozilla this last week and it will not open it for me. It sais it is open already but there is nothing on my computer. I had mcafee check for viruses and said there was none. I tryed uninstalling and reinstalling but it did not help.

  See
  * http://support.mozilla.com/en-US/kb/Firefox%20will%20not%20start

• Help! How to check for virus on IBook G4

  Okay, I have been getting the multicolored swirly ciricle thing when I try to do anything online or though word on my Mac, it is significantly slower and has done this before. The tech support guy showed me how to scan for viruses and restore it after they were found. Can anyone help? Thanks.

  Welcome to the iBook Discussions!
  Since there have not been any viruses released in the wild that will infect a computer running Mac OS X, it's not a virus that is causing the trouble. If all you want to do is search for a virus, you can use ClamXav. But, we can be fairly certain this won't really clear-up your trouble. Is there any other troubleshooting you've tried? Have you used the Disk Utility (in your /Applications/Utilities/ folder) to "repair disk permissions"? Have you started up from your Mac OS X install disk and used the Disk Utility there to "repair disk"?
  -Doug

• ClamAV fails to scan for viruses in emails [CLAWS MAIL]

  I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
  I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Here's my clamd.conf:
  ## Please read the clamd.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Uncomment this option to enable logging.
  # LogFile must be writable for the user running daemon.
  # A full path is required.
  # Default: disabled
  LogFile /var/log/clamav/clamd.log
  # By default the log file is locked for writing - the lock protects against
  # running clamd multiple times (if want to run another clamd, please
  # copy the configuration file, change the LogFile variable, and run
  # the daemon with --config-file option).
  # This option disables log file locking.
  # Default: no
  #LogFileUnlock yes
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  LogTime yes
  # Also log clean files. Useful in debugging but drastically increases the
  # log size.
  # Default: no
  #LogClean yes
  # Use system logger (can work together with LogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Log additional information about the infected file, such as its
  # size and hash, together with the virus name.
  #ExtendedDetectionInfo yes
  # This option allows you to save a process identifier of the listening
  # daemon (main thread).
  # Default: disabled
  PidFile /run/clamav/clamd.pid
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
  TemporaryDirectory /tmp
  # Path to the database directory.
  # Default: hardcoded (depends on installation options)
  DatabaseDirectory /var/lib/clamav
  # Only load the official signatures published by the ClamAV project.
  # Default: no
  OfficialDatabaseOnly yes
  # The daemon can work in local mode, network mode or both.
  # Due to security reasons we recommend the local mode.
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
  LocalSocket /var/lib/clamav/clamd.sock
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
  LocalSocketGroup clamav
  # Sets the permissions on the unix socket to the specified mode.
  # Default: disabled (socket is world accessible)
  #LocalSocketMode 660
  # Remove stale socket after unclean shutdown.
  # Default: yes
  #FixStaleSocket yes
  # TCP port address.
  # Default: no
  #TCPSocket 3310
  # TCP address.
  # By default we bind to INADDR_ANY, probably not wise.
  # Enable the following to provide some degree of protection
  # from the outside world.
  # Default: no
  #TCPAddr 127.0.0.1
  # Maximum length the queue of pending connections may grow to.
  # Default: 200
  #MaxConnectionQueueLength 30
  # Clamd uses FTP-like protocol to receive data from remote clients.
  # If you are using clamav-milter to balance load between remote clamd daemons
  # on firewall servers you may need to tune the options below.
  # Close the connection when the data size limit is exceeded.
  # The value should match your MTA's limit for a maximum attachment size.
  # Default: 25M
  #StreamMaxLength 10M
  # Limit port range.
  # Default: 1024
  #StreamMinPort 30000
  # Default: 2048
  #StreamMaxPort 32000
  # Maximum number of threads running at the same time.
  # Default: 10
  #MaxThreads 20
