Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Stephen Chape 
Thank you Julie,
That is good feedback from someone who has experienced this.
I will have to give this some serious thought now !

On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:

> Stephen,
> Just jumping in here.  I have the latest Virus Barrier which has so far 
> caused me a pain and now I am unable to open Safari at all.
> I am not sure if I uninstall Virus Barrier it will make any difference.  I 
> would personally not recommend this program. I am on OS 10.7.5
> 
> Jewels
> On 25/02/2014, at 9:54 PM, Stephen Chape wrote:
> 
>> Flaming amazing isn’t it.
>> You pay for the reputed good quality product.
>> Then find that the free one does more (or so it seems).
>> Do you have the latest version of Virus Barrier Severin ?
>> 
>> On 25 Feb 2014, at 2:21 pm, Severin Crisp  wrote:
>> 
>>> Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
>>> which is protected by Intego Virus Barrier etc.  Lo and behold, a list of 
>>> about 15 nasties came up, all Windows like and all related to unopened 
>>> attachments on filed emails.   
>>> Thanks Reg, a bit of housekeeping called for!
>>> Severin Crisp
>>> On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:
>>> 
 Hi all
 
 I've renamed this email to reflect its discussion contents.
 
 After a considerable length of time (especially as the MBP went to sleep 
 overnight and interrupted the scan, this is what my clamXav found today: 
 three files quarantined.
 
 One is a .dmg from my Downloads folder. Don't know what it was for but 
 ClamXav identified it as Osx.Trojan.Genieo
 The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
 Library/App Support/Wine/ folder which does "heaven-knows-what".
 The third was in my Mail inbox. an .emlx file, identified as 
 Heuristics.Phishing.Email.SpoofedDomain
 
 The log suggests the last time I scanned was Jan 8th 2014, where I recall 
 a similar number were found, including .exe files from my TomTom Home 
 folder, presumably downloaded when I last updated my TomTom gps.
 
 What does this all suggest? I'm not sure really. 
 
 The .dmg trojan is a little worrying. You can read about it here 
 http://www.protectmac.com/support/malware.html (my Google search) and 
 clicking on the Osx.Trojan.Genieo link. Quote in part:
 "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player update. 
 The software uses the (legitimate) Genieo* engine to customise the user's 
 web browser to display adware, redirect Internet searches that the user 
 has made via Google and Yahoo and gather and report analytical information 
 about the user's computer and Internet usage. While browsing the Internet 
 users will see a Flash Player alert on websites containing the threat, the 
 alerts are triggered by JavaScript within the web page."
 
 The Trojan.6968321 is .exe so cannot affect OS X but I can't find out much 
 more about it, searching the web.
 
 The Mail  Heuristics.Phishing.Email.SpoofedDomain 
 https://discussions.apple.com/thread/3916707 generates interesting 
 discussion here https://discussions.apple.com/thread/3916707, with a 
 caution of the risk of clamXav shifting things out of Mail folders, 
 however as this is a message, I see no problem deleting it.
 
 Here are the details of the scan, for your interest.
 
 Regards, Reg
 
 --- SCAN SUMMARY ---
 Known viruses: 3131695
 Engine version: 0.97.5
 Scanned directories: 150953
 Scanned files: 523033
 Infected files: 3
 Total errors: 109
 Data scanned: 246386.79 MB
 Data read: 379118.09 MB (ratio 0.65:1)
 Time: 44540.014 sec (742 m 20 s)
 
 One or more infected files were found and were moved into your quarantine 
 folder.
 
