Scanning for Spyware/Malware?

Similar Messages

• HT1338 Does Apple have a virus scan for recent malware?

  I am concerned that Adobe Updates are showing up on my dock bar at the bottom of my screen and I do not know how to ensure I am not being infected.

  If they are coming from the dock, it is most likely that it is the
  real Adobe updater.  The malware only presents itself when
  visiting a malicious website.
  You can verify this by opening the Flash Player panel in
  Preferences or checking the Adobe Updater which is usually found
  in Applications->Utilities->Adobe Utilities.
  Also, install the latest Java update for your computer which
  now also contains a malware removal tool.

• Scanning for virus/malware/trojans, etc?

  My online security has been seriously compromised in the past two weeks. It started out with my email account being hacked, and a spam message sent to everyone in my contact list. Now all of my domain names were hacked (most likely via my FTP software) and something installed malicious code into all of my websites that install a trojan on any unsuspecting visitor.
  I believe a computer in this house is (or was) acting as the router for all internet traffic and is sniffing passwords. At least, that's the only logical thing I can think of.
  I'm afraid to find out what's next, but I need to find the root of this problem and GET RID OF IT. We have a PC in the house, which I was hoping was the culprit, I completely wiped that hard drive clean and re-installed the OS, so that checks out now. And the problems are still occurring. The email hack happened before i wiped the PC, and the attack on my websites happened after. Or, at least, I NOTICED it after. It could have happened at the same time for all I know. But I want to be ABSOLUTELY sure that there's NOTHING on Macs that can be doing any damage.
  I ran ClamXav and MacScan on all 3 of my macs. All scans come up clean. Are there any other things I can do to check my system? I want to be completely sure. I don't want to have to format and re-install Leopard on these computers if possible.
  Thank you.

  markhimself wrote:
  My online security has been seriously compromised in the past two weeks. It started out with my email account being hacked, and a spam message sent to everyone in my contact list.
  You said you only used gmail from the web interface. Is your contact list online as well?
  Now all of my domain names were hacked (most likely via my FTP software) and something installed malicious code into all of my websites that install a trojan on any unsuspecting visitor.
  Why would your FTP software be to blame? It is possible that some 3rd party could have sniffed your password if you were using an unsecure protocol, which standard FTP certainly is.
  I believe a computer in this house is (or was) acting as the router for all internet traffic and is sniffing passwords. At least, that's the only logical thing I can think of.
  That's not very logical. I doubt that the PC could "take over" routing. It could have been completely compromised and that would compromise any password used on that machine or shared with any other account anywhere else. Your actual broadband router could have been hacked. That isn't likely or common, but it is possible.
  I'm afraid to find out what's next, but I need to find the root of this problem and GET RID OF IT. We have a PC in the house
  OK - there you go - get rid of it.
  And the problems are still occurring.
  Have you changed all of your passwords via secure connections?
  The email hack happened before i wiped the PC, and the attack on my websites happened after.
  Websites are a different issue. If your passwords were compromised, all bets are off. Still, you have to be careful with websites. If you use things like WordPress and don't keep them constantly updated with security patches, your website can easily be hacked.
  But I want to be ABSOLUTELY sure that there's NOTHING on Macs that can be doing any damage.
  I ran ClamXav and MacScan on all 3 of my macs.
  The Macs are fine. That is the only part you don't have to worry about. There are no viruses to infect them, but you still need to change their passwords. Once they have passwords, there is no need to hack. Just log in.

• When I clicked on Firefox IE opens instead. How do I get Firefox to load? I tried a system restore but it didn't work and I have scanned for spyware and viruses. I unistalled firefox and reinstalled and asked it to launch firefox when done and IE start

  When clicking to start Firefox IE starts instead. I have unistalled Firefox and reinstalled and thought I removed IE also but it still opens. I don't know of anything I would have changed or done that would have started the problem.
  == This happened ==
  Every time Firefox opened
  == 2 days ago and ever since. ==
  == User Agent ==
  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4

  In case you use "Clear history when Firefox closes" or otherwise clear history:
  *do not clear the Browsing History
  *Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
  *https://support.mozilla.org/kb/remove-recent-browsing-search-and-download-history
  Clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, passwords, and other website specific data.

• How do I uninstall the firefox 16 update from my computer? it won't allow my antivirus to scan for viruses and spyware!!

  when I installed this update it said that it was not compatible with my Norton toolbar, which I didn't think would be a problem. now I've got malware ads popping up on different websites and when I scan my computer for viruses/spyware, it always says there is no risks. I find that hard to believe. I just want to uninstall the last update (Firefox 16).

