wjosten wrote:
I'm gonna request our resident Virus/ClamAv guru post to this thread. Perhaps Thomas can shed more light & correct any errors in my posts & hopefully answer your questions.
I'm not Thomas, but he's been advised of discussions with the ClamAV folks on this matter most of the day.
Still a lot of things to sort out, but here's what I know right now.
Signatures were posted for Unix, Win and OSX on Tuesday for this iOS jailbreaking tool, based on a sample received from virustotal.com. The last time I checked it was not being detected as malware by any of the other A-V scan engines on VirusTotal (not that I would ever use that site to compare A-V software, just that apparently none of the other vendors has yet chosen to write a signature for it). When I asked about it, ClamAV indicated that this Forbes article's description of how the jailbrake was accomplished was at least partially responsible for their decision. The signature detects the .dmg file itself, but not the tool or anything else contain on the disk image.
As you can see, the article only describes the existence of iOS exploits, so there may not be any concern for Mac users, although one of our Colleagues is still checking on a couple of aspects regarding the OS X code.
Although there has been at least one other ClamAV signature written for a jailbreaking file (Oct 2, 2010) I'm not certain what platform it was used with or on, so this is relatively unprecedented.
I expect this conversation to continue for awhile and will attempt to update this space with additional details as they become available.