 Filename   Infection Name  Status
 igPT0upO.dmg.part  Osx.Trojan.Genieo   Quarantined
 reader_sl.exe  Win.Trojan.6968321  Quarantined
 35571.emlx Heuristics.Phishing.Email.SpoofedDomain  Quarantined
 
 /Users/Reg/Downloads/igPT0upO.dmg.part: moved to 
 '/Users/Reg/Documents/ClamXav Qurarantine Files/igPT0upO.dmg.part'
 
 /Users/Reg/Library/Application 
 Support/Wine/prefixes/QuestAtlantis/drive_c/Program Files/Adobe/Reader 
 9.0/Reader/reader_sl.exe: moved to '/Users/Reg/Documents/ClamXav 
 Qurarantine Files/reader_sl.exe'
 
 /Users/Reg/Library/Mail/V2/pop-rwhit...@internode.on.net@mail.internode.on.net/INBOX.mbox/5C79EA5D-E978-473A-A3EE-FEE97ACB8CD2/Data/5/3/Messages/35571.emlx:
  moved to '/Users/Reg/Documents/ClamXav Qurarantine Files/35571.emlx'
 On 24 Feb 2014, at 7:52 pm, Reg Whitely  wrote:
 
> Hi all
> 
> I cannot comment on Virus Barrier but have used ClamXav for many years 
> http://www.clamxav.com/ as good quality free virus protection, and I 
> think it is gr

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Severin Crisp 
Yes she sure did

On 26 Feb 2014, at 11:40 am, Susan Hastings  wrote:

> Hopefully she had a laugh as well.
> 
> Sent from my iPhone
> 
> On 26 Feb 2014, at 11:16 am, Severin Crisp  wrote:
> 
>> Susan, looking at my original email I can see where you are coming from - I 
>> certainly invited your comment!   I claim the excuse of advancing years and 
>> not reading what I have typed, at least I spelled it correctly.   I assure 
>> everybody that I have just one wife, and a very special one at that!  The 
>> MacBook is hers and I only use it to do updates and housekeeping for her.  
>> The iMac is my territory and the iPad is common ground.  A pretty good 
>> shared existence we enjoy, whichever way you look at it.  I wish all 
>> WAMUGGERS the same.  
>> Severin
>> 
>> On 25 Feb 2014, at 11:04 pm, Susan Hastings  wrote:
>> 
>>> Hi Severin, glad to hear that your wives are happy to share the MacBook. 
>>> Lots of women wouldn't.
>>> 
>>> Sorry, couldn't resist. It would be good if spell checking was intelligent!
>>> 
>>> Cheers, Susan
>>> 
>>> Sent from my iPad
>>> 
>>> On 25 Feb 2014, at 10:57 pm, Severin Crisp  wrote:
>>> 
 I have never had any problems with Virus Barrier (or Net Barrier, which I 
 have used on several computers four several years (currently on my iMac, 
 my wives MacBook with Lion and my iPad mini) and it certainly notifies 
 suspicious incoming emails etc but seemingly misses some.  I have the 
 latest version with Mavericks on the iMac.
 Sorry to hear others are not so happy with it.  
 Severin
 
 
 On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:
 
> Stephen,
> Just jumping in here.  I have the latest Virus Barrier which has so far 
> caused me a pain and now I am unable to open Safari at all.
> I am not sure if I uninstall Virus Barrier it will make any difference.  
> I would personally not recommend this program. I am on OS 10.7.5
> 
> Jewels
> On 25/02/2014, at 9:54 PM, Stephen Chape wrote:
> 
>> Flaming amazing isn’t it.
>> You pay for the reputed good quality product.
>> Then find that the free one does more (or so it seems).
>> Do you have the latest version of Virus Barrier Severin ?
>> 
>> On 25 Feb 2014, at 2:21 pm, Severin Crisp  
>> wrote:
>> 
>>> Following Reg’s comments I downloaded ClamXav and checked my hard 
>>> drive, which is protected by Intego Virus Barrier etc.  Lo and behold, 
>>> a list of about 15 nasties came up, all Windows like and all related to 
>>> unopened attachments on filed emails.   
>>> Thanks Reg, a bit of housekeeping called for!
>>> Severin Crisp
>>> On 25 Feb 2014, at 9:22 am, Reg Whitely  
>>> wrote:
>>> 
 Hi all
 
 I've renamed this email to reflect its discussion contents.
 
 After a considerable length of time (especially as the MBP went to 
 sleep overnight and interrupted the scan, this is what my clamXav 
 found today: three files quarantined.
 
