Skip navigation

MacKeeper 2.1.2 finds malware ClamXav, VirusBarrier Express didn't

2569 Views 11 Replies Latest reply: Apr 13, 2012 11:31 AM by MadMacs0 RSS
Roger Lier1 Level 1 Level 1 (15 points)
Currently Being Moderated
Apr 13, 2012 8:43 AM

I am running Mac OS 10.7.3 on a MBP 13" with i7 processor.

 

Can anyone tell me why the creators of ClamXav and VirusBarrier Express would not want to do an initial scan of the folders that contain email attachments?

 

Two days ago I ran the free ClamXav antivirus program I downloaded through the Apple's Mac App Store and it found between 400 and 500 threats. I did not see the flashback trojan and I assumed the other threats were Windows viruses. I deleted all the threats it found. The interface for this free app was not really user friendly. I assumed that I was scanning my whole drive when I started the scan, but it did not scan all my files. I believe it scanned less than half, but can't be sure.

 

Since I was looking for a more user-friendly interface for family members, I decided to try VirusBarrier Express. Also free from the Mac App Store. It was slow and scanned between 400,000 and 500,000 files on my internal drive which Disk Utility says has 1,052,289 files on it. I assumed I was going to scan the who drive because I clicked on the "Full Scan" button. It found no threats, which did not surprise me because I had previously run ClamXav and chose to remove all the threats it found.

 

I downloaded a trial version of MacKeeper since my Mac was running slow, has too many files, and I wanted to try to speed it up by paring down the number of files. It has as part of its suite of applications, Internet Security. After running the other two free apps (ClamXav and VirusBarrier Express) I decided to try the antivirus part of this $38 app that I was trying out for free. What the heck, I thought. It ran fast and scanned approx. 935,000 of my 1,052,289 files by simply clicking on the "Start antivirus scan" button. It found 91 threats. All were in my ~/Library/Mail/V2/IMAP... folder. I checked and found that these emails arrived before I did the other two scans with ClamXav and VirusBarrier Express, so those programs should have found these threats. They did not.

 

Perhaps ClamXav and VirusBarrier Express would have found those 91 threats if they had been configured correctly by me. I don't know. But the point is that I thought I was going to scan everything that needed to be scanned by clicking on the buttons that these applications' creators seemed to expect my to click. With Internet Security in the MacKeeper application, I clicked on the obvious button "Start antivirus scan" and it found 91 threats the others did not find.

 

I did not check all 91 of these threats that MacKeeper found, but the ones I did check out in the Mail application obviously contained malware. They were poorly disguised attempts to get people to open attachments.

 

Full disclosure: I do not work for any entity associated with ClamXav or VirusBarrier Express or MacKeeper. I am a pastor. I used to work for an Apple Store years ago.

 

Message was edited by: Roger Lier1

MacBook Pro, Mac OS X (10.7.3), MBP 13" i7 Early 2011
  • stedman1 Level 8 Level 8 (49,960 points)
  • Kurt Lang Level 7 Level 7 (31,490 points)

    What supposed "threats" did it find? Cookies?

  • CT Level 6 Level 6 (14,985 points)

    Presumably the "91 threats" are in fact all MacKeeper malware threats.

     

    Nice of them to be up front about it, at least.

  • Kurt Lang Level 7 Level 7 (31,490 points)

    Oh! Just noticed they were all in the mailbox. So MacKeeper thinks it found 91 (likely attachments) that it thinks were threats. So what were they? All Windows malware that came in as attachments? Benign .jpg images it flagged as threats?

  • John Galt Level 7 Level 7 (33,080 points)

    MacKeeper, like nearly all similar magic potions, might work just fine right up to the point it trashes your system.

     

    Don't be surprised if the Flashback trojan was created by the same company, its partners, or associates.

     

    If the cure isn't selling, spread the disease - an idea as old as civilisation itself.

  • Kurt Lang Level 7 Level 7 (31,490 points)

    The one you do mention is indeed a Windows Trojan. It must also be a very recent threat. You can find quite a few new pages in Google on it, asking how to remove. But neither Symantec, Panda AV or Kaspersky even recognize it in a search. So I guess you have to give credit to MacKeeper to recognizing malware the others don't even seem to have heard of yet.

     

    Which, for at least TR/Crypt.XPACK.Gen3, would explain why ClamXAV didn't see it, either. All in all, I still wouldn't touch MacKeeper with a mile long pole. And if I did, I'd have to burn the pole.

  • etresoft Level 7 Level 7 (23,900 points)

    All of these "threats" are just Windows malware, as you suspect. I don't use any antivirus myself. I haven't seen any need for it in 12 years and I'm not going to let some fearmongering change my mind now. Once people start repeating a story, other people start believing in it without checking for themselves.

