Article:
  What Is ClamXav (and do Mac users really need antivirus)
Subject:   ClamX has no Mac virus database
Date:   2005-10-04 17:22:26
From:   ncmphoto
ClamX or ClamAV is surely very useful on servers or mixed platform networks, but I'm curious as to what use it has on a Mac-only network or single user configuration.


There was a recent thread on this in the Mac-L elist and Randy Singer (Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)), who claims to have discussed this with the developer of ClamX on a MacIntouch thread says that there is no Mac-specific virus definition database that ClamX refers to:


>>He admitted that there were no definitions for Mac-specific malware in the ClamAV database, and that he himself didn't know how to write definitions for Mac malware to include in the ClamAV database, nor did he have access to Mac malware to
use as a basis for creating such definitions.<<


So if an OSX virus or worm appears in the wild, just how would a user of ClamX be protected?


cheers,


ncm


Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • FJ de Kermadec photo ClamX has no Mac virus database
    2005-10-05 07:35:11  FJ de Kermadec | O'Reilly Blogger [View]

    Hi!

    First of all, thank you very much for taking the time to post!

    ClamAV indeed does not contain definitions for Mac OS 9 (or earlier) viruses, which would not affect a Mac OS X only installation. It does however contain definitions for viruses of other platforms (preventing a Mac user from passing a virus along onto a network or allowing him to detect potential outbreaks) as well as cross-platform viruses or malicious applications that, while not specifically targeted at the Mac, could affect it think some Java applets, for example.

    As Mac OS X is essentially a UNIX-like operating system, the ClamAV project has recently pledged improved support for it, which includes the adding of any potential Mac OS X malware to the definitions list. Of course, this implies that the community reports such programs to the ClamAV authors and that they in return judge the threat of significance so that they act upon it.

    ClamXav provides a GUI on top of ClamAV and, as such, wouldn't provide more protection than mastering ClamAV from the command line (with the notable exception of the real-time scanning it now features).

    If a Mac OS X virus or worm appears in the wild, it would need to be added by the ClamAV developers to the database. While there cannot be any guarantee that it will be (much like with any other anti-virus application) everything seems to indicate it will.

    FJ