Phishing email, I stupidly clicked on the link and now after I scan with ClamXav it keeps reappearing even though I remove it

Yes, and they aren't viruses; I believe they are classified as malware.

jackm831 wrote:

Yes, I have heard about that, but that was a year ago and I believe they fixed the problem.

They didn't so much fix the problem as they stopped enabling it by default. However, the issue of whether the adware feature is still there or enabled by default is irrelevant; it was there. Do you want to use a product from a security company, who should be against all malware and adware, but who actually included adware in their product?

Further, this is only one indication of why you shouldn't use Avast. It also has a serious problem with false positives, and it includes an on-by-default feature that actually reduces the security of your web browser, essentially conducting what amounts to a "man-in-the-middle" attack on any secure websites. Avast should not be used at all.

But in my opinion avast should delete any virus downloaded from the email.

To be blunt, that opinion is wrong. No current anti-virus software should be allowed to delete anything from Mail's mailboxes. This causes corruption of the mailbox in question, as well as not properly removing the message from the mail server, which can result in the message reappearing in Mail again repeatedly... exactly as hels2310 has described happening when deleting this from within ClamXav.

Now that the OP has appears to have solved their problem, I'll try to address your unrelated concerns.

jackm831 wrote:

Yes, and they aren't viruses; I believe they are classified as malware.

They can be. Most spyware for Mac OS X is commercial software designed for legitimate purposes such as parental control, hence most A-V scanners consider it to be Potentially Unwanted Applications / Processes (PUA/PUP) and if they identify it at all, they just inform the user that it's there and will not remove it. Obviously if it is installed surreptitiously for the purpose of capturing privacy information from an unwary user, then it's malware.

Similarly with Adware. It's quite annoying but not malicious. Much of it is actually installed using a valid Apple Developer ID signature. In any case, none of it will purposely harm OS X, it's applications or the user's privacy. It only serves to frustrate the user.

Recent Adware has gone a bit over-the-edge by not properly informing the user that it's being installed, posing as something it's not and using techniques to avoid detection by scanners. One even diverted users away from the download site for AdwareMedic. Apple finally took steps to blacklist some of these more aggressive adware installers and I'm aware of plans for even more steps to curtail them in the future. Likewise most A-V scanners have been more proactive in identifying them to users, but again consider most to be PUA/PUP and leave removal as a user exercise.

The folks on the Cisco/ClamAV signature team have always focused on true malware (mostly in the Windows environment), hence ClamXav has never been recommended by me or most anybody else as a spyware or adware detector. MacScan from SecureMac has always excelled in the detection of spyware, but fails with respect to almost all other types of malware. AdwareMedic has always received my unwavering recommendation as the very best way to identify and optionally delete all currently known forms of Adware.

A few words on the A-V Test results that you cited. The developer of ClamXav request a copy of the sample database used in testing and has updated the ClamXav unofficial signature database to include all of them, so it would now detect 100% of that sample database. A couple of interesting things were discovered. As you properly concluded, almost all of these recent "malware" samples were spyware or adware. Secondly there were a number of duplicates contained among the samples. As many as six identical files were found. A failure to identify one counts as up to six failures and detecting one counts as six successes, thus skewing the failure rates considerably.