Can anyone here answer this malware question?

I can give you some partial answers, but as others have said, only Apple has all the facts here.

Apple strives to keep up with all malware that they deem to be a severe threat, but there are many more malware developers than there are Apple engineers dedicated to blocking it's use. As an example, Apple tends to ignore most adware attacks as just being a nuisance to the user rather than a malicious attack. They appear to tackle the most aggressive ones, but there are hundreds, perhaps thousands of other variants that make it very difficult for them to keep up with.

Not all malware infections blocked by the XProtect process are also cleaned up by the Malware Removal Tool and vice versa. Howard Oakley posted this blog listing the malware that Apple protects against using XProtect and MRT: Just what do XProtect and MRT protect your Mac from?

There have been at least two examples of Mac malware which first appeared in an update to XProtect/MRT, but in most cases, A-V software developers have been able to distribute detection signatures at least a day or two before Apple has been able to distribute theirs. I think that is what the "It depends..." is referring to. I don't believe that Apple has a 24-hour dedicated lab that aggressively looks for such infections like many of the larger A-V software developers have. Rather, they rely on outside security professionals and users to identify such things to them so that they can provide adequate protection.

HunterBD wrote:

Today I came across a fairly new facility designed to uncover malware and wonder if you have personally ever put it to the test on your own Apple computer(s).

Actually it's been around for over three years now. Looks like I apparently tried version 1.2.0 around this time in 2015 and it's at v1.9.3 now. I probably run it once a year and every time it's updated to see if it finds anything new and it never has. It checks in most vulnerable places for installed malware that has been uploaded to VirusTotal. It's then up to the user to decide whether that file should be deleted.

Is that answer factually correct?

If you want a factually correct answer, you should ask Apple.

We are simply other users and, unless Apple has published some information available to the general public, cannot give you factually correct answers to such questions.

I am not a shadow puppet, I originally asked the question on ClamXAV Facebook Page and that is the answer I was given by Mark Allen. Do you guys here support the use of ClamXAV now that is no longer available on the app store

Do you guys here support the use of ClamXAV now that is no longer available on the app store

We do not work for Apple and therefore cannot officially support anything. Read the ToU.

It then follows that neither you nor the OP should ask such questions of other users since you are interested only in factually correct answers, which we cannot give.

Ask Apple.

HunterBD wrote

I am not a shadow puppet, I originally asked the question on ClamXAV Facebook Page and that is the answer I was given by Mark Allen. Do you guys here support the use of ClamXAV now that is no longer available on the app stor

Etresoft, it is not helpful to join quotes from seperate people together and put one name against the joined quote.

I asked the question it would be helpful if you could answer the question if you can, rather than going on about non-extintent conspiracy theories

HunterBD wrote

Etresoft, it is not helpful to join quotes from seperate people together and put one name against the joined quote.

I asked the question it would be helpful if you could answer the question if you can, rather than going on about non-extintent conspiracy theories

On the contrary, it is very helpful to know when people aren't asking sincere questions. It is also helpful to know when people aren't even sincere about their conspiracy theories. Otherwise, honest helpers could respond sincerely, or even sarcastically, unaware that they are just being manipulated and tricked into participating in some twisted game for someone's malicious self-amusement.

HunterBD wrote:

I regret to advise that you have become rather muddled 'etresoft'. I most certainly did NOT write what you claim - that was a poster called 'asinrutee'.

Your reputation precedes you, no matter what alias you are using.

Actually, UXProtect is from a different developer within DigitaSecurity and the app came out prior to Patrick joining the company, but yes, I'm familiar with it and pointed out a couple of bugs that it had early on to the developer when it came out last fall.

All of Patrick's currently released tools are posted on his web site: https://objective-see.com/products.html. And before you ask, yes I've used them all and am helping him test a couple of new tools.

I do have a question for you, however. I'm not sure what conclusion you want us to draw from Patricks paper from four years ago? What was your take-away?

The majority of troubleshooters here are savvy enough to not feel a need anti-malware protection. Some have had bad experiences, but most never tried them. What they have observed is that many of the slow-down issues that are brought up have been cured by having the OP uninstall a A-M that monopolizes their CPU. So it's no surprise that they have adopted a position of not recommending it's use.

Most of the articles you will read about the need for such protection come from A-M developers who won't be in business long if they can't sell their wares. Even Patrick is supported in his development efforts by Patreon contributors, although his approach to protection is somewhat different from most.

That said, there is no question that Mac malware has increased greatly in the last few years, but most of it is simple adware, annoying, but not malicious. Of course there have been at least two instances of Mac Ransomware distributed, but quickly stopped.

I can give you some figures as to the number of malware types and signatures Apple uses compared with ClamXAV and ClamAV Mac unique signatures, but too late tonight.

I'm still at a loss to understand what aspect of ClamXAV you feel is unsafe. I don't recall anybody else having ever reached that conclusion. But I'm a big believer in users making up their own minds about whether they need such software and what brand, so won't try to change your mind as long as you fully understand the facts.

Like all software, there have been versions that crashed for a small number of users, but those were quickly resolved. It's extremely difficult for developers to provide crash-free software that works with OS X 10.6.8 and above and I believe ClamXAV is the only A-M that does now.

Like all A-M software, it is subject to False Positive and False Negative findings, but once reported those can quickly be repaired. Each signature is run through a QA test before release, but without user feedback some are bound to slip through. It's not possible to provide an environment to match ever possible user setup.

Now that SIP has been implemented, it's all but impossible to harm the OS by accidentally attempting to remove some component of it, which has happened at least once with all A-M software.

The ClamAV scan engine is Open Source and has been included with all versions of Apple's OS Server. Anybody who understands how to read source code can easily see exactly what it does and how it does so without having to even reverse engineer it.