[OS X TeX] OT: effective Macintosh Trojan in the wild

Fri May 6 10:47:39 CEST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6. Mai 2005, at 9:43, Bruno Voisin wrote:
>
>> A couple of days ago I renewed my subscription to Norton  
>> Antivirus. Today, I got "hit by the Hacktool". I am glad I saw the  
>> previous exchange so I did not panick and since I kept it I will  
>> now know what to do.
>>
>
> It seems the problem has finally got wider exposure on the web, as  
> more and more people were being hit by it. A piece of information  
> that I found most helpful is this post on the Apple discussion  
> forums <http://discussions.info.apple.com/webx?14@959.nYYyaGphRcw. 
> 0 at .68ae26a7/99>.
>
> As it turns out, Hacktool.Underhand isn't a virus or Trojan, but  
> simply a bug in Norton AV's latest virus definition file, which was  
> too broad and identified legitimate background system maintenance  
> tasks, such as management of swap files, as viral. Symantec has  
> finally acknowledged the problem and released yesterday (May 5) a  
> corrected virus definition <http://securityresponse.symantec.com/ 
> avcenter/download/pages/US-NMC.html>.
>
>
>> Still, I don't like that and I was wondering if you would say what  
>> you are using instead.
>>
>
> At present I'm not using anything: I simply take care to never open  
> (or forward to other people) an email attachment before checking  
> from other sources that it is legitimate; and (but that's more  
> antiscam than antivirus) to always look at the source of email  
> messages containing hyperlinks, before clicking on them, to infer  
> from the html code whether the hyperlinks actually do what they  
> pretend to be doing.
>
> But that's just stopgap measures: I would prefer to have an  
> antivirus running, and I'm waiting for an update to be released,  
> compatible with Tiger. Though, as a Virex user, I must confess  
> that, after a brief trial period, I had disabled background  
> scanning and scanning of mounted volumes, to only leave scan-on- 
> demand, for performance issues (and because I don't like very much  
> to have background-running software, other than the OS, to avoid  
> unhappy interference).
>

OK, maybe this can help: I spent some time yesterday trying to modify  
an AppleScript (sent to me by Maarten Sneep, thanks a lot!) in order  
to use it with Clam AV for on-demand scanning of emails. It's a very  
simple solution, but in my opinion quite reasonable for use on Macs.
It is still experimental, and there is no great documentation coming  
with it, but if you want to give it a try, look at
http://www.creativeeyes.at/tools/clamav.php

HTH,
Bernhard

____________________________________________________
_________________________________ Bernhard Barkow __
__                                                __
__ mail bb at creativeeyes.at __ www.creativeeyes.at __
__ Phone  +43 699 12660415 __ Fax   +43 1 8775334 __
___________________ gpg key ID _ A89F09C45921020D __

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCey8uqJ8JxFkhAg0RAqBtAKDJtDaZCSQXRFZG7KwVv7rauWkRLgCgmGuy
gsBIN4sMyVD8vO27mbe8Q0c=
=IJ5/
-----END PGP SIGNATURE-----
--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>