     

    The same thing seems to have occured with MacKeeper. It has a very bad reputation here in Apple Support Communities. This morning someone even claimed it is blocking a well-known anti-MacKeeper site. That sparked my curiosity so I installed MacKeeper to see for myself. Not only was MacKeeper not blocking that website, it was very easy to uninstall. The anti-MacKeeper web site that was supposedly being blocked, was actually more malicious and fearmongering than MacKeeper itself.

     

    I still don't recommend MacKeeper or any antivirus software. The Mac isn't windows. The security architecture is different. The kinds of threats that Windows users have to worry about simply don't exist on the Mac and they can't exist. The Flashback trojan clearly demonstrated that because it could not infect any system files without asking for a password, which a few people unfortunately provided.

     

    There is no easy answer. If you truly believe the fearmongering, then the only truly 100% safe answer is to install all three anti-virus products. After all, if one can't catch all the threats, then you must install them all. Don't forget Norton. You didn't try it. It also has a very bad reputation here in Apple Support Communities. Maybe it is worth investigating. Confused yet?

     

    Perhaps the Mac malware will get so bad one day that Apple has to display big red warning notices like Microsoft does if you aren't running antivirus. Until that happens, I'm not going to worry about it.

  • ds store Level 7 Level 7 (30,305 points)

    Roger Lier1 wrote:

     

    Can anyone tell me why ClamXav and VirusBarrier Express, both free and highly rated in the Mac App store, did not find the 91 threats MacKeeper found?

     

    We hear this same load of baloney on Windows between anti-virus companies, "we found this and they didn't find that"

     

    The fact is nobody finds everything all the time, next week ClamXav will find something and the others won't.

     

    The fact remains, WE DON'T LIKE MACKEEPER, we don't like or trust the source, we don't like the MacKeeper lies they say about themselves to promote their products to unsuspecting users,

     

    We do like and trust the source of ClamXav, and we will do everything in our power to astroturf MacKeeper until it's gone.

     

    If your happy with MacKrapper, fine, but they have blown it in the minds of seasoned users who see right through their shady tactics and worthless offerings.

     

    The best thing Zeobit (what the heck is that?) can do is wrap the whole show up, learn from their mistakes and go pander to Windows users who do need crapware to keep their machines running.

     

     

    Mac's don't need MacKeeper. MacKeeper didn't stop MacDefender or Flashback.

     

    Mac's don't even need ClamXav, because there are no viruses for Mac's, we just run that to clean Windows files.

     

     

     

    What likely happended is YOU didn't operate the program correctly, I have ClamXav scanning my whole drive no problem.

     

    If you have a advisement to make ClamXav work better, send them a polite email.

     

    But don't come here dragging their good name into the dirt with johnny come later MacKeeper.

  • MadMacs0 Level 4 Level 4 (3,320 points)

    Roger Lier1 wrote:

     

    I am running Mac OS 10.7.3 on a MBP 13" with i7 processor.

     

    Can anyone tell me why the creators of ClamXav and VirusBarrier Express would not want to do an initial scan of the folders that contain email attachments?

     

    Two days ago I ran the free ClamXav antivirus program I downloaded through the Apple's Mac App Store and it found between 400 and 500 threats. I did not see the flashback trojan and I assumed the other threats were Windows viruses. I deleted all the threats it found. The interface for this free app was not really user friendly. I assumed that I was scanning my whole drive when I started the scan, but it did not scan all my files. I believe it scanned less than half, but can't be sure.

    The developer of ClamXav has purposely configured his application to do nothing without user approval, so many of the preferences default to being off. That includes checking e-mail content (as opposed to attachments) for malware and phishing. That's partly because there is no known malware that impacts OS X in e-mail content (although there could be in the future) and also because using ClamXav to delete or quarantine an e-mail file will corrupt the mailbox index which could cause other problems.

     

    Another important thing to note is that ClamXav is an individual user application and will not violate other users privacy by scanning files they own. The developer is sensitive to privacy issues and this has been a long standing policy, so ClamXav will only scan files the current user has read access to. I believe that may explain why at least some of those files were skipped. There are other limitations as to file size and type that are imposed by the folks that provide the clamav scanning engine (used by also by Mac OS X server, Windows and Unix platforms) that are beyond the developers control and too technical for this discussion which can also cause some files to be skipped.

     

    Should you ever decide to try ClamXav again, I encourage you to visit the ClamXav site for documentation and the  ClamXav Forum for advise and assistance from other users.

     

    FD: I do uncompensated Tech Support for the ClamXav Forum.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.