 One is a .dmg from my Downloads folder. Don't know what it was for but 
 ClamXav identified it as Osx.Trojan.Genieo
 The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
 Library/App Support/Wine/ folder which does "heaven-knows-what".
 The third was in my Mail inbox. an .emlx file, identified as 
 Heuristics.Phishing.Email.SpoofedDomain
 
 The log suggests the last time I scanned was Jan 8th 2014, where I 
 recall a similar number were found, including .exe files from my 
 TomTom Home folder, presumably downloaded when I last updated my 
 TomTom gps.
 
 What does this all suggest? I'm not sure really. 
 
 The .dmg trojan is a little worrying. You can read about it here 
 http://www.protectmac.com/support/malware.html (my Google search) and 
 clicking on the Osx.Trojan.Genieo link. Quote in part:
 "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player 
 update. The software uses the (legitimate) Genieo* engine to customise 
 the user's web browser to display adware, redirect Internet searches 
 that the user has made via Google and Yahoo and gather and report 
 analytical information about the user's computer and Internet usage. 
 While browsing the Internet users will see a Flash Player alert on 
 websites containing the threat, the alerts are triggered by JavaScript 
 within the web page."
 
 The Trojan.6968321 is .exe so cannot affect OS X but I can't find out 
 much more about it, searching the web.
 
 The Mail  Heuristics.Phishing.Email.SpoofedDomain 
 https://discussions.apple.com/thread/3916707 generates interesting 
 discussion here https://discussions.apple.com/thread/3916707, with a 
 cauti

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Julie Bedford 
Hi Ronni,
Apologise, I completely missed it.  
Fortunately, I have not tried to uninstall the Intego software.  
My OSX is 10.7.5. The Intego software consists of the following:
Virus Barrier - version 10.7.8
NetUpdate - version 10.7.4
NetBarrier - version 10.7.5
I purchased this within the last two weeks.   If I can get rid of this and get 
my Safari 
back working, I'll be happy.  I will then maybe check out the ClamXav.  

Do you personally think it wise to have some form of protection ?

Thanks 
Jewels


On 25/02/2014, at 11:08 PM, Ronda Brown wrote:

> Hello Jewels,
> 
> I did reply to your first email and mentioned
> "To help you with your current problem Jewels, we would require more info... 
> Also the version of OS X & the correct name & version of the Intego software 
> you have installed." 
> 
> How to Uninstall Intego 2013 Products
> How to Uninstall Software
> 
> To properly uninstall your Intego software it is important that you use the 
> latest Installer for your software.  If you have manually attempted to remove 
> the software, you will need to first, reinstall the software again, then use 
> the Installer package to properly remove the applications and NetUpdate icon 
> from the menu bar.  If you do not have an Intego Installer available you can 
> download one from here:
> 
> http://www.intego.com/support/downloads
> 
> 
> 
> 
> Cheers,
> Ronni
> Sent from Ronni's iPad4
> 
> 
> On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:
> 
>> Stephen,
>> Just jumping in here.  I have the latest Virus Barrier which has so far 
>> caused me a pain and now I am unable to open Safari at all.
>> I am not sure if I uninstall Virus Barrier it will make any difference.  I 
>> would personally not recommend this program. I am on OS 10.7.5
>> 
>> Jewels
> -- The WA Macintosh User Group Mailing List --
> Archives - 
> Guidelines - 
> Settings & Unsubscribe - 
> 

-- The WA Macintosh User Group Mailing List --
Archives - 
Guidelines - 
Settings & Unsubscribe -

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Susan Hastings 
Hopefully she had a laugh as well.

