I very much appreciate the obvious hard work from the signature team in more than doubling the number of OSX signatures in the database today.
Unfortunately it would appear that several of them are false positives that are identifying a significant number of Applications and components of the Operating System as infected. Results are flying in, but I thought I should give you initial results now, before too much damage is done. I am guessing that since some of them are identified as Unix executables, this will be a cross-platform issue. Osx.Virus.Sniperspy-1: /Applications/Adobe Photoshop Elements 8/Adobe Photoshop Elements.app /Applications/Adobe Photoshop Elements 8/Locales/en_US/Plug-Ins/ExportModules/save for web(pse).plugin /Applications/Utilities/Adobe Utilities.localized/ExtendScript Toolkit CS4/ExtendScript Toolkit.app /System/Library/PrivateFrameworks/iLifeSlideshow.framework/Versions/A/Frameworks/iLifeSlideshowCore.framework/Versions/A/iLifeSlideshowCore /System/Library/PrivateFrameworks/iLifeSlideshow.framework/Versions/A/Frameworks/iLifeSlideshowProducer.framework/Versions/A/iLifeSlideshowProducer /Applications/Adobe Reader.app /Applications/Adobe Acrobat 9 Pro/Adobe Acrobat Pro.app /Applications/Adobe Device Central CS5/Adobe Device Central CS5.app/Contents/Frameworks/Players/FlashLite/FL40/Flashlite.bundle /Applications/Adobe Device Central CS5/Adobe Device Central CS5.app/Contents/Frameworks/Players/FlashLite/FL40/Flashlite_Pix8888_32.bundle /Applications/Adobe Flash CS5/Adobe Flash CS5.app /Applications/TomTom HOME.app/Contents/Frameworks/XUL.framework/plugins/JavaEmbeddingPlugin.bundle /usr/bin/qtdefaults Osx.Backdoor.Blackhole-3: /Applications/Apimac Timer.app /Applications/Mactracker.app /Applications/SQLiteManager.app /Applications/iBoard.app Osx.Virus.Clapzok-3 /bin/cp Osx.Virus.Clapzok-2 /bin/ls I’ll submit what I can to the FP site, but even if Alain gives permission to submit more than two files a day, I doubt that we’ll be able to get them all to you in a timely manner. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