  You posted here with Firefox 17.0.1.
  Try running a Norton Live Update so Norton can update their Firefox add-on and get that Toolbar working again.
  That said, Norton doesn't do anything about Malware. You need a Malware application to locate and remove Malware.
  Install, update, and run these programs in this order. They are listed in order of efficacy.<br />'''''(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)''''' <br />These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have.<br />
  ''Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.''
  Malwarebytes' Anti-Malware - [http://www.malwarebytes.org/mbam.php] <br />
  SuperAntispyware - [http://www.superantispyware.com/] <br />
  AdAware - [http://www.lavasoftusa.com/software/adaware/] <br />
  Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html] <br />
  Windows Defender: Home Page - [http://windows.microsoft.com/en-US/windows7/products/features/windows-defender]<br />
  Also, if you have a search engine re-direct problem, see this:<br />
  http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
  If these don't find it or can't clear it, post in one of these forums for specialized malware removal help: <br />
  [http://www.spywarewarrior.com/index.php] <br />
  [http://forum.aumha.org/] <br />
  [http://www.spywareinfoforum.com/] <br />
  [http://bleepingcomputer.com]

• How do i scan for malware

  There was a new treat for malware out there called alurdon dns changer and supposily cause internet blackout on Monday. Any one aware of this is it a PC treat, should I be concerned? How do I scan my computer for any malware that I could have and not be aware of? Please help...

  You can run the test here:
  http://www.dns-ok.us/

• I have a 2012 iMac, running OS X Yosemite 10.10.2. Is there any way to scan for malware without buying a program?

  I have a 2012 iMac, running OS X Yosemite 10.10.2. Is there any way to scan for malware without buying a program?

  Have you been having some problems that make you think you may have malware installed?
  Download and run Etrecheck.  Copy and paste the results into your reply. Etrecheck is a diagnostic tool that was developed by one of the most respected users here (and recommended by Apple Support personnel) in the ASC to help identify the more obvious culprits that can adversely affect a Mac's performance.

• Any reputable site where we can scan our imacs for intrusion, malware, etc

  Hi,
  Since I don't use 3rd-P virus protection or intruder alerts, and I don't think most mac users do, how can we check our machines periodically to be sure we're clean?
  Can anyone recommend a site where we can do a scan or something like that? Symantec maybe?
  This Q just arose for me because in pursuing a search engine result I clicked to a site and suddenly a pop-up screen was telling my I had viruses and needed to attend to them. I got out of there asap.
  Thanks.

  No sites, and I'd stay away from any that claim to do that like the plague. I would never expose my drive to an online scan (scam.) In fact, I'd be damned careful about anything you download to do that. These won't do any harm. You've been exposed to what's called "scareware."
  MacScan
  Free demo. Might be useful in identifying several possible Trojans if you've acquired any, but will take forever to scan your whole drive.
  http://macscan.securemac.com/
  ClamXav
  Will scan for PC/Windows viruses that won't affect a Mac but which can be passed on.
  http://www.clamxav.com/index.php?page=dl

• Virus Scan for  Windows Viruses on Mac

  I am new to discussion group since my Apple Care subscription expired and they don't renew it.
  I hope this is the correct Forum for this topic----if not, please advise which of over several thousand threads might it be associated more closely with?
  I'm Looking for a virus scanner that will scan windows materials (CD disks with program files on them) while in a MAC 10.3 OSX environment.... (sorry haven't yet updated to either TIger or Leopard 10.4 or 10.5 as of yet).
  Can use or buy either an online scanner or resident virus scanner within the Mac. As this discussion group concerns the PowerBook G4 15 inch screen, that is what I chose to post first within.
  Thanks for reading this!

