[clamav-users] OSX False Positives

Al Varnell alvarnell at mac.com
Wed Feb 12 05:06:28 UTC 2014 

I very much appreciate the obvious hard work from the signature team in more than doubling the number of OSX signatures in the database today.

Unfortunately it would appear that several of them are false positives that are identifying a significant number of Applications and components of the Operating System as infected.  Results are flying in, but I thought I should give you initial results now, before too much damage is done.  I am guessing that since some of them are identified as Unix executables, this will be a cross-platform issue.

Osx.Virus.Sniperspy-1:
/Applications/Adobe Photoshop Elements 8/Adobe Photoshop Elements.app	
/Applications/Adobe Photoshop Elements 8/Locales/en_US/Plug-Ins/ExportModules/save for web(pse).plugin
/Applications/Utilities/Adobe Utilities.localized/ExtendScript Toolkit CS4/ExtendScript Toolkit.app
/System/Library/PrivateFrameworks/iLifeSlideshow.framework/Versions/A/Frameworks/iLifeSlideshowCore.framework/Versions/A/iLifeSlideshowCore
/System/Library/PrivateFrameworks/iLifeSlideshow.framework/Versions/A/Frameworks/iLifeSlideshowProducer.framework/Versions/A/iLifeSlideshowProducer
/Applications/Adobe Reader.app
/Applications/Adobe Acrobat 9 Pro/Adobe Acrobat Pro.app
/Applications/Adobe Device Central CS5/Adobe Device Central CS5.app/Contents/Frameworks/Players/FlashLite/FL40/Flashlite.bundle
/Applications/Adobe Device Central CS5/Adobe Device Central CS5.app/Contents/Frameworks/Players/FlashLite/FL40/Flashlite_Pix8888_32.bundle
/Applications/Adobe Flash CS5/Adobe Flash CS5.app
/Applications/TomTom HOME.app/Contents/Frameworks/XUL.framework/plugins/JavaEmbeddingPlugin.bundle
/usr/bin/qtdefaults

Osx.Backdoor.Blackhole-3:	
/Applications/Apimac Timer.app	
/Applications/Mactracker.app	
/Applications/SQLiteManager.app
/Applications/iBoard.app

Osx.Virus.Clapzok-3
/bin/cp 	

Osx.Virus.Clapzok-2
/bin/ls

I’ll submit what I can to the FP site, but even if Alain gives permission to submit more than two files a day, I doubt that we’ll be able to get them all to you in a timely manner.


-Al-
-- 
Al Varnell
Mountain View, CA

More information about the clamav-users mailing list