Sent from my iPhone

> On 26 Feb 2014, at 11:16 am, Severin Crisp  wrote:
> 
> Susan, looking at my original email I can see where you are coming from - I 
> certainly invited your comment!   I claim the excuse of advancing years and 
> not reading what I have typed, at least I spelled it correctly.   I assure 
> everybody that I have just one wife, and a very special one at that!  The 
> MacBook is hers and I only use it to do updates and housekeeping for her.  
> The iMac is my territory and the iPad is common ground.  A pretty good shared 
> existence we enjoy, whichever way you look at it.  I wish all WAMUGGERS the 
> same.  
> Severin
> 
>> On 25 Feb 2014, at 11:04 pm, Susan Hastings  wrote:
>> 
>> Hi Severin, glad to hear that your wives are happy to share the MacBook. 
>> Lots of women wouldn't.
>> 
>> Sorry, couldn't resist. It would be good if spell checking was intelligent!
>> 
>> Cheers, Susan
>> 
>> Sent from my iPad
>> 
>>> On 25 Feb 2014, at 10:57 pm, Severin Crisp  wrote:
>>> 
>>> I have never had any problems with Virus Barrier (or Net Barrier, which I 
>>> have used on several computers four several years (currently on my iMac, my 
>>> wives MacBook with Lion and my iPad mini) and it certainly notifies 
>>> suspicious incoming emails etc but seemingly misses some.  I have the 
>>> latest version with Mavericks on the iMac.
>>> Sorry to hear others are not so happy with it.  
>>> Severin
>>> 
>>> 
 On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:
 
 Stephen,
 Just jumping in here.  I have the latest Virus Barrier which has so far 
 caused me a pain and now I am unable to open Safari at all.
 I am not sure if I uninstall Virus Barrier it will make any difference.  I 
 would personally not recommend this program. I am on OS 10.7.5
 
 Jewels
> On 25/02/2014, at 9:54 PM, Stephen Chape wrote:
> 
> Flaming amazing isn’t it.
> You pay for the reputed good quality product.
> Then find that the free one does more (or so it seems).
> Do you have the latest version of Virus Barrier Severin ?
> 
>> On 25 Feb 2014, at 2:21 pm, Severin Crisp  
>> wrote:
>> 
>> Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
>> which is protected by Intego Virus Barrier etc.  Lo and behold, a list 
>> of about 15 nasties came up, all Windows like and all related to 
>> unopened attachments on filed emails.   
>> Thanks Reg, a bit of housekeeping called for!
>> Severin Crisp
>>> On 25 Feb 2014, at 9:22 am, Reg Whitely  
>>> wrote:
>>> 
>>> Hi all
>>> 
>>> I've renamed this email to reflect its discussion contents.
>>> 
>>> After a considerable length of time (especially as the MBP went to 
>>> sleep overnight and interrupted the scan, this is what my clamXav found 
>>> today: three files quarantined.
>>> 
>>> One is a .dmg from my Downloads folder. Don't know what it was for but 
>>> ClamXav identified it as Osx.Trojan.Genieo
>>> The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
>>> Library/App Support/Wine/ folder which does "heaven-knows-what".
>>> The third was in my Mail inbox. an .emlx file, identified as 
>>> Heuristics.Phishing.Email.SpoofedDomain
>>> 
>>> The log suggests the last time I scanned was Jan 8th 2014, where I 
>>> recall a similar number were found, including .exe files from my TomTom 
>>> Home folder, presumably downloaded when I last updated my TomTom gps.
>>> 
>>> What does this all suggest? I'm not sure really. 
>>> 
>>> The .dmg trojan is a little worrying. You can read about it here 
>>> http://www.protectmac.com/support/malware.html (my Google search) and 
>>> clicking on the Osx.Trojan.Genieo link. Quote in part:
>>> "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player 
>>> update. The software uses the (legitimate) Genieo* engine to customise 
>>> the user's web browser to display adware, redirect Internet searches 
>>> that the user has made via Google and Yahoo and gather and report 
>>> analytical information about the user's computer and Internet usage. 
>>> While browsing the Internet users will see a Flash Player alert on 
>>> websites containing the threat, the alerts are triggered by JavaScript 
>>> within the web page."
>>> 
>>> The Trojan.6968321 is .exe so cannot affect OS X but I can't find out 
>>> much more about it, searching the web.
>>> 
>>> The Mail  Heuristics.Phishing.Email.SpoofedDomain 
>>> https://discussions.apple.com/thread/3916707 generates interesting 
>>> discussion here https://discussions.apple.com/thread/3916707, with a 
>>> caution of the risk of clamXav shifting things out of Mail folders, 
>>> however as this is a message, I see no problem deleting it.
>>> 
>>> Here are the details of th

