Scanning for virus/malware/trojans, etc?

Similar Messages

• Viruses, malware, trojans, etc.

  I have an MPB, OSX 10.5.8 and a 16.5 year old son. I was able to resolve the kernel panic problem, but only because I had access to an external drive version of an install disc with which I could fire up Disk Utility, which then made repairs. I had been able to reboot from neither an onboard install disc nor an internal TechTool eDrive.
  Suspicious, I installed and ran ClamXav anti-virus tool and found two items:
  hottiestar_installer.exe decsribed as Trojan.Inject-3034, and
  useGoingBook.class-73a68686-5131a64d.class described as Trojan.Downloader.Java.ClassLoader-1 .
  ClamXav placed the two in a folder and then I trashed them both. Am I done? Is it safe? I know so little about how these things operate and what they do. It seems like I've killed the messengers, but have I destroyed the messages?
  Is it more likely that these were picked up from friends with infected Windows machines than from direct downloading to the MPB?
  Thank you.

  Raven Icefire wrote:
  I am looking at buying a MBP. My brother goes to ITT and he said that they are talking about the rise of mac viruses. Is this something I should consider when buying, like should I pay for the anti-virus or are the types of viruses that they were talking about not something to worry about?
  Welcome to Apple's discussion groups.
  There really are no Mac viruses in the traditional sense. There are Mac trojans, which can be avoided by actions such as declining offers to install "codecs" that claim to allow viewing of questionable content.
  Safari and OS X have a certain amount of malware protection already built in. If you really want to install anti-virus software on a Mac, consider ClamXav: http://www.clamxav.com/
  One more piece of advice: If you're looking for advice, start your own thread instead of attaching your question to a thread already marked as "answered", as those threads receive a lot less attention than unanswered threads.

• ClamAV fails to scan for viruses in emails [CLAWS MAIL]

