-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Dec 4, 2008, at 12/04, 8:21 PM, I wrote: >> What then is the benefit of Clamav on the Mac platform? On Dec 4, 2008, at 12/04, 10:27 PM, Spiro Harvey wrote: > same reason why it's on Linux.. to protect windows users. Yes, but I already acknowledged that, as found in the next sentence of my post: >>> During the >>> period of proof-of-concept only Mac malware, Clamav was a free, >>> up-to- >>> date and courteous way to prevent the sharing of Windows malware >>> from >>> Macs to Windows users. And in the next sentence after that I got to my specific point: >>> With the appearance of Trojan OSX.RSPlug.A it >>> was hoped that Clamav could be a free and up-to-date method of >>> removing all Mac malware as well. Apparently this is not the case so >>> far. On Dec 4, 2008, at 12/04, 10:27 PM, Spiro Harvey also wrote: > It's my experience that malware and virus scares for Macs are bogus. The bogosity and volume of FUD since August of 2005, instigated by Symantec of course, was the reason I got into computer security in the first place. If I was going to flick the finger at the FUD mongers I wanted to do it with data. But unfortunately there are currently three active Trojans out there for Mac, and they are showing up on machines. The local Apple Store here in Syracuse, New York, had a case of Trojan OSX.RSPlug.A a month ago. I have personally witnessed a porno site that attempts to socially engineer the installation of some form of OSX.RSPlug. I can give you the URL if you'd like to see. Fortunately, the source address of the Trojan has been scoured off the net such that you can't download the Trojan. But the fraud porno infection site is still there and still attempts to install the Trojan. So no, my experience bears out that these Trojans are real and potentially dangerous. As has been pointed out this past week at Intego or Sophos, the new OSX.RSPlug.D and E variants phone home when you install them and can potentially install ANYTHING into your Mac if you let them. That means that they can be vectors for turning a Mac into a zombie. I'm going to skip over the fact that wetware error is required for any Trojan to be inadvertently installed. Instead I am focusing on what to do once the infection has taken place. Call them lusers, but users are installing this crap and suffering for it. Sadly, at this point, the least expensive option of non-Leopard users is MacScan, often known as 'MacScam' because of its high price and the bizarro list of 'spyware' it says it detects. A lot of this 'spyware' is stuff no one else has ever heard of, which may mean MacScan is in part FUDware. I can verify that MacScan is a remarkably poor program. If, for example, you want to scan for Tracker Cookies, there is no possible way it will find them all. You have to run the lousy program over and over and over to significantly find and remove them. There is no reason Clamav can't be up to date with Mac malware definitions, except that someone has to get these definitions to the developers. Finding someone to provide them is my mission. In that pursuit I am going to contact Andrew Welsh of Ambrosia Software this coming week as he is the one who described the OompaLoompa/Leap.A proof-of-concept Trojan/worm. He has contacts that may well solve the Clamav for Mac problem. I have already contacted Glenn Fleishman and Adam Engst of TidBITS for any help they can offer. Wish me luck. :-Derek =================== Derek Currie [EMAIL PROTECTED] =================== http://Mac-Security.blogspot.com http://MacSmarticles.blogspot.com http://zunipus.blogspot.com http://movies.groups.yahoo.com/group/dwaynecameronfanclub http://groups.yahoo.com/group/ymorare -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkk5eREACgkQASf9YQRQdVVdmQCfU15mij0rs4kag+XlxplMBtp6 BegAoJAoZNpCNR5A5W1pOMK9e4ESwDLO =j+0A -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