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Severin Crisp 
Susan, looking at my original email I can see where you are coming from - I 
certainly invited your comment!   I claim the excuse of advancing years and not 
reading what I have typed, at least I spelled it correctly.   I assure 
everybody that I have just one wife, and a very special one at that!  The 
MacBook is hers and I only use it to do updates and housekeeping for her.  The 
iMac is my territory and the iPad is common ground.  A pretty good shared 
existence we enjoy, whichever way you look at it.  I wish all WAMUGGERS the 
same.  
Severin

On 25 Feb 2014, at 11:04 pm, Susan Hastings  wrote:

> Hi Severin, glad to hear that your wives are happy to share the MacBook. Lots 
> of women wouldn't.
> 
> Sorry, couldn't resist. It would be good if spell checking was intelligent!
> 
> Cheers, Susan
> 
> Sent from my iPad
> 
> On 25 Feb 2014, at 10:57 pm, Severin Crisp  wrote:
> 
>> I have never had any problems with Virus Barrier (or Net Barrier, which I 
>> have used on several computers four several years (currently on my iMac, my 
>> wives MacBook with Lion and my iPad mini) and it certainly notifies 
>> suspicious incoming emails etc but seemingly misses some.  I have the latest 
>> version with Mavericks on the iMac.
>> Sorry to hear others are not so happy with it.  
>> Severin
>> 
>> 
>> On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:
>> 
>>> Stephen,
>>> Just jumping in here.  I have the latest Virus Barrier which has so far 
>>> caused me a pain and now I am unable to open Safari at all.
>>> I am not sure if I uninstall Virus Barrier it will make any difference.  I 
>>> would personally not recommend this program. I am on OS 10.7.5
>>> 
>>> Jewels
>>> On 25/02/2014, at 9:54 PM, Stephen Chape wrote:
>>> 
 Flaming amazing isn’t it.
 You pay for the reputed good quality product.
 Then find that the free one does more (or so it seems).
 Do you have the latest version of Virus Barrier Severin ?
 
 On 25 Feb 2014, at 2:21 pm, Severin Crisp  wrote:
 
> Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
> which is protected by Intego Virus Barrier etc.  Lo and behold, a list of 
> about 15 nasties came up, all Windows like and all related to unopened 
> attachments on filed emails.   
> Thanks Reg, a bit of housekeeping called for!
> Severin Crisp
> On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:
> 
>> Hi all
>> 
>> I've renamed this email to reflect its discussion contents.
>> 
>> After a considerable length of time (especially as the MBP went to sleep 
>> overnight and interrupted the scan, this is what my clamXav found today: 
>> three files quarantined.
>> 
>> One is a .dmg from my Downloads folder. Don't know what it was for but 
>> ClamXav identified it as Osx.Trojan.Genieo
>> The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
>> Library/App Support/Wine/ folder which does "heaven-knows-what".
>> The third was in my Mail inbox. an .emlx file, identified as 
>> Heuristics.Phishing.Email.SpoofedDomain
>> 
>> The log suggests the last time I scanned was Jan 8th 2014, where I 
>> recall a similar number were found, including .exe files from my TomTom 
>> Home folder, presumably downloaded when I last updated my TomTom gps.
>> 
>> What does this all suggest? I'm not sure really. 
>> 
>> The .dmg trojan is a little worrying. You can read about it here 
>> http://www.protectmac.com/support/malware.html (my Google search) and 
>> clicking on the Osx.Trojan.Genieo link. Quote in part:
>> "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player 
>> update. The software uses the (legitimate) Genieo* engine to customise 
>> the user's web browser to display adware, redirect Internet searches 
>> that the user has made via Google and Yahoo and gather and report 
>> analytical information about the user's computer and Internet usage. 
>> While browsing the Internet users will see a Flash Player alert on 
>> websites containing the threat, the alerts are triggered by JavaScript 
>> within the web page."
>> 
>> The Trojan.6968321 is .exe so cannot affect OS X but I can't find out 
>> much more about it, searching the web.
>> 
>> The Mail  Heuristics.Phishing.Email.SpoofedDomain 
>> https://discussions.apple.com/thread/3916707 generates interesting 
>> discussion here https://discussions.apple.com/thread/3916707, with a 
>> caution of the risk of clamXav shifting things out of Mail folders, 
>> however as this is a message, I see no problem deleting it.
>> 
>> Here are the details of the scan, for your interest.
>> 
>> Regards, Reg
>> 
>> --- SCAN SUMMARY ---
>> Known viruses: 3131695
>> Engine version: 0.97.5
>> Scanned directories: 150953
>> Scanned files: 523033
>> Infected files: 3