  # Waiting for data from a client socket will timeout after this time (seconds).
  # Default: 120
  #ReadTimeout 300
  # This option specifies the time (in seconds) after which clamd should
  # timeout if a client doesn't provide any initial command after connecting.
  # Default: 5
  #CommandReadTimeout 5
  # This option specifies how long to wait (in miliseconds) if the send buffer is full.
  # Keep this value low to prevent clamd hanging
  # Default: 500
  #SendBufTimeout 200
  # Maximum number of queued items (including those being processed by MaxThreads threads)
  # It is recommended to have this value at least twice MaxThreads if possible.
  # WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
  # the following condition should hold:
  # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
  # Default: 100
  #MaxQueue 200
  # Waiting for a new job will timeout after this time (seconds).
  # Default: 30
  #IdleTimeout 60
  # Don't scan files and directories matching regex
  # This directive can be used multiple times
  # Default: scan all
  #ExcludePath ^/proc/
  #ExcludePath ^/sys/
  # Maximum depth directories are scanned at.
  # Default: 15
  #MaxDirectoryRecursion 20
  # Follow directory symlinks.
  # Default: no
  #FollowDirectorySymlinks yes
  # Follow regular file symlinks.
  # Default: no
  #FollowFileSymlinks yes
  # Scan files and directories on other filesystems.
  # Default: yes
  #CrossFilesystems yes
  # Perform a database check.
  # Default: 600 (10 min)
  #SelfCheck 600
  # Execute a command when virus is found. In the command string %v will
  # be replaced with the virus name.
  # Default: no
  #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
  # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges
  User clamav
  # Initialize supplementary group access (clamd must be started by root).
  # Default: no
  #AllowSupplementaryGroups no
  # Stop daemon when libclamav reports out of memory condition.
  #ExitOnOOM yes
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Do not remove temporary files (for debug purposes).
  # Default: no
  #LeaveTemporaryFiles yes
  # Detect Possibly Unwanted Applications.
  # Default: no
  #DetectPUA yes
  # Exclude a specific PUA category. This directive can be used multiple times.
  # See http://www.clamav.net/support/pua for the complete list of PUA
  # categories.
  # Default: Load all categories (if DetectPUA is activated)
  #ExcludePUA NetTool
  #ExcludePUA PWTool
  # Only include a specific PUA category. This directive can be used multiple
  # times.
  # Default: Load all categories (if DetectPUA is activated)
  #IncludePUA Spy
  #IncludePUA Scanner
  #IncludePUA RAT
  # In some cases (eg. complex malware, exploits in graphic files, and others),
  # ClamAV uses special algorithms to provide accurate detection. This option
  # controls the algorithmic detection.
  # Default: yes
  #AlgorithmicDetection yes
  ## Executable files
  # PE stands for Portable Executable - it's an executable file format used
  # in all 32 and 64-bit versions of Windows operating systems. This option allows
  # ClamAV to perform a deeper analysis of executable files and it's also
  # required for decompression of popular executable packers such as UPX, FSG,
  # and Petite. If you turn off this option, the original files will still be
  # scanned, but without additional processing.
  # Default: yes
  #ScanPE yes
  # Executable and Linking Format is a standard format for UN*X executables.
  # This option allows you to control the scanning of ELF files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanELF yes
  # With this option clamav will try to detect broken executables (both PE and
  # ELF) and mark them as Broken.Executable.
  # Default: no
  #DetectBrokenExecutables yes
  ## Documents
  # This option enables scanning of OLE2 files, such as Microsoft Office
  # documents and .msi files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanOLE2 yes
  # With this option enabled OLE2 files with VBA macros, which were not
  # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
  # Default: no
  #OLE2BlockMacros no
  # This option enables scanning within PDF files.
  # If you turn off this option, the original files will still be scanned, but
  # without decoding and additional processing.
  # Default: yes
  #ScanPDF yes
  ## Mail files
  # Enable internal e-mail scanner.
  # If you turn off this option, the original files will still be scanned, but
  # without parsing individual messages/attachments.
  # Default: yes
  #ScanMail yes