  I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
  I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Here's my clamd.conf:
  ## Please read the clamd.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Uncomment this option to enable logging.
  # LogFile must be writable for the user running daemon.
  # A full path is required.
  # Default: disabled
  LogFile /var/log/clamav/clamd.log
  # By default the log file is locked for writing - the lock protects against
  # running clamd multiple times (if want to run another clamd, please
  # copy the configuration file, change the LogFile variable, and run
  # the daemon with --config-file option).
  # This option disables log file locking.
  # Default: no
  #LogFileUnlock yes
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  LogTime yes
  # Also log clean files. Useful in debugging but drastically increases the
  # log size.
  # Default: no
  #LogClean yes
  # Use system logger (can work together with LogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Log additional information about the infected file, such as its
  # size and hash, together with the virus name.
  #ExtendedDetectionInfo yes
  # This option allows you to save a process identifier of the listening
  # daemon (main thread).
  # Default: disabled
  PidFile /run/clamav/clamd.pid
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
  TemporaryDirectory /tmp
  # Path to the database directory.
  # Default: hardcoded (depends on installation options)
  DatabaseDirectory /var/lib/clamav
  # Only load the official signatures published by the ClamAV project.
  # Default: no
  OfficialDatabaseOnly yes
  # The daemon can work in local mode, network mode or both.
  # Due to security reasons we recommend the local mode.
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
  LocalSocket /var/lib/clamav/clamd.sock
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
  LocalSocketGroup clamav
  # Sets the permissions on the unix socket to the specified mode.
  # Default: disabled (socket is world accessible)
  #LocalSocketMode 660
  # Remove stale socket after unclean shutdown.
  # Default: yes
  #FixStaleSocket yes
  # TCP port address.
  # Default: no
  #TCPSocket 3310
  # TCP address.
  # By default we bind to INADDR_ANY, probably not wise.
  # Enable the following to provide some degree of protection
  # from the outside world.
  # Default: no
  #TCPAddr 127.0.0.1
  # Maximum length the queue of pending connections may grow to.
  # Default: 200
  #MaxConnectionQueueLength 30
  # Clamd uses FTP-like protocol to receive data from remote clients.
  # If you are using clamav-milter to balance load between remote clamd daemons
  # on firewall servers you may need to tune the options below.
  # Close the connection when the data size limit is exceeded.
  # The value should match your MTA's limit for a maximum attachment size.
  # Default: 25M
  #StreamMaxLength 10M
  # Limit port range.
  # Default: 1024
  #StreamMinPort 30000
  # Default: 2048
  #StreamMaxPort 32000
  # Maximum number of threads running at the same time.
  # Default: 10
  #MaxThreads 20
  # Waiting for data from a client socket will timeout after this time (seconds).
  # Default: 120
  #ReadTimeout 300
  # This option specifies the time (in seconds) after which clamd should
  # timeout if a client doesn't provide any initial command after connecting.
  # Default: 5
  #CommandReadTimeout 5
  # This option specifies how long to wait (in miliseconds) if the send buffer is full.
  # Keep this value low to prevent clamd hanging
  # Default: 500
  #SendBufTimeout 200
  # Maximum number of queued items (including those being processed by MaxThreads threads)
  # It is recommended to have this value at least twice MaxThreads if possible.
  # WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
  # the following condition should hold:
  # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
  # Default: 100
  #MaxQueue 200
  # Waiting for a new job will timeout after this time (seconds).
  # Default: 30
  #IdleTimeout 60
  # Don't scan files and directories matching regex
  # This directive can be used multiple times
  # Default: scan all
  #ExcludePath ^/proc/
  #ExcludePath ^/sys/
  # Maximum depth directories are scanned at.
  # Default: 15
  #MaxDirectoryRecursion 20
  # Follow directory symlinks.
  # Default: no
  #FollowDirectorySymlinks yes
  # Follow regular file symlinks.
  # Default: no
  #FollowFileSymlinks yes
  # Scan files and directories on other filesystems.
  # Default: yes
  #CrossFilesystems yes
  # Perform a database check.
  # Default: 600 (10 min)
  #SelfCheck 600
  # Execute a command when virus is found. In the command string %v will
  # be replaced with the virus name.
  # Default: no
  #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
  # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges
  User clamav
  # Initialize supplementary group access (clamd must be started by root).
  # Default: no
  #AllowSupplementaryGroups no
  # Stop daemon when libclamav reports out of memory condition.
  #ExitOnOOM yes
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Do not remove temporary files (for debug purposes).
  # Default: no
  #LeaveTemporaryFiles yes