  Hi eww:
  Wow! You are correct for most of your assertions and observations...but unfortunately for you, I am employed and live in a PC Windows world that makes no excuses or time for the few (to the IT managers) Apple/Mac users out there. You do have a fan here in those multitude of PC vs. Mac advertisements, which clearly point out the folly of anyone using Windows on a PC.
  I am employed by a 21 college University, which, at my last estimate, currently is funding Microsoft to the tune of $42 million dollars a year for its Windows Licenses across the University platforms which are almost 100% Windows based (or mainframe Unix for computer science classes of course). I consistently get emails with unopenable "windat" files and "PowerPoint" "excel" etc files and CD's that are totally unusable in the MAC, and for which I maintained the PC. Currently offline, its a two step dance to get them off line to the MAC and then save to a jump drive and thence recopied over to the PC to be opened there. They will not normally spend college money duplicating 100 page endless documents for the one user who has a "pc" problem, and they are just as enthusiastic about their PC's and Windows and hide any defects under the general phrase "computer or internet system is down---sorry for the inconvenience" broadcast over the old fashioned "telephone answering machine" network we still have functioning after 20 years! Also, unfortunately, after having spent monies for many expensive computer programs and their proprietary methods of "saving" files so that only their program can open and utilize them.....I am not about to buy all "Mac" versions of the programs (if there are any in the same company---usually they are not), or spend the time and money buying brand new Apple created or third party created programs, learn how to use them, and then save to their unique proprietary methods of saving files, all the data and files which are saved now on the PC. That unfortunately is simply not an option. Unfortunately for timing, after investigating those programs that claim to convert the Mac into a "Windows friendly" platform also run afoul of many issues, including the program cost is just the beginning, as now one has to purchase all new versions of the programs to run on a different computer with its new unique CD product key, not to speak of the difficulty of deciding if I go with XP which can run and share the files as they are, or the new VISTA program, which as I've explored this issue with some of the major programs I use and no longer can access right now on the PC---they say that (in typical Microsoft computerspeak) "sorry, but you may find that older programs no longer run in the VISTA environment, so new programs and files may have to be created" (that sentence is a simplified compilation of the programs that I've investigated..... The simplest one to show you this on is the fact I'm a WordPerfect User in a "Word" world. Even the MAC I have has Microsoft's version of Office on it with their terrible Word program on it. Fortunately for me, WordPerfect realizes this is the issue and creates keys that allow one to change the way a file is saved so that those people with Word, or a dozen other word-processing systems can read and correct those files. Unfortunately, that does it for WordPerfect as the other companies I use and have used for years through many versions on the Windows based systems, do not care if their programs would be readable by people using similar systems on a Mac.
  But enough about why I still cling to the PC.
  You brought up interesting points that I didn't stop to think about when I went searching for AV software that would check up on the Windows based CD for malware, spyware, and viruses. I've installed CD's from reputable companies that have had "issues" where people do insert such spyware etc unknowing to the top bosses into their production of the CD's in order to create havoc and upset the end user. Of course normal AV software on my PC has removed those programs for years. My difficulty is clear now, that I cannot use the older versions of the software as they do not install on my machine anymore with the "larger" Hard Drives and it detects that and refuses to scan for it....which takes care of the pre 2006 versions of the AV software.... Post 2006, AV software, must be "activated" using the internet and updated frequently else the AV software shuts down as a precuation against piracy. Of course turning on and connecting to the internet for even a few minutes of registration invites in to my computer a trojan horse which can do its damage before the AV software has been activated and the "Internet" scanning part of the software activated. I've discussed this problem with the software company at length and they assure me that they never thought of the problem, as most people like myself are installing "upgrades" not from "zero" so the older AV software is kept functioning until its removal is requested by the "Wizard" installing the new one, after confirmation of the CD product key allows for the installation and registration of the software.....I know I know too much details but you did respond to me as if I did not know of the detriments of having a PC and now I've explained the problems that led me to this course of action......its not the patience of a saint, but the business (education) that I'm in and to which Apple did not have enough of a clout when they were choosing which platform will run University-wide several decades ago, so now we are stuck with Microsoft whether we like it or not!
  Back to the AV problem and thanks for pointing out that without the ability to download the program into the computer for the AV program to not only check up but eliminate any malware and viruses, the CD is essentially unchanged and would have been inserted into the PC and transferred its virus to the PC (if it did have one, as even a small virus would seriously hamper my continued discussions with these companies as they are searching for a solution, and coming up empty, of course they ask: any new software or viruses, and that I have until today answered "no"....
  So therefore I am between a rock and a hard place not having the ability to install a MP3 creation program into the PC, nor being able to use the latest GarageBand with the parts of the program that had "defects" (we don't call them bugs in Mac, of course Mac's don't get things like viruses or bugs I've found out over the years!)...which have been long rectified with the newer iLife and newer Tiger/Leopard operating systems. Unfortunately, that accident and lack of willing and patient people to carry the computer to where the store is located has been the cause of the delay in upgrading...until now its deadline time and too late to do anything about it....
  Of course the Garage Band would be updated when I get to have Leopard installed, but as someone here already pointed out, I have to buy from a store not via mail since I would not trust myself to install something on the Mac simply because I do not have the experience installing stuff on the Mac as except for a font program MacFonts, the Mac PowerBook is essentially the way it was when purchased in 2004.
  Thanks again for your patience in reading all of this background material---any suggestion from you or anyone would be appreciated as I’m forever barred from posting my question on the Windows help Forums as the price of entry is too high (another “free” installation of the Windows Genuine Advantage” program!)
  Mac Help