  # Scan RFC1341 messages split over many emails.
  # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
  # WARNING: This option may open your system to a DoS attack.
  # Never use it on loaded servers.
  # Default: no
  #ScanPartialMessages yes
  # With this option enabled ClamAV will try to detect phishing attempts by using
  # signatures.
  # Default: yes
  #PhishingSignatures yes
  # Scan URLs found in mails for phishing attempts using heuristics.
  # Default: yes
  #PhishingScanURLs yes
  # Always block SSL mismatches in URLs, even if the URL isn't in the database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockSSLMismatch no
  # Always block cloaked URLs, even if URL isn't in database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockCloak no
  # Allow heuristic match to take precedence.
  # When enabled, if a heuristic scan (such as phishingScan) detects
  # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
  # scan-time.
  # When disabled, virus/phish detected by heuristic scans will be reported only at
  # the end of a scan. If an archive contains both a heuristically detected
  # virus/phish, and a real malware, the real malware will be reported
  # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
  # differently from "real" malware.
  # If a non-heuristically-detected virus (signature-based) is found first,
  # the scan is interrupted immediately, regardless of this config option.
  # Default: no
  #HeuristicScanPrecedence yes
  ## Data Loss Prevention (DLP)
  # Enable the DLP module
  # Default: No
  #StructuredDataDetection yes
  # This option sets the lowest number of Credit Card numbers found in a file
  # to generate a detect.
  # Default: 3
  #StructuredMinCreditCardCount 5
  # This option sets the lowest number of Social Security Numbers found
  # in a file to generate a detect.
  # Default: 3
  #StructuredMinSSNCount 5
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxx-yy-zzzz
  # Default: yes
  #StructuredSSNFormatNormal yes
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxxyyzzzz
  # Default: no
  #StructuredSSNFormatStripped yes
  ## HTML
  # Perform HTML normalisation and decryption of MS Script Encoder code.
  # Default: yes
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  #ScanHTML yes
  ## Archives
  # ClamAV can scan within archives and compressed files.
  # If you turn off this option, the original files will still be scanned, but
  # without unpacking and additional processing.
  # Default: yes
  #ScanArchive yes
  # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
  # Default: no
  #ArchiveBlockEncrypted no
  ## Limits
  # The options below protect your system against Denial of Service attacks
  # using archive bombs.
  # This option sets the maximum amount of data to be scanned for each input file.
  # Archives and other containers are recursively extracted and scanned up to this
  # value.
  # Value of 0 disables the limit
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 100M
  #MaxScanSize 150M
  # Files larger than this limit won't be scanned. Affects the input file itself
  # as well as files contained inside it (when the input file is an archive, a
  # document or some other kind of container).
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 25M
  #MaxFileSize 30M
  # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
  # file, all files within it will also be scanned. This options specifies how
  # deeply the process should be continued.
  # Note: setting this limit too high may result in severe damage to the system.
  # Default: 16
  #MaxRecursion 10
  # Number of files to be scanned within an archive, a document, or any other
  # container file.
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 10000
  #MaxFiles 15000
  ## Clamuko settings
  # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
  # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
  # is the preferred option. For more information please visit www.dazuko.org
  # Default: no
  #ClamukoScanOnAccess yes
  # The number of scanner threads that will be started (DazukoFS only).
  # Having multiple scanner threads allows Clamuko to serve multiple
  # processes simultaneously. This is particularly beneficial on SMP machines.
  # Default: 3
  #ClamukoScannerCount 3
  # Don't scan files larger than ClamukoMaxFileSize
  # Value of 0 disables the limit.
  # Default: 5M
  #ClamukoMaxFileSize 10M