  # Detect Possibly Unwanted Applications.
  # Default: no
  #DetectPUA yes
  # Exclude a specific PUA category. This directive can be used multiple times.
  # See http://www.clamav.net/support/pua for the complete list of PUA
  # categories.
  # Default: Load all categories (if DetectPUA is activated)
  #ExcludePUA NetTool
  #ExcludePUA PWTool
  # Only include a specific PUA category. This directive can be used multiple
  # times.
  # Default: Load all categories (if DetectPUA is activated)
  #IncludePUA Spy
  #IncludePUA Scanner
  #IncludePUA RAT
  # In some cases (eg. complex malware, exploits in graphic files, and others),
  # ClamAV uses special algorithms to provide accurate detection. This option
  # controls the algorithmic detection.
  # Default: yes
  #AlgorithmicDetection yes
  ## Executable files
  # PE stands for Portable Executable - it's an executable file format used
  # in all 32 and 64-bit versions of Windows operating systems. This option allows
  # ClamAV to perform a deeper analysis of executable files and it's also
  # required for decompression of popular executable packers such as UPX, FSG,
  # and Petite. If you turn off this option, the original files will still be
  # scanned, but without additional processing.
  # Default: yes
  #ScanPE yes
  # Executable and Linking Format is a standard format for UN*X executables.
  # This option allows you to control the scanning of ELF files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanELF yes
  # With this option clamav will try to detect broken executables (both PE and
  # ELF) and mark them as Broken.Executable.
  # Default: no
  #DetectBrokenExecutables yes
  ## Documents
  # This option enables scanning of OLE2 files, such as Microsoft Office
  # documents and .msi files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanOLE2 yes
  # With this option enabled OLE2 files with VBA macros, which were not
  # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
  # Default: no
  #OLE2BlockMacros no
  # This option enables scanning within PDF files.
  # If you turn off this option, the original files will still be scanned, but
  # without decoding and additional processing.
  # Default: yes
  #ScanPDF yes
  ## Mail files
  # Enable internal e-mail scanner.
  # If you turn off this option, the original files will still be scanned, but
  # without parsing individual messages/attachments.
  # Default: yes
  #ScanMail yes
  # Scan RFC1341 messages split over many emails.
  # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
  # WARNING: This option may open your system to a DoS attack.
  # Never use it on loaded servers.
  # Default: no
  #ScanPartialMessages yes
  # With this option enabled ClamAV will try to detect phishing attempts by using
  # signatures.
  # Default: yes
  #PhishingSignatures yes
  # Scan URLs found in mails for phishing attempts using heuristics.
  # Default: yes
  #PhishingScanURLs yes
  # Always block SSL mismatches in URLs, even if the URL isn't in the database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockSSLMismatch no
  # Always block cloaked URLs, even if URL isn't in database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockCloak no
  # Allow heuristic match to take precedence.
  # When enabled, if a heuristic scan (such as phishingScan) detects
  # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
  # scan-time.
  # When disabled, virus/phish detected by heuristic scans will be reported only at
  # the end of a scan. If an archive contains both a heuristically detected
  # virus/phish, and a real malware, the real malware will be reported
  # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
  # differently from "real" malware.
  # If a non-heuristically-detected virus (signature-based) is found first,
  # the scan is interrupted immediately, regardless of this config option.
  # Default: no
  #HeuristicScanPrecedence yes
  ## Data Loss Prevention (DLP)
  # Enable the DLP module
  # Default: No
  #StructuredDataDetection yes
  # This option sets the lowest number of Credit Card numbers found in a file
  # to generate a detect.
  # Default: 3
  #StructuredMinCreditCardCount 5
  # This option sets the lowest number of Social Security Numbers found
  # in a file to generate a detect.
  # Default: 3
  #StructuredMinSSNCount 5
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxx-yy-zzzz
  # Default: yes
  #StructuredSSNFormatNormal yes
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxxyyzzzz
  # Default: no
  #StructuredSSNFormatStripped yes
  ## HTML
  # Perform HTML normalisation and decryption of MS Script Encoder code.
  # Default: yes
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  #ScanHTML yes
  ## Archives
  # ClamAV can scan within archives and compressed files.
  # If you turn off this option, the original files will still be scanned, but
  # without unpacking and additional processing.
  # Default: yes
  #ScanArchive yes
  # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
  # Default: no
  #ArchiveBlockEncrypted no
  ## Limits
  # The options below protect your system against Denial of Service attacks
  # using archive bombs.
  # This option sets the maximum amount of data to be scanned for each input file.
  # Archives and other containers are recursively extracted and scanned up to this
  # value.
  # Value of 0 disables the limit
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 100M
