Mac Software Review: ClamXav 1.1.1

ClamXav free virus checker for Mac OS X
Mac software review






15 years ago, Many Mac users had a free virus program called Disinfectant installed inside their system folders. It was one of the first programs that I downloaded with a dial-up modem back in November, 1992. Disinfectant was developed by a Northwestern University professor. These day, ‘free anti-virus software’ sends a totally different message. Free is a word that cyber criminals widely use to lure naive Internet users, right? If you are a Windows OS user, would you like to try executing a file titled AntiMalwareGuard_Free.exe that is distributed at http://antimalwareguard.com? (See Screenshot 01.) The website says the file is free. (See Screenshot 02.) Even the file name implies it’s free. And if I use Sophos Anti-Virus to scan this file… Ahh… The file contains malicious codes driven by a Trojan Horse derivative. (See Screenshot 03.) Not surprisingly, you will get something undesirable in the name of getting freeware or saving money.





ClamXav free virus checker for Mac OS X
Screenshot 01
ClamXav free virus checker for Mac OS X
Screenshot 02
ClamXav free virus checker for Mac OS X
Screenshot 03






How about ClamXav? According to its website (http:// www.clamxav.com),






ClamXav is a free virus checker for Mac OS X. It uses the tried, tested and very popular ClamAV open source antivirus engine as a back end.






We don’t believe this freeware title contains malicious codes like AntiMalwareGuard. In fact, we just want to find out how good ClamXav is. So let’s see what ClamAV does for Mac users. 





ClamXav free virus checker for Mac OS X
Screenshot 04
ClamXav free virus checker for Mac OS X
Screenshot 05
ClamXav free virus checker for Mac OS X
Screenshot 06






First, let me install ClamXav on my iMac. I’m going to drag and drop the application file found inside the downloaded disk image into the Applications folder, ironically just below the folder containing Norton AntiVirus. (See Screenshot 04.) If I launch ClamXav for the first time, a window will pop up. It says that the Clam Anti-virus engine has to be installed. (See Screenshot 05.) Then I’m prompted to enter system administrator’s password. (See Screenshot 06.) Okay, that’s no problem. But wait a second. How do I remove it if I decide that I no longer need ClamXav? According to software developer’s FAQ page, I need to download Engine Remover. (See Screenshot 07.) Furthermore, f I double-click on the file titled clamavEngineREMOVER.command, the Terminal launches itself, and it looks like removal will be performed after entering system administrator’s password. (See Screenshot 08.)





ClamXav free virus checker for Mac OS X
Screenshot 07 – Source: clamxav.com
ClamXav free virus checker for Mac OS X
Screenshot 08
ClamXav free virus checker for Mac OS X
Screenshot 09






All right. What I want to do next is to scan a file containing malicious codes with ClamXav. Hmm… Where can I possibly get one? Ahh… How about AntiMalwareGuard_Free.exe? Hold on. Let me click on Update virus definitions to render ClamXav up-to-date. (See Screenshot 09.) Then I’m going to click on Choose what to scan… to designate the virus-containing file. (See Screenshot 10.) And if I click on open… ClamXav says no infected files were found. (See Screenshot 11.) Ohh… Scanning a Windows file with Mac anti-virus software is not a good idea, is it? Silly me.





ClamXav free virus checker for Mac OS X
Screenshot 10
ClamXav free virus checker for Mac OS X
Screenshot 11
ClamXav free virus checker for Mac OS X
Screenshot 12






So I should scan a Mac file with ClamXav. I’m going to stop playing dumb. We know a ton of websites distributing files that contain Mac-targeting computer viruses. About 7 weeks ago, we introduced several websites with Chinese top-level domains at our SEO/Internet security website. One of the domains mentioned in our report of July 10 is mnhor8.cn. If I access this domain, I will be forced to download a file titled wotcodec.v.4.221.dmg against my will. (See Screenshot 12.) This file is hosted by a notorious California-based company called Cernel, Inc. Anyway, if I open the disk image, I find a file titled install.pkg. (See Screenshot 13.)





ClamXav free virus checker for Mac OS X
Screenshot 13
ClamXav free virus checker for Mac OS X
Screenshot 14
ClamXav free virus checker for Mac OS X
Screenshot 15






Let me scan install.pkg with the Mac version of Norton AntiVirus quickly. After launch the anti-virus software program, I’m going to click on Choose Files and choose install.pkg. (See Screenshot 14.) And Norton AntiVirus says the file contains OSX.RSPlug.A. (See Screenshot 15.)

Okay. Let’s see what ClamXav has to say about this virus-containing file. Once again, I’m going to select install.pkg inside the disk image and then press Open. (See Screenshot 16.) Ohh… ClamXav says no infected files were found. (See Screenshot 17.)





ClamXav free virus checker for Mac OS X
Screenshot 16
ClamXav free virus checker for Mac OS X
Screenshot 17
ClamXav free virus checker for Mac OS X
Screenshot 18






Let’s give ClamXav another try. 2 months ago, we reported at our SEO/Internet security website that a spam message targeting Colonial Bank customers went around. Clicking on the URL in the message sent one to a website distributing a file that contained a collection of Trojan Horse derivatives for Windows OS. (Symantec calls this collection Backdoor.Trojan.) The file was titled ColonialBankECERTv04510.exe. We keep a copy. So let’s scan it with ClamXav. (See Screenshot 18.) It’s a Windows file. So we can’t expect that ClamXav finds anything suspicious. Actually, it says it has found Trojan.Dropper-10268. (See Screenshot 19.) Whoa… Good job!





ClamXav free virus checker for Mac OS X
Screenshot 19
ClamXav free virus checker for Mac OS X
Screenshot 20
ClamXav free virus checker for Mac OS X
Screenshot 21






Okay. One more, one more file! Celebrity Spammers has been circulating a number of spam messages implicating Paris Hilton for the past 10 days or so. They want Internet users to download files titled video_1.exe, video_2.exe, video_3.exe and others. Let’s scan video_1.exe with ClamXav. We know that this file contains malware driven by a Trojan Horse derivative. Anyway, if I scan it… ClamXav says no infected files were found. (See Screenshot 20-1.)

We used ClamXav to scan 4 files that all contains malicious codes. ClamXav did not find anything on a Mac disk image that contains a computer virus. 3 other files that we scanned are intended for Windows OS users. ClamXav successfully found Trojan.Dropper-10268 in one of them. In the end, that’s the only file where ClamXav found malicious codes.





  • Developer: Unknown (http://www.clamxav.com)
  • Developer’s location: Unknown
  • Latest version: ClamXav 1.1.1 (Compatible with PPC, Intel Mac, Compatibility with Leopard)
  • Prices: Free
  • MacHouse recommendation: As we cannot confirm the identity of the organization distributing this freeware title, we avoid recommending fellow Mac users to use ClamXav. If you really need an anti-virus software program for Mac OS, you are strongly advised to get one from a respectful vendor like Intego, McAfee, Sophos, Symantec and others. Saving money will only put you in more trouble.






    ClamXav is a product of an unknown organization.





    Click for Mac software product review






    References:

    Celebrity Spammers Circulate More Spam Messages With Paris Hilton to Distribute Malware
    Sick of Paris Hilton Spam Messages?
    Beware of ENDCODEC.NET with Disk Image Containing Mac-Targeting Computer Virus
    Active Scam Website Found Targeting Colonial Bank Customers with Backdoor.Trojan (2)

  • Leave a Reply

    Your email address will not be published. Required fields are marked *