Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

ClamXav detected an infection on my Imac

Infection name: php.Exploit.CVE_2015_2331-3 ClamXav found it in the actual ItunesLibrary file name, Foundation, Bom, Microsoft Office.framework , MicrosoftOffice. Importer and also some iWork files. ClamXav has quarantined some but not all.


Does anybody know what this infection is, what it does and where it stems from? Also, what should I do going forward? I never had a problem with infections before but last month I had a case of malware and now this although my computer appears to be working fine. I've attributed this to still being on Snow Leopard as it no longer receives security support from Apple. Should I upgrade to Yosimite?

iPhone 4

Posted on Aug 26, 2015 8:03 PM

Reply
13 replies

Aug 26, 2015 9:34 PM in response to UltimateRainbow

Most of us older users have found that you really do not need any Virus protection for your mac. Apple has kept up and is way ahead of other companies when it comes to protecting there Operating Systems and there users. I have been an Apple Computer user since 1997 and have never owned Virus protection for any of my Mac's. The reason is if you are a user that practices safe computing like staying away from Shareware, and steer clear of e-mails you don;t know who they are from. Again, any music that is free and not from iTunes I am very skeptical of. All of the free music is where a lot of the Malware and Viruses seem to come from. So be careful when surfing the web there is a lot of very bad stuff floating around out there.

Good Luck to you and continue safe computing.

Don Morgan

Aug 26, 2015 11:15 PM in response to UltimateRainbow

I've come across this issue myself and have spent the last few hours reading up on it. Honestly, I'm not a tech-head by any stretch and a lot of the information I found on the subject is very technical and has gone completely over my head, so this may be worth precisely what you're paying for it. But if what little I understand is correct, I don't think this particular issue affects machines running OSX -- at least, it's not listed here as a vulnerability that affects Apple products. As I understand it, it's a vulnerability on something called 'libzip' which, if a malicious zip-file is opened, can be used to either crash the computer or install code onto a machine by an outside party, but it only seems to affect Windows or Linux machines. If I'm understanding this correctly, it may even be picking up a security fix which was intended to fix this vulnerability. Since ClamXav also picked it up on the current and apparently corrected version of libzip I downloaded as an experiment (but couldn't install), this seems possible to me.

As I say, I'm not an expert by any means and welcome anyone with more knowledge to correct me, but I'm tentatively of the view that this isn't something to worry too much about.

Aug 27, 2015 8:28 AM in response to UltimateRainbow

To be perfectly honest, ClamXav while not intrusive is of no value to your Mac. I would recommend uninstalling it for just that reason. There are no viruses for OS X, however there is a small amount of malware out there that is very easily avoidable by:


  • Never use a torrent to download software.
  • Keep OS X up-to-date
  • If you receive an ad, pop-up, e-mail, or phone call advising the computer has been compromised, this is a SCAM.


It is really that simple.

Aug 27, 2015 12:06 PM in response to rkaufmann87

Although I tend to agree with your assessment with regard to the current state of OS X malware, I'm not ready to accept your recommendation that ClamXav always be uninstalled. It takes up very little space, doesn't run unless you tell it to and represents an immediately available tool should the need for such protection suddenly occur on "zero-day". I have half a dozen dormant A-V apps installed and none of them are active nor used other than for testing.

Aug 27, 2015 12:23 PM in response to MadMacs0

MadMacs0 wrote:


Although I tend to agree with your assessment with regard to the current state of OS X malware, I'm not ready to accept your recommendation that ClamXav always be uninstalled. It takes up very little space, doesn't run unless you tell it to and represents an immediately available tool should the need for such protection suddenly occur on "zero-day". I have half a dozen dormant A-V apps installed and none of them are active nor used other than for testing.

As mentioned ClamXav is not intrusive so it's relatively harmless. My recommendation is based upon the premise that it does not offer any additional value or security therefore is unnecessary. However, it's your computer so you can install whatever you would like on it.


Many experienced users on these forums have found that many commercial antivirus apps tend to create more problems than they solve, for example Norton, Avast, to name 2 I can remember off the top of my head. If you have others installed, don't be horribly surprised at some point if your system begins having issues.


I'm not really interested in debating or discussing antivirus or other security apps, I just know what I know. As I mentioned, it's your system and you can install what ever you would like on it.


Enjoy your system and best of luck with it.

Aug 27, 2015 12:26 PM in response to MadMacs0

I actually figured it out!


I was literally just about to give up and reinstall Microsoft when suddenly I saw in the actual Microsoft Application folder there's a folder called 'Office' with symbols and extensions which looked like the quarantined Microsoft Office.framework. I took a leap of faith and moved it there along with moving Microsoft Office.mdimporter back to Spotlight and it worked! Microsoft runs fine again.


You say iWork.mdimporter goes in spotlight also so I'll give that a go.


I just need to find out where iWork.qlgenerator goes.

Aug 27, 2015 9:53 PM in response to rkaufmann87

Based on this and many of your previous postings, I doubt that there is anything to debate. I think we see eye to eye on the need for safe computing, ability of an up-to-date OS X to provide adequate protection for most all users, issues surrounding Norton, Avast!, even Sophos occasionally. And I'm all in on your contention that each individual needs to make decisions such as these based on their own personal computing habits and an educated knowledge of the pros and cons involved in using A-V software. I've probably run into at least as many users as you have that are clueless as to why their computer is running so slow when they installed MacKeeper to prevent such things....


But you must have missed the fact that none of the A-V software I have installed is in an active mode, other than keeping definitions up-to-date. So there is almost zero chance that any of them will cause issues for me. That being said, I have had one instance of Sophos activating something on it's own resulting in constant log entries. Only an uninstall/re-install solved it. And Sophos is known to be one of the best behaved these days.


Last nights False Positive issue was certainly more serious than any I've previously handled. It could have been worse, but ClamXav won't allow users to move or delete system files. As it was there were at least a couple of users who disabled their Microsoft Office by quarantining critical components. One was able to recover, but I suspect the other will need to re-install from source before it's repaired. It would be nice if the folks at Cisco/ClamAV would adequately test their signatures on an OS X machine, but they are too focused on their primary threat to the Windows platform to pay much attention to others. They did take quick action this morning to whitelist the signature, but not before a dozen or so Mac users were panicked and/or crippled by it. That's probably reason enough to consider uninstalling it, but all those problems could have been avoided by simply not enabling the Quarantine option, which is what I always recommend to those who ask / listen.

ClamXav detected an infection on my Imac

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.