  #MaxScanSize 150M
  # Files larger than this limit won't be scanned. Affects the input file itself
  # as well as files contained inside it (when the input file is an archive, a
  # document or some other kind of container).
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 25M
  #MaxFileSize 30M
  # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
  # file, all files within it will also be scanned. This options specifies how
  # deeply the process should be continued.
  # Note: setting this limit too high may result in severe damage to the system.
  # Default: 16
  #MaxRecursion 10
  # Number of files to be scanned within an archive, a document, or any other
  # container file.
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 10000
  #MaxFiles 15000
  ## Clamuko settings
  # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
  # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
  # is the preferred option. For more information please visit www.dazuko.org
  # Default: no
  #ClamukoScanOnAccess yes
  # The number of scanner threads that will be started (DazukoFS only).
  # Having multiple scanner threads allows Clamuko to serve multiple
  # processes simultaneously. This is particularly beneficial on SMP machines.
  # Default: 3
  #ClamukoScannerCount 3
  # Don't scan files larger than ClamukoMaxFileSize
  # Value of 0 disables the limit.
  # Default: 5M
  #ClamukoMaxFileSize 10M
  # Set access mask for Clamuko (Dazuko only).
  # Default: no
  #ClamukoScanOnOpen yes
  #ClamukoScanOnClose yes
  #ClamukoScanOnExec yes
  # Set the include paths (all files inside them will be scanned). You can have
  # multiple ClamukoIncludePath directives but each directory must be added
  # in a seperate line. (Dazuko only)
  # Default: disabled
  #ClamukoIncludePath /home
  #ClamukoIncludePath /students
  # Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
  # Default: disabled
  #ClamukoExcludePath /home/bofh
  # With this option you can whitelist specific UIDs. Processes with these UIDs
  # will be able to access all files.
  # This option can be used multiple times (one per line).
  # Default: disabled
  #ClamukoExcludeUID 0
  # With this option enabled ClamAV will load bytecode from the database.
  # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
  # Default: yes
  #Bytecode yes
  # Set bytecode security level.
  # Possible values:
  # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
  # This value is only available if clamav was built with --enable-debug!
  # TrustSigned - trust bytecode loaded from signed .c[lv]d files,
  # insert runtime safety checks for bytecode loaded from other sources
  # Paranoid - don't trust any bytecode, insert runtime checks for all
  # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
  # Note that by default only signed bytecode is loaded, currently you can only
  # load unsigned bytecode in --enable-debug mode.
  # Default: TrustSigned
  #BytecodeSecurity TrustSigned
  # Set bytecode timeout in miliseconds.
  # Default: 5000
  # BytecodeTimeout 1000
  My freshclam.conf:
  ## Please read the freshclam.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Path to the database directory.
  # WARNING: It must match clamd.conf's directive!
  # Default: hardcoded (depends on installation options)
  #DatabaseDirectory /var/lib/clamav
  # Path to the log file (make sure it has proper permissions)
  # Default: disabled
  UpdateLogFile /var/log/clamav/freshclam.log
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  #LogTime yes
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Use system logger (can work together with UpdateLogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
  #PidFile /var/run/freshclam.pid
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.
  # Default: clamav (may depend on installation options)
  #DatabaseOwner clamav
  # Initialize supplementary group access (freshclam must be started by root).
  # Default: no
  #AllowSupplementaryGroups yes
  # Use DNS to verify virus database version. Freshclam uses DNS TXT records
  # to verify database and software versions. With this directive you can change
  # the database verification domain.
  # WARNING: Do not touch it unless you're configuring freshclam to use your
  # own database verification domain.
  # Default: current.cvd.clamav.net
  #DNSDatabaseInfo current.cvd.clamav.net
  # Uncomment the following line and replace XY with your country
  # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
  # You can use db.XY.ipv6.clamav.net for IPv6 connections.
  #DatabaseMirror db.XY.clamav.net
  # database.clamav.net is a round-robin record which points to our most
  # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
  # not working. DO NOT TOUCH the following line unless you know what you
  # are doing.
  DatabaseMirror database.clamav.net
  # How many attempts to make before giving up.
  # Default: 3 (per mirror)
  #MaxAttempts 5
  # With this option you can control scripted updates. It's highly recommended
  # to keep it enabled.
  # Default: yes
  #ScriptedUpdates yes
