[OS X TeX] OT: effective Macintosh Trojan in the wild

Bernhard Barkow bb at creativeeyes.at
Sun May 8 17:13:35 CEST 2005

Hash: SHA1

On 8. Mai 2005, at 16:46, Maarten Sneep wrote:
>>>> When installing, ClamXav creates a clamav group and a clamav  
>>>> user, visible under NetInfo Manager and used (according to the  
>>>> doc) for retrieving updates. Is that what you mean?
>>> No, the clamav user is there on my system, even though I've never  
>>> installed clamXav.
>> Then I imagine you've got Tiger Server, which includes clamav
> [looks at bill:] No, that isn't server, just a clean install of  
> Tiger client. [looks again at 'about this mac':] "Mac OS X, version  
> 10.4 (no mention of server there) [click] build 8A428.
> Note that I did wipe my drive before instaling, and that I  
> formatted as Case sensitive HFS+. Maybe that triggered some things,  
> but I find that hard to believe.

I too wiped my drive and formatted it as HFS+; in Tiger (Client), the  
clamav user exists, but ClamAV is not installed on the system; as I  
said before, I assume it's just a leftover from Tiger Server. ClamAV  
only makes sense unless you either use the system as a mail server  
(i.e. to have ClamAV work at server level, which is the intention of  
the clamav user configured by Apple), or use it as on-demand scanner  
(also for scanning incoming mails, for example with the AppleScript I  
adapted (http://www.creativeeyes.at/tools/clamav.php)).
If you don't use ClamAV, I guess it can't do any harm to delete the  
user with the Netinfo Utility; of course, it will probably do even  
less harm to just leave the clamav user as it is...


Version: GnuPG v1.4.1 (Darwin)

--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>

More information about the macostex-archives mailing list