• Spyware/malware and Mac Mail

  Here's the deal... I've been having trouble with my cable email provider not accepting my email password. It's my second email account so I don't pay a lot of attention to it. Anyway, I found out they have been blocking my email account since 4/10/14 because somebody has accused me of spamming, which I haven't done. They didn't bother to notify me, they were waiting for me to call them.
  Well, to get this email account up and running again, they want me to run a spyware/malware program on my Mac. How is that going to prove anything to them if I'm supposedly the one doing the spamming? What program should I run and won't I be open for trouble on my computer by doing so.
  I asked the guy how they would know if I ran the software, "We'll just take your word for it!" is what he said. ??? Anybody have any suggestions?

  Tell them you ran Sophos Home AV Mac. It's free. You can even really do a scan and then uninstall it--or keep it. It comes with an uninstaller. If it finds anything, it will probably be something that will only run on Windows...or it might just find some adware. I'm actually using it on 10.8. It slows things down a tiny bit sometimes, but that's the only issue I've seen with it. If you were spamming, it could mean that you had inadverently been enlisted in a botnet. But there are none for Mac as of this writing.

• ClamAV fails to scan for viruses in emails [CLAWS MAIL]

  I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
  I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Here's my clamd.conf:
  ## Please read the clamd.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Uncomment this option to enable logging.
  # LogFile must be writable for the user running daemon.
  # A full path is required.
  # Default: disabled
  LogFile /var/log/clamav/clamd.log
  # By default the log file is locked for writing - the lock protects against
  # running clamd multiple times (if want to run another clamd, please
  # copy the configuration file, change the LogFile variable, and run
  # the daemon with --config-file option).
  # This option disables log file locking.
  # Default: no
  #LogFileUnlock yes
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  LogTime yes
  # Also log clean files. Useful in debugging but drastically increases the
  # log size.
  # Default: no
  #LogClean yes
  # Use system logger (can work together with LogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Log additional information about the infected file, such as its
  # size and hash, together with the virus name.
  #ExtendedDetectionInfo yes
  # This option allows you to save a process identifier of the listening
  # daemon (main thread).
  # Default: disabled
  PidFile /run/clamav/clamd.pid
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
  TemporaryDirectory /tmp
  # Path to the database directory.
  # Default: hardcoded (depends on installation options)
  DatabaseDirectory /var/lib/clamav
  # Only load the official signatures published by the ClamAV project.
  # Default: no
  OfficialDatabaseOnly yes
  # The daemon can work in local mode, network mode or both.
  # Due to security reasons we recommend the local mode.
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
  LocalSocket /var/lib/clamav/clamd.sock
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
  LocalSocketGroup clamav
  # Sets the permissions on the unix socket to the specified mode.
  # Default: disabled (socket is world accessible)
  #LocalSocketMode 660
  # Remove stale socket after unclean shutdown.
  # Default: yes
  #FixStaleSocket yes
  # TCP port address.
  # Default: no
  #TCPSocket 3310
  # TCP address.
  # By default we bind to INADDR_ANY, probably not wise.
  # Enable the following to provide some degree of protection
  # from the outside world.
  # Default: no
  #TCPAddr 127.0.0.1
  # Maximum length the queue of pending connections may grow to.
  # Default: 200
  #MaxConnectionQueueLength 30
  # Clamd uses FTP-like protocol to receive data from remote clients.
  # If you are using clamav-milter to balance load between remote clamd daemons
  # on firewall servers you may need to tune the options below.
  # Close the connection when the data size limit is exceeded.
  # The value should match your MTA's limit for a maximum attachment size.
  # Default: 25M
  #StreamMaxLength 10M
  # Limit port range.
  # Default: 1024
  #StreamMinPort 30000
  # Default: 2048
  #StreamMaxPort 32000
  # Maximum number of threads running at the same time.
  # Default: 10
  #MaxThreads 20
  # Waiting for data from a client socket will timeout after this time (seconds).
  # Default: 120
  #ReadTimeout 300
  # This option specifies the time (in seconds) after which clamd should
  # timeout if a client doesn't provide any initial command after connecting.
  # Default: 5
  #CommandReadTimeout 5
  # This option specifies how long to wait (in miliseconds) if the send buffer is full.
  # Keep this value low to prevent clamd hanging
  # Default: 500
  #SendBufTimeout 200
  # Maximum number of queued items (including those being processed by MaxThreads threads)
  # It is recommended to have this value at least twice MaxThreads if possible.
  # WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
  # the following condition should hold:
  # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
  # Default: 100
  #MaxQueue 200
  # Waiting for a new job will timeout after this time (seconds).
  # Default: 30
  #IdleTimeout 60
  # Don't scan files and directories matching regex
  # This directive can be used multiple times
  # Default: scan all
  #ExcludePath ^/proc/