  # By default freshclam will keep the local databases (.cld) uncompressed to
  # make their handling faster. With this option you can enable the compression;
  # the change will take effect with the next database update.
  # Default: no
  #CompressLocalDatabase no
  # With this option you can provide custom sources (http:// or file://) for
  # database files. This option can be used multiple times.
  # Default: no custom URLs
  #DatabaseCustomURL http://myserver.com/mysigs.ndb
  #DatabaseCustomURL file:///mnt/nfs/local.hdb
  # Number of database checks per day.
  # Default: 12 (every two hours)
  #Checks 24
  # Proxy settings
  # Default: disabled
  #HTTPProxyServer myproxy.com
  #HTTPProxyPort 1234
  #HTTPProxyUsername myusername
  #HTTPProxyPassword mypass
  # If your servers are behind a firewall/proxy which applies User-Agent
  # filtering you can use this option to force the use of a different
  # User-Agent header.
  # Default: clamav/version_number
  #HTTPUserAgent SomeUserAgentIdString
  # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
  # multi-homed systems.
  # Default: Use OS'es default outgoing IP address.
  #LocalIPAddress aaa.bbb.ccc.ddd
  # Send the RELOAD command to clamd.
  # Default: no
  NotifyClamd /etc/clamav/clamd.conf
  # Run command after successful database update.
  # Default: disabled
  #OnUpdateExecute command
  # Run command when database update process fails.
  # Default: disabled
  #OnErrorExecute command
  # Run command when freshclam reports outdated version.
  # In the command string %v will be replaced by the new version number.
  # Default: disabled
  #OnOutdatedExecute command
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Timeout in seconds when connecting to database server.
  # Default: 30
  #ConnectTimeout 60
  # Timeout in seconds when reading from database server.
  # Default: 30
  #ReceiveTimeout 60
  # With this option enabled, freshclam will attempt to load new
  # databases into memory to make sure they are properly handled
  # by libclamav before replacing the old ones.
  # Default: yes
  #TestDatabases yes
  # When enabled freshclam will submit statistics to the ClamAV Project about
  # the latest virus detections in your environment. The ClamAV maintainers
  # will then use this data to determine what types of malware are the most
  # detected in the field and in what geographic area they are.
  # Freshclam will connect to clamd in order to get recent statistics.
  # Default: no
  #SubmitDetectionStats /path/to/clamd.conf
  # Country of origin of malware/detection statistics (for statistical
  # purposes only). The statistics collector at ClamAV.net will look up
  # your IP address to determine the geographical origin of the malware
  # reported by your installation. If this installation is mainly used to
  # scan data which comes from a different location, please enable this
  # option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
  # of the country of origin.
  # Default: disabled
  #DetectionStatsCountry country-code
  # This option enables support for our "Personal Statistics" service.
  # When this option is enabled, the information on malware detected by
  # your clamd installation is made available to you through our website.
  # To get your HostID, log on http://www.stats.clamav.net and add a new
  # host to your host list. Once you have the HostID, uncomment this option
  # and paste the HostID here. As soon as your freshclam starts submitting
  # information to our stats collecting service, you will be able to view
  # the statistics of this clamd installation by logging into
  # http://www.stats.clamav.net with the same credentials you used to
  # generate the HostID. For more information refer to:
  # http://www.clamav.net/support/faq/faq-cctts/
  # This feature requires SubmitDetectionStats to be enabled.
  # Default: disabled
  #DetectionStatsHostID unique-id
  # This option enables support for Google Safe Browsing. When activated for
  # the first time, freshclam will download a new database file (safebrowsing.cvd)
  # which will be automatically loaded by clamd and clamscan during the next
  # reload, provided that the heuristic phishing detection is turned on. This
  # database includes information about websites that may be phishing sites or
  # possible sources of malware. When using this option, it's mandatory to run
  # freshclam at least every 30 minutes.
  # Freshclam uses the ClamAV's mirror infrastructure to distribute the
  # database and its updates but all the contents are provided under Google's
  # terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
  # and http://safebrowsing.clamav.net for more information.
  # Default: disabled
  #SafeBrowsing yes
  # This option enables downloading of bytecode.cvd, which includes additional
  # detection mechanisms and improvements to the ClamAV engine.
  # Default: enabled
  #Bytecode yes
  # Download an additional 3rd party signature database distributed through
  # the ClamAV mirrors. Here you can find a list of available databases:
  # http://www.clamav.net/download/cvd/3rdparty
  # This option can be used multiple times.
  #ExtraDatabase dbname1
  #ExtraDatabase dbname2
  Any help is much appreciated.

  MatejLach wrote:
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

• Scanning for Spyware/Malware?

  how can i check my macbook to see whether or not i have any sort of virus, malware, trojan, worm, etc.?

  Snow Leopard comes pre-installed with anti virus software, spyware and malware protection, read here.
  That is not quite accurate. There are no Mac viruses to be protected against. Snow Leopard includes protection against the few known trojans, provided you download using a program that supports quarantine (the feature that warns you "This application was downloaded, do you want to open it, blah blah").
  The whole "defense against viruses" thing on that page refers to the fact that Mac OS X is a difficult target for viruses, due to security features in the OS. It should not be interpreted as the presence of any kind of virus scanner as part of the OS.
  Note that I'm not advocating installation of third-party AV software... as you say, it is commonly a lot more trouble than it's worth, especially considering how low its worth actually is. I just think accurate information is very important on this issue.

• HT5621 How can I scan for viruses on my Mac?

  How can I scan for viruses on my Mac desktop?

  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.
  https://discussions.apple.com/docs/DOC-2435
  More useful information can also be found here:
  www.thesafemac.com/mmg

• Suddenly my imac will not open e-mail attachments. It scans for viruses. I hit continue and nothing happens.

  Suddenly my imac will not open e-mail attachments.  It scans for viruses.  When I hit "continue", nothing happens.

  The problem most likely is the antivirus application. My recommendation would be following the developers instructions, uninstall the application. Most antivirus applications tend to create more problems than they solve. The best thing you can do for your system is to run Software Update frequently and let Apple's security handle any issues. I'd also strongly recommend you carefully read Thomas Reed's Mac Malware Guide.

• How do we scan for viruses of uploaded excel file in Web Dynpro for JAVA

  Hi All,
  Please let me know "How do we scan for viruses of uploaded excel file in Web Dynpro for JAVA"
  Regards,
  Ganga.

  Hi ,
  pl go through this note "Integrating a virus scan into SAP applications 817623 "
  SAP Virus Scan Interface
  http://help.sap.com/saphelp_nw2004s/helpdata/en/30/42c13a38b44d5e8d1b140794e8e850/frameset.htm
  Sample Application
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/6e1c4221-0901-0010-63ba-b1f9459d6e74
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f2681486-0a01-0010-8497-c778eac80da5
  Regards
  Ayyappparaj

• How do I run a scan for viruses on a iPad

  How do I run a scan for viruses on iPad

  You don't. There are no virus scanners because there are no viruses that can affect an unmodified iPad.
  The iPad is not a virus prone Windows PC, so doesn't suffer the same daily problems that Windows does.

• Error Message: Scanning for Viruses

  I uploaded my file on Friday Morning June 25, and I got that error message that my file was being scanned for viruses.  Does it take that long?  I have some very important files that I need to access, is there any one who can tell me if I can get someone to speed up the process or is this simply a technical issue?  Thanks.
  Rob

  Hi Michelle,
  It's unlikely, as it was on my work computer, and I do not work at that firm
  anymore, which is the whole reason I wanted to save it.  Is there any way a
  technician or someone can manually override this error message/cancel the
  virus scanning process, or do any sort of similar process so that I can gain
  access to it.  I don't care if it's not scanned since I created and uploaded
  the file, so I know there is nothing harmful on it (our systems at the firm
  had an unnecessarily high level of virus protection).  I really really need
  to get this file or 2 months worth of my work will be gone!
  Thanks for your help in advance.
  Rob

