aka wow on ZATAZ.com
Posts tagged Anti-Virus
10 of 10 malwares detected by Mac Sophos Anti-Virus are false positives. Does yours?
03 days ago
in Various
On April 24, Sophos Naked Security blog had publish a post regarding malware infections on Mac OS X. Sophos has claim that 20% of Mac computers where carrying one or more instances of Windows malwares. All these malwares where detected though they’re free Sophos Anti-Virus for Mac Home Edition.
Flashback malware was the big story of April for Mac consumers and all anti-virus company have jump on this opportunity to promote they’re products and to distill propaganda around Mac OS X security. I agree with them Mac OS X is a product like other product, and Mac OS X has also to be protected against threats, but the proposed solutions are worse than to do nothing.
During my tests of Sophos Anti-Virus for Mac Home Edition 10 of 10 malwares detected by the anti-virus were false positives harassing me with constant alert pop-up during regular operations, Spotlight indexing, Time Machine backup. Here under a sample of 10 infections detected by Sophos Anti-Virus for Mac.
False positives due to binary format of the “affected” files.
/Users/xxxx/Library/Saved Application State/com.twitter.twitter-mac.savedState/window_1.data
/Users/xxxx/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com/settings.sol
Sophos him self is a trojan, and some iTunes applications and Chrome are backdoored and nobody known about it.
/Library/Preferences/com.sophos.sav.plist
/Users/xxxx/Music/iTunes/iTunes Media/Mobile Applications/iSSH 5.3.1.ipa
/Users/xxxx/Library/Saved Application State/com.google.Chrome.savedState/windows.plist
iTunes is a very well-known backdoored software and one more time Sophos him self contain a trojan.
/Users/xxxx/Library/Caches/com.apple.iTunes/goog-phish-shavar.db
/Library/Preferences/com.sophos.sav.plist
One more time Sophos is a trojan, and now my Spotlight indexed files are also containing backdoor.
/Library/Preferences/com.sophos.sav.plist,
/Volumes/xxxx/.Spotlight-V100/Store-V2/700BF07C-170F-482E-A2BB-45EF8501935C/0.indexPostings
VLC is containing an IRC bot, gotcha remote control of all VLC users.
/Applications/VLC.app/Contents/Resources/English.lproj/InfoPlist.strings
One more time VLC how is containing a PHP trojan …
/Applications/VLC.app/Contents/Resources/English.lproj/InfoPlist.strings
Everybody know that Sophos Anti-Virus products are developed in PHP.
/Library/Preferences/com.sophos.sav.plist
Help my logs are containing trojans and Sophos one more time.
/private/var/log/DiagnosticMessages/2012.05.05.asl
/Library/Preferences/com.sophos.sav.plist
My Spotlight indexing has a dead malware…
/.Spotlight-V100/Store-V2/DeadFiles/orphan.ef786332/0000/0000/0151/22087716.txt
Hu my screenshot of Metasploit are containing trojans (why not, lol) and Google drive is backdoored.
/Users/xxxx/Desktop/screenshots/metasploit-vmware-modules-research.png
/Users/xxxx/Library/Application Support/Google/Drive/sync_config.db
/usr/share/zoneinfo/UTC
/Library/Preferences/com.sophos.sav.plist
In conclusion Sophos is more strong to do marketing and give fear to consumers than to create a good Mac anti-virus that really detect something.
Clamav antivirus blocking Yahoo, Apple HTML.IFrame-39
02 years ago
in Various
We have experience some issues with Clamav antivirus when trying accessing Yahoo or Apple websites. The access is denied with the “Virus ‘HTML.IFrame-39′ found” message.
The “HTML.IFrame-39” pattern was introduced in the 10766 daily Clamav DB update, dated from Apr 20, 2010, 8:10 PM.
Submission-ID: 15222955
Sender: llattan
Submission notes: Email link leads to a URL not found.
Added: Email.Trojan-162
Added: HTML.IFrame-39
Maybe some more websites are affected by this false positive.
Here under a list of websites affected : http://uk.yahoo.com, http://fr.yahoo.com, http://www.apple.com, http://www.lenovo.com, http://www.aqa.org.uk, http://www.alice-dsl.de, http://www.sky.de
Recent Comments