  #ExcludePath ^/sys/
  # Maximum depth directories are scanned at.
  # Default: 15
  #MaxDirectoryRecursion 20
  # Follow directory symlinks.
  # Default: no
  #FollowDirectorySymlinks yes
  # Follow regular file symlinks.
  # Default: no
  #FollowFileSymlinks yes
  # Scan files and directories on other filesystems.
  # Default: yes
  #CrossFilesystems yes
  # Perform a database check.
  # Default: 600 (10 min)
  #SelfCheck 600
  # Execute a command when virus is found. In the command string %v will
  # be replaced with the virus name.
  # Default: no
  #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
  # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges
  User clamav
  # Initialize supplementary group access (clamd must be started by root).
  # Default: no
  #AllowSupplementaryGroups no
  # Stop daemon when libclamav reports out of memory condition.
  #ExitOnOOM yes
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Do not remove temporary files (for debug purposes).
  # Default: no
  #LeaveTemporaryFiles yes
  # Detect Possibly Unwanted Applications.
  # Default: no
  #DetectPUA yes
  # Exclude a specific PUA category. This directive can be used multiple times.
  # See http://www.clamav.net/support/pua for the complete list of PUA
  # categories.
  # Default: Load all categories (if DetectPUA is activated)
  #ExcludePUA NetTool
  #ExcludePUA PWTool
  # Only include a specific PUA category. This directive can be used multiple
  # times.
  # Default: Load all categories (if DetectPUA is activated)
  #IncludePUA Spy
  #IncludePUA Scanner
  #IncludePUA RAT
  # In some cases (eg. complex malware, exploits in graphic files, and others),
  # ClamAV uses special algorithms to provide accurate detection. This option
  # controls the algorithmic detection.
  # Default: yes
  #AlgorithmicDetection yes
  ## Executable files
  # PE stands for Portable Executable - it's an executable file format used
  # in all 32 and 64-bit versions of Windows operating systems. This option allows
  # ClamAV to perform a deeper analysis of executable files and it's also
  # required for decompression of popular executable packers such as UPX, FSG,
  # and Petite. If you turn off this option, the original files will still be
  # scanned, but without additional processing.
  # Default: yes
  #ScanPE yes
  # Executable and Linking Format is a standard format for UN*X executables.
  # This option allows you to control the scanning of ELF files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanELF yes
  # With this option clamav will try to detect broken executables (both PE and
  # ELF) and mark them as Broken.Executable.
  # Default: no
  #DetectBrokenExecutables yes
  ## Documents
  # This option enables scanning of OLE2 files, such as Microsoft Office
  # documents and .msi files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanOLE2 yes
  # With this option enabled OLE2 files with VBA macros, which were not
  # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
  # Default: no
  #OLE2BlockMacros no
  # This option enables scanning within PDF files.
  # If you turn off this option, the original files will still be scanned, but
  # without decoding and additional processing.
  # Default: yes
  #ScanPDF yes
  ## Mail files
  # Enable internal e-mail scanner.
  # If you turn off this option, the original files will still be scanned, but
  # without parsing individual messages/attachments.
  # Default: yes
  #ScanMail yes
  # Scan RFC1341 messages split over many emails.
  # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
  # WARNING: This option may open your system to a DoS attack.
  # Never use it on loaded servers.
  # Default: no
  #ScanPartialMessages yes
  # With this option enabled ClamAV will try to detect phishing attempts by using
  # signatures.
  # Default: yes
  #PhishingSignatures yes
  # Scan URLs found in mails for phishing attempts using heuristics.
  # Default: yes
  #PhishingScanURLs yes
  # Always block SSL mismatches in URLs, even if the URL isn't in the database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockSSLMismatch no
  # Always block cloaked URLs, even if URL isn't in database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockCloak no
  # Allow heuristic match to take precedence.
  # When enabled, if a heuristic scan (such as phishingScan) detects
  # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
  # scan-time.
  # When disabled, virus/phish detected by heuristic scans will be reported only at
  # the end of a scan. If an archive contains both a heuristically detected
  # virus/phish, and a real malware, the real malware will be reported
  # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
  # differently from "real" malware.
  # If a non-heuristically-detected virus (signature-based) is found first,
  # the scan is interrupted immediately, regardless of this config option.
  # Default: no
  #HeuristicScanPrecedence yes
  ## Data Loss Prevention (DLP)
  # Enable the DLP module
  # Default: No
  #StructuredDataDetection yes
  # This option sets the lowest number of Credit Card numbers found in a file
  # to generate a detect.
  # Default: 3
  #StructuredMinCreditCardCount 5
  # This option sets the lowest number of Social Security Numbers found
  # in a file to generate a detect.
  # Default: 3
  #StructuredMinSSNCount 5
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxx-yy-zzzz
  # Default: yes
  #StructuredSSNFormatNormal yes
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxxyyzzzz
  # Default: no
  #StructuredSSNFormatStripped yes