• P10 shutting down without bluescreen while scanning for viruses or cleaning

  My P10 shuts down when I scan for viruses or cleaning the system. Since I bought the notebook it works absolutely perfect. But 2 days ago I recognized this For normal work e.g. word, excel, surfing the net and so on, nothing happens, everything works but if I begin to scan, XP shuts down. It just turns off as if you unplug it from circuit!!! Can somebody help me, wrong drivers?, false hardware? I dont know how to solve the problem!!!! Which information do you need???

  Hi Kay,
  This sounds like a classic case of over-heating. Especially if you notice increased fan activity just prior to the notebook shutting down.
  Try cleaning the dust and debris from the CPU heat-sink. You will find lots of posts in this forum describing ways of doing this. My personla favorite is to use a vacuum cleaner hose against the air intake grilles.
  Also, it is worth making sure that the air intake grilles are not being blocked, and that sufficient air can get into the notebook to cool it properly. Don't stand your notebook on a soft surface or carpet since this will allow more dust to be sucked in.
  HTH

• Scanning for viruses on Mac

  I'm interested in scanning for viruses, not to protect my Mac but to avoid sending them to others. I've read a little about ClamXav and would like to hear from those of you who have used it. I don't want to run it continuously, but instead do a periodic system scan. Is it suitable to use like this? Any tips, benefits, or drawbacks you can tell me about? Thanks.

  Hello ha:
  I am certainly not trying to dissuade you from helping others (I try to do that myself). However, anyone who runs a Windows box without A/V software, firewall(s), moats, and boiling oil on the ramparts is asking for it. The only way you would send a virus out would be an E-mail. If you open a web site that has a Windows virus it will not harm your Mac or go anywhere else - unless you download it and then E-mail it.
  A/V software is, IMHO, a complete waste of time and resources for anyone running a Mac with OSX.
  Sorry for the sermon, but I cannot imagine a Windows user without robust A/V software. In my former professional life, we ran Wintel boxes and had everything (including barbed wire) to pick off viruses. My IT people used to produce a report detailing how many viruses they intercepted and deactivated.
  Barry

• While using Firefox, a site popped up and said it was Firefox scanning for viruses. It then said I had dangerous viruses and should download a security program. Is this for real? The site was update32.escmce.ce.ms

  While using Firefox, a site popped up and said it was Firefox scanning for viruses. It then said I had dangerous viruses and should download a security program. Is this for real? The site was update32.escmce.ce.ms I googled this site and it does not exist. Now, I am worried about the security on my computer.

  If you're running under Windows, I suggest you download and install Microsoft's Security Essentials. It protects against these types of attacks and tends to find stuff that other anti-virus scanners don't find. You're system could be infected because of that bogus, evil anti-virus scan. Install and run the software while in safe mode.

• Viruses/Spyware/Malware/Trojans etc. Protection

  I am new to Macs but am pretty tech savvy. Do I really need a virus scanner? Do I need spyware protection? I use ClamXav for virus scanning. But it seems pretty unsecure and not reliable. Are there any other free virus scanners/anti-spyware software? Also is the OS X firewall secure enough, I know that it doesn't stop outgoing connections? How do you deal with these problems? Do you use any protection? Thanks.
  iMac Core Duo/iPod Photo 30 gig/Windows Knowledge   Mac OS X (10.4.8)   17 inch