  # Set access mask for Clamuko (Dazuko only).
  # Default: no
  #ClamukoScanOnOpen yes
  #ClamukoScanOnClose yes
  #ClamukoScanOnExec yes
  # Set the include paths (all files inside them will be scanned). You can have
  # multiple ClamukoIncludePath directives but each directory must be added
  # in a seperate line. (Dazuko only)
  # Default: disabled
  #ClamukoIncludePath /home
  #ClamukoIncludePath /students
  # Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
  # Default: disabled
  #ClamukoExcludePath /home/bofh
  # With this option you can whitelist specific UIDs. Processes with these UIDs
  # will be able to access all files.
  # This option can be used multiple times (one per line).
  # Default: disabled
  #ClamukoExcludeUID 0
  # With this option enabled ClamAV will load bytecode from the database.
  # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
  # Default: yes
  #Bytecode yes
  # Set bytecode security level.
  # Possible values:
  # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
  # This value is only available if clamav was built with --enable-debug!
  # TrustSigned - trust bytecode loaded from signed .c[lv]d files,
  # insert runtime safety checks for bytecode loaded from other sources
  # Paranoid - don't trust any bytecode, insert runtime checks for all
  # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
  # Note that by default only signed bytecode is loaded, currently you can only
  # load unsigned bytecode in --enable-debug mode.
  # Default: TrustSigned
  #BytecodeSecurity TrustSigned
  # Set bytecode timeout in miliseconds.
  # Default: 5000
  # BytecodeTimeout 1000
  My freshclam.conf:
  ## Please read the freshclam.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Path to the database directory.
  # WARNING: It must match clamd.conf's directive!
  # Default: hardcoded (depends on installation options)
  #DatabaseDirectory /var/lib/clamav
  # Path to the log file (make sure it has proper permissions)
  # Default: disabled
  UpdateLogFile /var/log/clamav/freshclam.log
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  #LogTime yes
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Use system logger (can work together with UpdateLogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
  #PidFile /var/run/freshclam.pid
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.
  # Default: clamav (may depend on installation options)
  #DatabaseOwner clamav
  # Initialize supplementary group access (freshclam must be started by root).
  # Default: no
  #AllowSupplementaryGroups yes
  # Use DNS to verify virus database version. Freshclam uses DNS TXT records
  # to verify database and software versions. With this directive you can change
  # the database verification domain.
  # WARNING: Do not touch it unless you're configuring freshclam to use your
  # own database verification domain.
  # Default: current.cvd.clamav.net
  #DNSDatabaseInfo current.cvd.clamav.net
  # Uncomment the following line and replace XY with your country
  # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
  # You can use db.XY.ipv6.clamav.net for IPv6 connections.
  #DatabaseMirror db.XY.clamav.net
  # database.clamav.net is a round-robin record which points to our most
  # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
  # not working. DO NOT TOUCH the following line unless you know what you
  # are doing.
  DatabaseMirror database.clamav.net
  # How many attempts to make before giving up.
  # Default: 3 (per mirror)
  #MaxAttempts 5
  # With this option you can control scripted updates. It's highly recommended
  # to keep it enabled.
  # Default: yes
  #ScriptedUpdates yes
  # By default freshclam will keep the local databases (.cld) uncompressed to
  # make their handling faster. With this option you can enable the compression;
  # the change will take effect with the next database update.
  # Default: no
  #CompressLocalDatabase no
  # With this option you can provide custom sources (http:// or file://) for
  # database files. This option can be used multiple times.
  # Default: no custom URLs
  #DatabaseCustomURL http://myserver.com/mysigs.ndb
  #DatabaseCustomURL file:///mnt/nfs/local.hdb
  # Number of database checks per day.
  # Default: 12 (every two hours)
  #Checks 24
  # Proxy settings
  # Default: disabled
  #HTTPProxyServer myproxy.com
  #HTTPProxyPort 1234
  #HTTPProxyUsername myusername
  #HTTPProxyPassword mypass