  ## HTML
  # Perform HTML normalisation and decryption of MS Script Encoder code.
  # Default: yes
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  #ScanHTML yes
  ## Archives
  # ClamAV can scan within archives and compressed files.
  # If you turn off this option, the original files will still be scanned, but
  # without unpacking and additional processing.
  # Default: yes
  #ScanArchive yes
  # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
  # Default: no
  #ArchiveBlockEncrypted no
  ## Limits
  # The options below protect your system against Denial of Service attacks
  # using archive bombs.
  # This option sets the maximum amount of data to be scanned for each input file.
  # Archives and other containers are recursively extracted and scanned up to this
  # value.
  # Value of 0 disables the limit
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 100M
  #MaxScanSize 150M
  # Files larger than this limit won't be scanned. Affects the input file itself
  # as well as files contained inside it (when the input file is an archive, a
  # document or some other kind of container).
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 25M
  #MaxFileSize 30M
  # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
  # file, all files within it will also be scanned. This options specifies how
  # deeply the process should be continued.
  # Note: setting this limit too high may result in severe damage to the system.
  # Default: 16
  #MaxRecursion 10
  # Number of files to be scanned within an archive, a document, or any other
  # container file.
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 10000
  #MaxFiles 15000
  ## Clamuko settings
  # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
  # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
  # is the preferred option. For more information please visit www.dazuko.org
  # Default: no
  #ClamukoScanOnAccess yes
  # The number of scanner threads that will be started (DazukoFS only).
  # Having multiple scanner threads allows Clamuko to serve multiple
  # processes simultaneously. This is particularly beneficial on SMP machines.
  # Default: 3
  #ClamukoScannerCount 3
  # Don't scan files larger than ClamukoMaxFileSize
  # Value of 0 disables the limit.
  # Default: 5M
  #ClamukoMaxFileSize 10M
  # Set access mask for Clamuko (Dazuko only).
  # Default: no
  #ClamukoScanOnOpen yes
  #ClamukoScanOnClose yes
  #ClamukoScanOnExec yes
  # Set the include paths (all files inside them will be scanned). You can have
  # multiple ClamukoIncludePath directives but each directory must be added
  # in a seperate line. (Dazuko only)
  # Default: disabled
  #ClamukoIncludePath /home
  #ClamukoIncludePath /students
  # Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
  # Default: disabled
  #ClamukoExcludePath /home/bofh
  # With this option you can whitelist specific UIDs. Processes with these UIDs
  # will be able to access all files.
  # This option can be used multiple times (one per line).
  # Default: disabled
  #ClamukoExcludeUID 0
  # With this option enabled ClamAV will load bytecode from the database.
  # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
  # Default: yes
  #Bytecode yes
  # Set bytecode security level.
  # Possible values:
  # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
  # This value is only available if clamav was built with --enable-debug!
  # TrustSigned - trust bytecode loaded from signed .c[lv]d files,
  # insert runtime safety checks for bytecode loaded from other sources
  # Paranoid - don't trust any bytecode, insert runtime checks for all
  # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
  # Note that by default only signed bytecode is loaded, currently you can only
  # load unsigned bytecode in --enable-debug mode.
  # Default: TrustSigned
  #BytecodeSecurity TrustSigned
  # Set bytecode timeout in miliseconds.
  # Default: 5000
  # BytecodeTimeout 1000
  My freshclam.conf:
  ## Please read the freshclam.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Path to the database directory.
  # WARNING: It must match clamd.conf's directive!
  # Default: hardcoded (depends on installation options)
  #DatabaseDirectory /var/lib/clamav
  # Path to the log file (make sure it has proper permissions)
  # Default: disabled
  UpdateLogFile /var/log/clamav/freshclam.log
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  #LogTime yes
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Use system logger (can work together with UpdateLogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
  #PidFile /var/run/freshclam.pid
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.
  # Default: clamav (may depend on installation options)
  #DatabaseOwner clamav
  # Initialize supplementary group access (freshclam must be started by root).
  # Default: no
  #AllowSupplementaryGroups yes
  # Use DNS to verify virus database version. Freshclam uses DNS TXT records
  # to verify database and software versions. With this directive you can change
  # the database verification domain.
  # WARNING: Do not touch it unless you're configuring freshclam to use your
  # own database verification domain.
  # Default: current.cvd.clamav.net
  #DNSDatabaseInfo current.cvd.clamav.net
  # Uncomment the following line and replace XY with your country
  # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
  # You can use db.XY.ipv6.clamav.net for IPv6 connections.
  #DatabaseMirror db.XY.clamav.net
  # database.clamav.net is a round-robin record which points to our most
  # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