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Peter Hinchliffe 
All of the posts to this thread simply server to reinforce the principle that 
it is your own behaviour, not software, which is most effective against malware 
issues.

For example, NEVER apply an update for Flash in any other way than going 
directly to Adobe. The easiest way is to open the Flash Player System 
Preference and click "Check now". This will ensure that any updates are genuine.

.exe files are Windows-only, and even if you have something like Parallels or 
use Boot Camp, can't affect anything on your Mac. The worst thing they can do 
is take up room on your hard drive.

Don't click links in emails unless they are from a known, trusted source. Even 
then, the Mac has a wonderful feature in Mail called the QuickLook link which 
allows you to preview a link before clicking it. This is one of the most 
effective anti-malware devices available, and is hardly ever mentioned.

Don't visit questionable web sites. If you're searching for content in 
something like Goole, and end up on an irrelevant site, it's a sure sign you 
could be heading for trouble. Back out and try something else.

There is malware out there that no software can protect you against (especially 
on Windows - not such a problem on Macs). In the end it is your own behaviour 
which will be your undoing. 


Peter HinchliffeApwin Computer Services
FileMaker Pro Solutions Developer
Perth, Western Australia
Phone (618) 9332 6482Mob 0403 046 948

Mac because I prefer it -- Windows because I have to.

-- The WA Macintosh User Group Mailing List --
Archives - 
Guidelines - 
Settings & Unsubscribe -

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Ronda Brown 
Hello Jewels,

I did reply to your first email and mentioned
"To help you with your current problem Jewels, we would require more info... 
Also the version of OS X & the correct name & version of the Intego software 
you have installed." 

How to Uninstall Intego 2013 Products
How to Uninstall Software
To properly uninstall your Intego software it is important that you use the 
latest Installer for your software.  If you have manually attempted to remove 
the software, you will need to first, reinstall the software again, then use 
the Installer package to properly remove the applications and NetUpdate icon 
from the menu bar.  If you do not have an Intego Installer available you can 
download one from here:
http://www.intego.com/support/downloads



Cheers,
Ronni
Sent from Ronni's iPad4


> On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:
> 
> Stephen,
> Just jumping in here.  I have the latest Virus Barrier which has so far 
> caused me a pain and now I am unable to open Safari at all.
> I am not sure if I uninstall Virus Barrier it will make any difference.  I 
> would personally not recommend this program. I am on OS 10.7.5
> 
> Jewels
-- The WA Macintosh User Group Mailing List --
Archives - 
Guidelines - 
Settings & Unsubscribe -

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Daniel Kerr 
LOL. Well spotted,….lol.

That reminds me of the article I read when a guy was showing off to his friend 
how great this new "Siri" was on his new phone. And he said to his mate,..how 
watch how good this works.
He then said to Siri…"Siri, call my wife".
And Siri replied,.."which wife would you like to call".
It took him hours to get the red out of his cheeks I believe,..and his mate 
said "Oh,…so that's how it is with you then eh!"/
(What he'd done was set up two separate contacts as Wife-Work, and Wife-Home. 
Rather then one card with two numbers. So of course Siri was doing the right 
thing to ask "which one it was").

I thought that was quite funny :))

Almost as good as Severin's :o))

hehe. Thanks for the laugh :)

Kind regards
Daniel
---
Daniel Kerr
MacWizardry

Phone: 0414 795 960
Email: 
Web:   


**For everything Apple**

NOTE: Any information provided in this email may be my personal opinion and as 
such should be taken accordingly, and may not be the views of MacWizardry. Any 
information provided does not offer or warrant any form of warranty or accept 
liability. It would be appreciated that if any information in this email is to 
be disseminated, distributed or copied, that permission by the author be 
requested. 