  # If your servers are behind a firewall/proxy which applies User-Agent
  # filtering you can use this option to force the use of a different
  # User-Agent header.
  # Default: clamav/version_number
  #HTTPUserAgent SomeUserAgentIdString
  # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
  # multi-homed systems.
  # Default: Use OS'es default outgoing IP address.
  #LocalIPAddress aaa.bbb.ccc.ddd
  # Send the RELOAD command to clamd.
  # Default: no
  NotifyClamd /etc/clamav/clamd.conf
  # Run command after successful database update.
  # Default: disabled
  #OnUpdateExecute command
  # Run command when database update process fails.
  # Default: disabled
  #OnErrorExecute command
  # Run command when freshclam reports outdated version.
  # In the command string %v will be replaced by the new version number.
  # Default: disabled
  #OnOutdatedExecute command
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Timeout in seconds when connecting to database server.
  # Default: 30
  #ConnectTimeout 60
  # Timeout in seconds when reading from database server.
  # Default: 30
  #ReceiveTimeout 60
  # With this option enabled, freshclam will attempt to load new
  # databases into memory to make sure they are properly handled
  # by libclamav before replacing the old ones.
  # Default: yes
  #TestDatabases yes
  # When enabled freshclam will submit statistics to the ClamAV Project about
  # the latest virus detections in your environment. The ClamAV maintainers
  # will then use this data to determine what types of malware are the most
  # detected in the field and in what geographic area they are.
  # Freshclam will connect to clamd in order to get recent statistics.
  # Default: no
  #SubmitDetectionStats /path/to/clamd.conf
  # Country of origin of malware/detection statistics (for statistical
  # purposes only). The statistics collector at ClamAV.net will look up
  # your IP address to determine the geographical origin of the malware
  # reported by your installation. If this installation is mainly used to
  # scan data which comes from a different location, please enable this
  # option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
  # of the country of origin.
  # Default: disabled
  #DetectionStatsCountry country-code
  # This option enables support for our "Personal Statistics" service.
  # When this option is enabled, the information on malware detected by
  # your clamd installation is made available to you through our website.
  # To get your HostID, log on http://www.stats.clamav.net and add a new
  # host to your host list. Once you have the HostID, uncomment this option
  # and paste the HostID here. As soon as your freshclam starts submitting
  # information to our stats collecting service, you will be able to view
  # the statistics of this clamd installation by logging into
  # http://www.stats.clamav.net with the same credentials you used to
  # generate the HostID. For more information refer to:
  # http://www.clamav.net/support/faq/faq-cctts/
  # This feature requires SubmitDetectionStats to be enabled.
  # Default: disabled
  #DetectionStatsHostID unique-id
  # This option enables support for Google Safe Browsing. When activated for
  # the first time, freshclam will download a new database file (safebrowsing.cvd)
  # which will be automatically loaded by clamd and clamscan during the next
  # reload, provided that the heuristic phishing detection is turned on. This
  # database includes information about websites that may be phishing sites or
  # possible sources of malware. When using this option, it's mandatory to run
  # freshclam at least every 30 minutes.
  # Freshclam uses the ClamAV's mirror infrastructure to distribute the
  # database and its updates but all the contents are provided under Google's
  # terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
  # and http://safebrowsing.clamav.net for more information.
  # Default: disabled
  #SafeBrowsing yes
  # This option enables downloading of bytecode.cvd, which includes additional
  # detection mechanisms and improvements to the ClamAV engine.
  # Default: enabled
  #Bytecode yes
  # Download an additional 3rd party signature database distributed through
  # the ClamAV mirrors. Here you can find a list of available databases:
  # http://www.clamav.net/download/cvd/3rdparty
  # This option can be used multiple times.
  #ExtraDatabase dbname1
  #ExtraDatabase dbname2
  Any help is much appreciated.