  Hi.
  I'm surprised that you find ClamXav "…pretty unsecure and not reliable". It is the usual recommendation for free virus scanning on these boards. In what way do you find it so? Has it failed to pick up a Mac virus that you know is on your system? Unlikely as there are no true Mac viruses 'in the wild'.
  The OS X firewall is generally considered to be 'industry strength' but can be fine tuned with tools such as Snort in conjunction with Henwen, or Flying Buttress.
  As regards outgoing connections, Little Snitch is a lovely little shareware application. The usual comment on Little Snitch is that it does one thing and does it well.
  You might like to take a look at Dr Smoke's Detecting and avoiding malware and spyware, &/or, if you've got half a day to spare, put 'virus' into the search box over there------->>>>
  Reams of comments have been posted and I'm not going to reopen the argument now as it's all been said before, but just so you know which side of the camp I'm on, I use no AV software. I have the Mac and router FWs on, I use Little Snitch and common sense.
  Have fun,
  Adrian

• Ways to scan for viruses on macs?

  I want to scan and check for viruses.

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.         
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other inessential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Currently, when you install the Apple-supplied Java runtime (but not the Oracle runtime), a "Malware Removal Tool" (MRT) is also installed. MRT runs automatically in the background and appears to scan your files for installed malware that may have evaded XProtect. Like XProtect, MRT is probably effective against known attacks, but not against unknown attacks. There is no user interface to MRT.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, when necessary, only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

• Browser Virus Malware Adware etc.  HELP!

  I have been trying for 3 days to kick this absurd problem off of my Macbook Pro.  It feels like I have a virus/malware/adware situation that is making me feel like I'm back on a PC (UGHHHHH).
  BEFORE THE PROBLEM:
  I kept getting "scratchdisk" or "startup disk" is full notices so I could not download the new OS
  I started searching the web for solutions
  I started removing all unneeded files
  I used Clean My Mac to remove unwanted/unneeded files
  I downloaded OS X 10.9.5
  THE PROBLEM:
  The following things occur when I attempt to use any of the 3 browsers: Google Chrome, Safari, Firefox:
  pop up windows appear ALL over the place
  Pop up windows block my ability to use the intended web page
  tabs automatically open for Wix, Mackeeper, Credit Check websites etc.  (It's infuriating!)
  Sites I am attempting to use fail to respond
  ACTIONS TAKEN:
  run Clean My Mac (nada)
  delete all cookies (nada)
  trash or uninstall any/all unknown apps/programs
  uninstall Google Chrome
  uninstall Firefox
  reset Safari
  some terminal exercise from an Apple forum (did...nada)
  RESOLVE:
  NOTHING seems to be working...I'm about to launch my computer out the window... HELP!?

  There is no need to download anything to solve this problem.
  A.
  You may have installed the "VSearch" trojan. Remove it as follows.
  Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Step 1
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Internet criminal behind VSearch has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  B.
  Remove "MacKeeper" as follows. First, back up all data.
  "MacKeeper" is a scam with only one useful feature: it deletes itself.
  Note: These instructions apply to the version of the product that I downloaded and tested in early 2012. I can't be sure that they apply to other versions.
  If you have incompletely removed MacKeeper—for example, by dragging the application to the Trash and immediately emptying—then you'll have to reinstall it and start over.
  IMPORTANT: "MacKeeper" has what the developer calls an “encryption” feature. In my tests, I didn't try to verify what this feature really does. If you used it to “encrypt” any of your files, “decrypt” them before you uninstall, or (preferably) restore the files from backups made before they were “encrypted.” As the developer is not trustworthy, you should assume that the "decrypted" files are corrupt unless proven otherwise.
  In the Finder, select
            Go ▹ Applications
  from the menu bar, or press the key combination shift-command-A. The "MacKeeper" application is in the folder that opens. Quit it if it's running, then drag it to the Trash. You'll be prompted for your login password. Click the Uninstall MacKeeper button in the dialog that appears. All the other functional components of the software will be deleted. Restart the computer and empty the Trash.
  ☞ Quit MacKeeper before dragging it to the Trash.
  ☞ Let MacKeeper delete its other components before you empty the Trash.
  ☞ Don't try to drag the MacKeeper Dock icon to the Trash.