On 25/02/2014, at 11:04 PM, Susan Hastings  wrote:

> Hi Severin, glad to hear that your wives are happy to share the MacBook. Lots 
> of women wouldn't.
> 
> Sorry, couldn't resist. It would be good if spell checking was intelligent!
> 
> Cheers, Susan
> 
> Sent from my iPad
> 
> On 25 Feb 2014, at 10:57 pm, Severin Crisp  wrote:
> 
>> I have never had any problems with Virus Barrier (or Net Barrier, which I 
>> have used on several computers four several years (currently on my iMac, my 
>> wives MacBook with Lion and my iPad mini) and it certainly notifies 
>> suspicious incoming emails etc but seemingly misses some.  I have the latest 
>> version with Mavericks on the iMac.
>> Sorry to hear others are not so happy with it.  
>> Severin
>> 
>> 
>> On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:
>> 
>>> Stephen,
>>> Just jumping in here.  I have the latest Virus Barrier which has so far 
>>> caused me a pain and now I am unable to open Safari at all.
>>> I am not sure if I uninstall Virus Barrier it will make any difference.  I 
>>> would personally not recommend this program. I am on OS 10.7.5
>>> 
>>> Jewels
>>> On 25/02/2014, at 9:54 PM, Stephen Chape wrote:
>>> 
 Flaming amazing isn’t it.
 You pay for the reputed good quality product.
 Then find that the free one does more (or so it seems).
 Do you have the latest version of Virus Barrier Severin ?
 
 On 25 Feb 2014, at 2:21 pm, Severin Crisp  wrote:
 
> Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
> which is protected by Intego Virus Barrier etc.  Lo and behold, a list of 
> about 15 nasties came up, all Windows like and all related to unopened 
> attachments on filed emails.   
> Thanks Reg, a bit of housekeeping called for!
> Severin Crisp
> On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:
> 
>> Hi all
>> 
>> I've renamed this email to reflect its discussion contents.
>> 
>> After a considerable length of time (especially as the MBP went to sleep 
>> overnight and interrupted the scan, this is what my clamXav found today: 
>> three files quarantined.
>> 
>> One is a .dmg from my Downloads folder. Don't know what it was for but 
>> ClamXav identified it as Osx.Trojan.Genieo
>> The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
>> Library/App Support/Wine/ folder which does "heaven-knows-what".
>> The third was in my Mail inbox. an .emlx file, identified as 
>> Heuristics.Phishing.Email.SpoofedDomain
>> 
>> The log suggests the last time I scanned was Jan 8th 2014, where I 
>> recall a similar number were found, including .exe files from my TomTom 
>> Home folder, presumably downloaded when I last updated my TomTom gps.
>> 
>> What does this all suggest? I'm not sure really. 
>> 
>> The .dmg trojan is a little worrying. You can read about it here 
>> http://www.protectmac.com/support/malware.html (my Google search) and 
>> clicking on the Osx.Trojan.Genieo link. Quote in part:
>> "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player 
>> update. The software uses the (legitimate) Genieo* engine to customise 
>> the user's web browser to display adware, redirect Internet searches 
>> that the user has made via Google and Yahoo and gather and report 
>> analytical information about the user's computer and Internet usage. 
>> While browsing the Internet users will see a Flash Player alert on 
>> websites containing the threat, the alerts are triggered by JavaScript 
>> within the web page."
>> 
>> The Trojan.6968321 is .exe so cannot affect OS X

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Susan Hastings 
Hi Severin, glad to hear that your wives are happy to share the MacBook. Lots 
of women wouldn't.

Sorry, couldn't resist. It would be good if spell checking was intelligent!