  # not working. DO NOT TOUCH the following line unless you know what you
  # are doing.
  DatabaseMirror database.clamav.net
  # How many attempts to make before giving up.
  # Default: 3 (per mirror)
  #MaxAttempts 5
  # With this option you can control scripted updates. It's highly recommended
  # to keep it enabled.
  # Default: yes
  #ScriptedUpdates yes
  # By default freshclam will keep the local databases (.cld) uncompressed to
  # make their handling faster. With this option you can enable the compression;
  # the change will take effect with the next database update.
  # Default: no
  #CompressLocalDatabase no
  # With this option you can provide custom sources (http:// or file://) for
  # database files. This option can be used multiple times.
  # Default: no custom URLs
  #DatabaseCustomURL http://myserver.com/mysigs.ndb
  #DatabaseCustomURL file:///mnt/nfs/local.hdb
  # Number of database checks per day.
  # Default: 12 (every two hours)
  #Checks 24
  # Proxy settings
  # Default: disabled
  #HTTPProxyServer myproxy.com
  #HTTPProxyPort 1234
  #HTTPProxyUsername myusername
  #HTTPProxyPassword mypass
  # If your servers are behind a firewall/proxy which applies User-Agent
  # filtering you can use this option to force the use of a different
  # User-Agent header.
  # Default: clamav/version_number
  #HTTPUserAgent SomeUserAgentIdString
  # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
  # multi-homed systems.
  # Default: Use OS'es default outgoing IP address.
  #LocalIPAddress aaa.bbb.ccc.ddd
  # Send the RELOAD command to clamd.
  # Default: no
  NotifyClamd /etc/clamav/clamd.conf
  # Run command after successful database update.
  # Default: disabled
  #OnUpdateExecute command
  # Run command when database update process fails.
  # Default: disabled
  #OnErrorExecute command
  # Run command when freshclam reports outdated version.
  # In the command string %v will be replaced by the new version number.
  # Default: disabled
  #OnOutdatedExecute command
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Timeout in seconds when connecting to database server.
  # Default: 30
  #ConnectTimeout 60
  # Timeout in seconds when reading from database server.
  # Default: 30
  #ReceiveTimeout 60
  # With this option enabled, freshclam will attempt to load new
  # databases into memory to make sure they are properly handled
  # by libclamav before replacing the old ones.
  # Default: yes
  #TestDatabases yes
  # When enabled freshclam will submit statistics to the ClamAV Project about
  # the latest virus detections in your environment. The ClamAV maintainers
  # will then use this data to determine what types of malware are the most
  # detected in the field and in what geographic area they are.
  # Freshclam will connect to clamd in order to get recent statistics.
  # Default: no
  #SubmitDetectionStats /path/to/clamd.conf
  # Country of origin of malware/detection statistics (for statistical
  # purposes only). The statistics collector at ClamAV.net will look up
  # your IP address to determine the geographical origin of the malware
  # reported by your installation. If this installation is mainly used to
  # scan data which comes from a different location, please enable this
  # option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
  # of the country of origin.
  # Default: disabled
  #DetectionStatsCountry country-code
  # This option enables support for our "Personal Statistics" service.
  # When this option is enabled, the information on malware detected by
  # your clamd installation is made available to you through our website.
  # To get your HostID, log on http://www.stats.clamav.net and add a new
  # host to your host list. Once you have the HostID, uncomment this option
  # and paste the HostID here. As soon as your freshclam starts submitting
  # information to our stats collecting service, you will be able to view
  # the statistics of this clamd installation by logging into
  # http://www.stats.clamav.net with the same credentials you used to
  # generate the HostID. For more information refer to:
  # http://www.clamav.net/support/faq/faq-cctts/
  # This feature requires SubmitDetectionStats to be enabled.
  # Default: disabled
  #DetectionStatsHostID unique-id
  # This option enables support for Google Safe Browsing. When activated for
  # the first time, freshclam will download a new database file (safebrowsing.cvd)
  # which will be automatically loaded by clamd and clamscan during the next
  # reload, provided that the heuristic phishing detection is turned on. This
  # database includes information about websites that may be phishing sites or
  # possible sources of malware. When using this option, it's mandatory to run
  # freshclam at least every 30 minutes.
  # Freshclam uses the ClamAV's mirror infrastructure to distribute the
  # database and its updates but all the contents are provided under Google's
  # terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
  # and http://safebrowsing.clamav.net for more information.
  # Default: disabled
  #SafeBrowsing yes
  # This option enables downloading of bytecode.cvd, which includes additional
  # detection mechanisms and improvements to the ClamAV engine.
  # Default: enabled
  #Bytecode yes
  # Download an additional 3rd party signature database distributed through
  # the ClamAV mirrors. Here you can find a list of available databases:
  # http://www.clamav.net/download/cvd/3rdparty
  # This option can be used multiple times.
  #ExtraDatabase dbname1
  #ExtraDatabase dbname2
  Any help is much appreciated.

