ClamX Reports a Virus

[D76]

ClamX claims to have found a virus in a zipped Firefox backup. So I unzipped it and ran ClamX on the uncompressed folder, and it came up clean. But the zipped file still comes up dirty.

Anyone have an idea what's going on? Do anti-virus programs show false positives? If so, why would anyone trust them — especially with Macs?

I could understand it if instead of Firefox it was SeaMonkey that could harbour a Windows virus in the email side. But Firefox? It's nothing but PPC code.

[tacit]

QUOTE(D76 @ Feb 27 2007, 05:42 AM) [snapback]120327[/snapback]

ClamX claims to have found a virus in a zipped Firefox backup. So I unzipped it and ran ClamX on the uncompressed folder, and it came up clean. But the zipped file still comes up dirty.

Anyone have an idea what's going on? Do anti-virus programs show false positives? If so, why would anyone trust them — especially with Macs?

I could understand it if instead of Firefox it was SeaMonkey that could harbour a Windows virus in the email side. But Firefox? It's nothing but PPC code.

Yes, anti-virus programs show false positives. The antivirus DAT file only lists "signatures" of viruses--certain checksums that may indicate a virus. It is possible for a file that is not infected to have the same checksum.

In fact, historically, false positives have caused many more problems on Macs than real viruses have, especially when you consider that there are no real viruses that can infect or affect Mac OS X--not one.

For example, Symantec released a Norton Antivirus signature file last year that incorrectly said that certain critical OS X system files were viruses. Users who attempted to "repair" these non-existant "viruses" ended up screwing up their computers badly, and had to re-install Mac OS X. That was actually the second time in four years that Symantec released a DAT file that caused Norton Antivirus to falsely identify critical parts of the system as "viruses" and caused damage to systems when users tried to repair the non-existant viruses.

I do not use antivirus programs on my Macs. There are several reasons why I don't:

1. There are no Mac viruses.

2. Antivirus programs, even well-written ones, consume memory and processor time and slow down the computer.

3. Antivirus programs can show false positives.

4. Antivirus programs can cause problems. For example, bugs in Norton Antivirus can cause kernel panics, system damage, corruption of Adobe Photoshop and Adobe Indesign files, and problems syncing with iPods. Bugs in Virex can cause network file copies to fail, or network connections to drop.

And finally:

5. There are no Mac viruses.

[D76]

I ran ClamX before forwarding to Windows machines a couple of emails from other Windows machines. A couple of years ago — the last time I ran it — it found a virus in an email. Once I had it running, I figured I'd check the entire drive.

(Maybe I had dropped 100 IQ points because I was listening to Art Bell on the radio interviewing a guy abducted by space aliens, along with the show's 23 minutes of ads and station breaks every hour.)

I won't run ClamX again; Windows users can protect their own machines.

Thanks for the explanation and reminding me of that Symantec false-positive fiasco. But now I can't blame the aliens.