  MatejLach wrote:
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

• Ways to scan for viruses on macs?

  I want to scan and check for viruses.

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.         
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other inessential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Currently, when you install the Apple-supplied Java runtime (but not the Oracle runtime), a "Malware Removal Tool" (MRT) is also installed. MRT runs automatically in the background and appears to scan your files for installed malware that may have evaded XProtect. Like XProtect, MRT is probably effective against known attacks, but not against unknown attacks. There is no user interface to MRT.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, when necessary, only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

• I received a phishing email supposedly from my bank and clicked on url - didn't enter any data though.Bank says to get ipad checked for viruses,but I understood ipad has built in security.I've cleared cookies in safari via settings.  Anything else to do?

  I received a phishing email supposedly from my bank and clicked on url - didn't enter any data though.Bank says to get ipad checked for viruses,but I understood ipad has built in security.I've cleared cookies in safari via settings.  Anything else to do?

  I know this has been solved as you reported, but I think you need to check with your e-mail provider. Did you also get this same e-mail on your computer? If you use the same ID for e-mail on computer and ipad, it should have appeared on both. It's very common spam. Check your computer to see if on it, the e-mail is in spam, or, if you deleted it on your ipad, check your recently deleted e-mails.
  You might want to consider changing your password, though people sending spam, don't need it. My e-mail provider had me change my password, not because I was getting spam, but unknown to me, I was sending it!  (You'll still get some spam, though.) It's when you learn that you're unknowingly sending spam...that you must change your password.
  Hope this helps.
  (Ss I was sending this, I just got an e-mail notification from the Nigerian... it got to my e-mail instead of going to spam.)

• How do we scan for viruses of uploaded excel file in Web Dynpro for JAVA

  Hi All,
  Please let me know "How do we scan for viruses of uploaded excel file in Web Dynpro for JAVA"
  Regards,
  Ganga.

  Hi ,
  pl go through this note "Integrating a virus scan into SAP applications 817623 "
  SAP Virus Scan Interface
  http://help.sap.com/saphelp_nw2004s/helpdata/en/30/42c13a38b44d5e8d1b140794e8e850/frameset.htm
  Sample Application
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/6e1c4221-0901-0010-63ba-b1f9459d6e74
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f2681486-0a01-0010-8497-c778eac80da5
  Regards
  Ayyappparaj

• Scanning an uploaded file for viruses

  Hi All,
  I want scan an uploaded file for viruses.i there is any JAVA API where i can connect to Scan engine.
  i have gone through the Symantic scan engine. where it provides the ICAP protocol to communicate with ScanEngine but i dont know how to communicate with that using java.
  Please help me out with this.....
  Thanks In Advance

  Raghavendra_LR wrote:
  Hi All,
  I want scan an uploaded file for viruses.i there is any JAVA API where i can connect to Scan engine.
  i have gone through the Symantic scan engine. where it provides the ICAP protocol to communicate with ScanEngine but i dont know how to communicate with that using java.
  Well buddy i'm afraid there are no good open source solutions available for this however,we have commercial solutions provided by respective vendors.
  [http://www.ciao.co.uk/McAfee_E_Business_Server_Java_API_Complete_package__5529793]
  or the below provided a Java client / Local SDK libraries for which supports number of anti-virus softwares
  [http://www.opswat.com/oesislocal.shtml ]
  Hope that helps :)
  REGARDS,
  RaHuL

• How do I uninstall the firefox 16 update from my computer? it won't allow my antivirus to scan for viruses and spyware!!

  when I installed this update it said that it was not compatible with my Norton toolbar, which I didn't think would be a problem. now I've got malware ads popping up on different websites and when I scan my computer for viruses/spyware, it always says there is no risks. I find that hard to believe. I just want to uninstall the last update (Firefox 16).

  You posted here with Firefox 17.0.1.
  Try running a Norton Live Update so Norton can update their Firefox add-on and get that Toolbar working again.
  That said, Norton doesn't do anything about Malware. You need a Malware application to locate and remove Malware.
  Install, update, and run these programs in this order. They are listed in order of efficacy.<br />'''''(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)''''' <br />These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have.<br />
  ''Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.''
  Malwarebytes' Anti-Malware - [http://www.malwarebytes.org/mbam.php] <br />
  SuperAntispyware - [http://www.superantispyware.com/] <br />
  AdAware - [http://www.lavasoftusa.com/software/adaware/] <br />
  Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html] <br />
  Windows Defender: Home Page - [http://windows.microsoft.com/en-US/windows7/products/features/windows-defender]<br />
  Also, if you have a search engine re-direct problem, see this:<br />
  http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
  If these don't find it or can't clear it, post in one of these forums for specialized malware removal help: <br />
  [http://www.spywarewarrior.com/index.php] <br />
  [http://forum.aumha.org/] <br />
  [http://www.spywareinfoforum.com/] <br />
  [http://bleepingcomputer.com]

• Configure ICAP in ORDS for virus scan

  Hello Every one,
  Please advice how we can configure ICAP in ORDS for scanning virus. We want to scan a uploaded file for virus and I was told that we can use the ICAP but we don't know how.
  I appreciate your help.
  Thanks,

  Any idea!!

