I don’t have all the information on this yet, but I’ve had two ClamXav user complain today of commercial software being identified as infected by Osx.Trojan.FkCode-1. I can’t locate it on the clamav-virusdb list, but perhaps it was just added today.
<https://www.virustotal.com/en/file/ae4258463f9d5d339920da61a381f3dec366cb4598bd3fe1d3a0e9af2f4624ec/analysis/>.
So I uploaded it to Send a false positive report, but got the following response:
> Result:
> This file is not detected by ClamAV. Please update your CVD database before reporting false-positives. If you are using third-party databases/unofficial signatures, please contact the author of the signature. We can only process false-positives generated by ClamAV Official signatures.
>
> Please correct the above errors and retry. Thank you for helping the ClamAV project.
I updated definitions and it was still detected as infected. ClamXav still using v0.98.1. I’ve had this happen once before, but have no idea how it could test positive on two Macs and VirusTotal, but not on your site.
MD5 = f247e5f45b7a30ce600be34e66d93fa8
The second file is named 'Rapport-5.dmg” which is an older version of Trusteer Rapport for Mac. The latest version does not test positive, but that’s not surprising to me. I’ve asked the user to upload his file to VirusTotal and will post the results once I have them.
This is yet another example of OS X .dmg files being falsely identified as infected. All of these signatures follow the same pattern of detecting multiple strings of characters (mostly the letter “a”) contained in an XML section of the .dmg file. I believe this is provided as overhead information concerning the file and does not contain any data at all to positively identify the contents of the image file. Since the formats of the XML portion of the .dmg files are all very similar, I suspect it will be extremely difficult to uniquely fingerprint such files by using XML strings.
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
Clamav Osx
The first is 'accordion.1.6.2(83).dmg', downloaded from <http://yourhead.com/accordion/download/index.html> which I verified was identified. It’s a RapidWeaver Plug-in from YourHead.com.
This macOS clamAV repo is now part of MacPorts. The details below this notice are deprecated. To install: sudo port install clamav-server sudo port load clamav-server macOS-clamAV. A simple macOS clamAV configuration with scheduled volume scans and on-access scans of user Downloads and Desktop directories.
Clamav Mac Dmg Free
Even clanAV which is free and available for the mac is unnecessary because most if not all clamAV virus definitions are for windows machines. For the commenter who said he 'found something' with this application, i am not surprised you got a false positive because antivirus software which doesn't convince you of a non-existent threat won't sell. The seventh major release of Apple award-winning server operating system, Mac OS X Server version 10.4 and offers 200+ new features and builds on more than 100 of the latest open source projects. Learn more about Mac OS X Server.
I'm running ClamXav Sentry as 'launch agent' with ClamAV antivirus scanning engine of my own custom build. I've tested for building ClamAV (from version 0.90.x to version 0.103.x) on Mac OS X 10.4 through macOS 11.x Big Sur. I'm running the latest stable release ClamAV 0.103.2 on macOS 11.2 Big Sur now. ClamAV 0.103.2 is available on the Download page of ClamavNet. If you search on the internet a Mac OS X Mountain Lion 10.8.5 DMG Files So, you come to the right place now a day shares with you a Mac OS Powerfull operating system latest upgraded Mountain Lion 10.8.5 developed by Apple Inc. In This Version, MAC OS X Mountain Lion 10.8.5 added an exciting new feature to more improve the work and enjoy or also fixed the Bugs in the previous version of Mac.
I submitted it to VirusTotal with the following 1/51 results: <https://www.virustotal.com/en/file/ae4258463f9d5d339920da61a381f3dec366cb4598bd3fe1d3a0e9af2f4624ec/analysis/>.
So I uploaded it to Send a false positive report, but got the following response:
> Result:
> This file is not detected by ClamAV. Please update your CVD database before reporting false-positives. If you are using third-party databases/unofficial signatures, please contact the author of the signature. We can only process false-positives generated by ClamAV Official signatures.
>
> Please correct the above errors and retry. Thank you for helping the ClamAV project.
I updated definitions and it was still detected as infected. ClamXav still using v0.98.1. I’ve had this happen once before, but have no idea how it could test positive on two Macs and VirusTotal, but not on your site.
MD5 = f247e5f45b7a30ce600be34e66d93fa8
The second file is named 'Rapport-5.dmg” which is an older version of Trusteer Rapport for Mac. The latest version does not test positive, but that’s not surprising to me. I’ve asked the user to upload his file to VirusTotal and will post the results once I have them.
This is yet another example of OS X .dmg files being falsely identified as infected. All of these signatures follow the same pattern of detecting multiple strings of characters (mostly the letter “a”) contained in an XML section of the .dmg file. I believe this is provided as overhead information concerning the file and does not contain any data at all to positively identify the contents of the image file. Since the formats of the XML portion of the .dmg files are all very similar, I suspect it will be extremely difficult to uniquely fingerprint such files by using XML strings.
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml