HTML.Exploot.CVE_2014_0278-4 Dangerous or no?

ContainsPnuts wrote:

Hi everyone

Am I misunderstanding something?

Yes.

CVE_2014_0278 is not discussed on the page…

http://www.intego.com/mac-security-blog/shellshock-vulnerability-what-mac-os-x-u sers-need-to-know/

You appear to have been searching for 'cve.2014', which is wrong…

CVE is Common Vulnerabilities and Exposures List. http://cve.mitre.org

It is a massive database of known 'bad things' that can effect computers & electronic devices etc. They use a numbering scheme as shown… http://cve.mitre.org/cve/identifiers/cve-ids.html

'cve.2014' is searching for every known bug that was found in 2014 - you will find may bad things, some effect the Mac, only one will match the exploit ClamXAV found…

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0278

Delete them if you like - it may break whatever uses the ReadingListArchives, but you may not care about that?

Backup the files if you are worried about breaking things, they shouldn't effect your Mac.

ContainsPnuts wrote:

So the one I had was just another version of the virus that only effects Internet Explorer right?

Yep

ContainsPnuts wrote:

They're just off my reading list now, thats what you meant by breaking whatever it uses?

Yes

ClamXAV has a delete option. If you are unlucky the file will be inside some structure that is managed by another app. Mail is the classic example. Deleting stuff inside mailboxes (basically special folders) can ruin the index in Mail.app. I don't know if Reading List does similar things.

ContainsPnuts wrote:

So I'd say my computer is pretty safe right now, correct?

Yup, seems like you got em.

ClamXAV can miss items so if you see any weirdness ask for help.

Adware seems to be the scourge of the internet at the moment, so avoid installing from just any old site & keep backups.

http://www.clamxav.com/faq.php#Q21

I don't know how reading list gets onto iOS, it's possible they got onto the device if iTunes or iCloud copies the entire files. I'd guess they are harmless if they made it not the device since they exploit IE.

I suspect an iOS backup made via iTunes would contain them too.

You can't AV scan iOS so unless you take it to Apple you will never know. Erase & reinstall if you are concerned, but I wouldn't be at all worried.

For fastest, most efficient answers to questions such as these, please visit the ClamXav Forum.

ContainsPnuts wrote:

and what does it mean when ClamXav says something about errors under infected files found?

Do you have the App Store version 2.6.4 or the web site version 2.7.x? If the latter, make sure it's the latest as there have been several bug fixes posted recently.

Where are you seeing these errors, in the ClamXav app window or the scan log? Can you please copy and paste a sample of what you are seeing?

ContainsPnuts wrote:

Considering that I also have access to my reading list on my iPhone, could these files be on my iPhone aswell?

Even if they were they cannot harm your iPhone (or your Mac for that matter). There are is no currently known malware that can affect an iPhone unless it's been jailbroken.

ContainsPnuts wrote:

When I update Clamxav it says v2.2.2 so I guess it's pretty far behind on updates.

Wow, that's from August 2011 so you are way behind.

Select "Check for ClamXav Updates..." from the ClamXav menu to automatically download and install the latest version. Then you can enable "√ Check for ClamXav update on launch" in ClamXav General Preferences.

The scan engine is slightly more capable, but the definitions will be the same, so I wouldn't expect the results to be much, if any different.