• Error Message: Scanning for Viruses

  I uploaded my file on Friday Morning June 25, and I got that error message that my file was being scanned for viruses.  Does it take that long?  I have some very important files that I need to access, is there any one who can tell me if I can get someone to speed up the process or is this simply a technical issue?  Thanks.
  Rob

  Hi Michelle,
  It's unlikely, as it was on my work computer, and I do not work at that firm
  anymore, which is the whole reason I wanted to save it.  Is there any way a
  technician or someone can manually override this error message/cancel the
  virus scanning process, or do any sort of similar process so that I can gain
  access to it.  I don't care if it's not scanned since I created and uploaded
  the file, so I know there is nothing harmful on it (our systems at the firm
  had an unnecessarily high level of virus protection).  I really really need
  to get this file or 2 months worth of my work will be gone!
  Thanks for your help in advance.
  Rob

• P10 shutting down without bluescreen while scanning for viruses or cleaning

  My P10 shuts down when I scan for viruses or cleaning the system. Since I bought the notebook it works absolutely perfect. But 2 days ago I recognized this For normal work e.g. word, excel, surfing the net and so on, nothing happens, everything works but if I begin to scan, XP shuts down. It just turns off as if you unplug it from circuit!!! Can somebody help me, wrong drivers?, false hardware? I dont know how to solve the problem!!!! Which information do you need???

  Hi Kay,
  This sounds like a classic case of over-heating. Especially if you notice increased fan activity just prior to the notebook shutting down.
  Try cleaning the dust and debris from the CPU heat-sink. You will find lots of posts in this forum describing ways of doing this. My personla favorite is to use a vacuum cleaner hose against the air intake grilles.
  Also, it is worth making sure that the air intake grilles are not being blocked, and that sufficient air can get into the notebook to cool it properly. Don't stand your notebook on a soft surface or carpet since this will allow more dust to be sucked in.
  HTH

• Scanning for viruses on Mac

  I'm interested in scanning for viruses, not to protect my Mac but to avoid sending them to others. I've read a little about ClamXav and would like to hear from those of you who have used it. I don't want to run it continuously, but instead do a periodic system scan. Is it suitable to use like this? Any tips, benefits, or drawbacks you can tell me about? Thanks.

  Hello ha:
  I am certainly not trying to dissuade you from helping others (I try to do that myself). However, anyone who runs a Windows box without A/V software, firewall(s), moats, and boiling oil on the ramparts is asking for it. The only way you would send a virus out would be an E-mail. If you open a web site that has a Windows virus it will not harm your Mac or go anywhere else - unless you download it and then E-mail it.
  A/V software is, IMHO, a complete waste of time and resources for anyone running a Mac with OSX.
  Sorry for the sermon, but I cannot imagine a Windows user without robust A/V software. In my former professional life, we ran Wintel boxes and had everything (including barbed wire) to pick off viruses. My IT people used to produce a report detailing how many viruses they intercepted and deactivated.
  Barry

• Is Virus Barrier x6 any good for virus protection/

  Is Virus barrier x6 any good for virus protection?

  I have never used it personally.  I have seen people here having kernel panics, and removing VB cured the problem.  But then, that's not good data, because I don't know how many people might be using it with no problems, and why those kernel panics might be occurring.
  To help you decide whether you want to use AV software, and how to protect yourself even if you do install AV software (which cannot guarantee protection), see my Mac Malware Guide.
  (Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)

• Receiving Mac Zip File for virus removal

  Receiving Mac Zip File for virus removal. Randomly comes up through firefox.  I don't open it but I cant remove it from applications.  Any help appreciated.  Also Mac doesn't have a built in defense like that does it?

  When you created this post, there was, at the top of the discussion, and all Apple Community, this:
  Announcement:  Apple recently published -  How to avoid or remove Mac Defender malware
  How to avoid or remove Mac Defender malware