  MatejLach wrote:
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

• Ways to scan for viruses on macs?

  I want to scan and check for viruses.

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.         
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other inessential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Currently, when you install the Apple-supplied Java runtime (but not the Oracle runtime), a "Malware Removal Tool" (MRT) is also installed. MRT runs automatically in the background and appears to scan your files for installed malware that may have evaded XProtect. Like XProtect, MRT is probably effective against known attacks, but not against unknown attacks. There is no user interface to MRT.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, when necessary, only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

• Email Virus/Spyware/Malware

  Greetings,
  I am rather curious as to how things work nowadays. Is it possible to get a virus/trojan/spyware/malware simply by browsing through your Mail Inbox and going through emails without clicking on any links in the email or opening up attachments? Perhaps exeuctable code secretly hidden in the email message?
  I received a spam email from an online social network called Twoo which stated that I had a message waiting for me on the website. I didn't click on any links whatsoever, I just read the email. Afterwards, I deleted it and considered it as spam.
  Any thoughts would be much appreciated!
  Thanks!

  Most Mac users very quickly discover that AV software on a Mac is more of a problem then it claims it will solve. The majority of them are only able to discover Windows virus since that is all the is available at this time. To do that they use an inordinate amount os suystem resourse while search for nothing. They usually manage to corrupt files systems while doing that. They are also know to have false positive on file important to the system. So once they are quarrentined the Mac is dead. They do all of this great stuff if you install them. I personally prefer to go without them and avoid the problems they cause.

• Is there A virus scan for the playbook

  I have look everywhere I can think of. Is there A virus and malware scan for the playbook

  if you store an EXE file, your PC should be set to scan all USB and network shares and should detect it before you run it
  where did you see android virus?
  Click here to Backup the data on your BlackBerry Device! It's important, and FREE!
  Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
  Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
  BESAdmin's, please make a signature with your BES environment info.
  SIM Free BlackBerry Unlocking FAQ
  Follow me on Twitter @knottyrope
  Want to thank me? Buy my KnottyRope App here
  BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V

• Suddenly my imac will not open e-mail attachments. It scans for viruses. I hit continue and nothing happens.

  Suddenly my imac will not open e-mail attachments.  It scans for viruses.  When I hit "continue", nothing happens.

  The problem most likely is the antivirus application. My recommendation would be following the developers instructions, uninstall the application. Most antivirus applications tend to create more problems than they solve. The best thing you can do for your system is to run Software Update frequently and let Apple's security handle any issues. I'd also strongly recommend you carefully read Thomas Reed's Mac Malware Guide.