Cheers, Susan

Sent from my iPad

> On 25 Feb 2014, at 10:57 pm, Severin Crisp  wrote:
> 
> I have never had any problems with Virus Barrier (or Net Barrier, which I 
> have used on several computers four several years (currently on my iMac, my 
> wives MacBook with Lion and my iPad mini) and it certainly notifies 
> suspicious incoming emails etc but seemingly misses some.  I have the latest 
> version with Mavericks on the iMac.
> Sorry to hear others are not so happy with it.  
> Severin
> 
> 
>> On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:
>> 
>> Stephen,
>> Just jumping in here.  I have the latest Virus Barrier which has so far 
>> caused me a pain and now I am unable to open Safari at all.
>> I am not sure if I uninstall Virus Barrier it will make any difference.  I 
>> would personally not recommend this program. I am on OS 10.7.5
>> 
>> Jewels
>>> On 25/02/2014, at 9:54 PM, Stephen Chape wrote:
>>> 
>>> Flaming amazing isn’t it.
>>> You pay for the reputed good quality product.
>>> Then find that the free one does more (or so it seems).
>>> Do you have the latest version of Virus Barrier Severin ?
>>> 
 On 25 Feb 2014, at 2:21 pm, Severin Crisp  wrote:
 
 Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
 which is protected by Intego Virus Barrier etc.  Lo and behold, a list of 
 about 15 nasties came up, all Windows like and all related to unopened 
 attachments on filed emails.   
 Thanks Reg, a bit of housekeeping called for!
 Severin Crisp
> On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:
> 
> Hi all
> 
> I've renamed this email to reflect its discussion contents.
> 
> After a considerable length of time (especially as the MBP went to sleep 
> overnight and interrupted the scan, this is what my clamXav found today: 
> three files quarantined.
> 
> One is a .dmg from my Downloads folder. Don't know what it was for but 
> ClamXav identified it as Osx.Trojan.Genieo
> The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
> Library/App Support/Wine/ folder which does "heaven-knows-what".
> The third was in my Mail inbox. an .emlx file, identified as 
> Heuristics.Phishing.Email.SpoofedDomain
> 
> The log suggests the last time I scanned was Jan 8th 2014, where I recall 
> a similar number were found, including .exe files from my TomTom Home 
> folder, presumably downloaded when I last updated my TomTom gps.
> 
> What does this all suggest? I'm not sure really. 
> 
> The .dmg trojan is a little worrying. You can read about it here 
> http://www.protectmac.com/support/malware.html (my Google search) and 
> clicking on the Osx.Trojan.Genieo link. Quote in part:
> "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player 
> update. The software uses the (legitimate) Genieo* engine to customise 
> the user's web browser to display adware, redirect Internet searches that 
> the user has made via Google and Yahoo and gather and report analytical 
> information about the user's computer and Internet usage. While browsing 
> the Internet users will see a Flash Player alert on websites containing 
> the threat, the alerts are triggered by JavaScript within the web page."
> 
> The Trojan.6968321 is .exe so cannot affect OS X but I can't find out 
> much more about it, searching the web.
> 
> The Mail  Heuristics.Phishing.Email.SpoofedDomain 
> https://discussions.apple.com/thread/3916707 generates interesting 
> discussion here https://discussions.apple.com/thread/3916707, with a 
> caution of the risk of clamXav shifting things out of Mail folders, 
> however as this is a message, I see no problem deleting it.
> 
> Here are the details of the scan, for your interest.
> 
> Regards, Reg
> 
> --- SCAN SUMMARY ---
> Known viruses: 3131695
> Engine version: 0.97.5
> Scanned directories: 150953
> Scanned files: 523033
> Infected files: 3
> Total errors: 109
> Data scanned: 246386.79 MB
> Data read: 379118.09 MB (ratio 0.65:1)
> Time: 44540.014 sec (742 m 20 s)
> 
> One or more infected files were found and were moved into your quarantine 
> folder.
> 
> Filename  Infection Name  Status
> igPT0upO.dmg.part Osx.Trojan.Genieo   Quarantined
> reader_sl.exe Win.Trojan.6968321  Quarantined
> 35571.emlxHeuristics.Phishing.Email.SpoofedDomain  
> Quarantined
> 
> /Users/Reg/Downloads/igPT0upO.dmg.part: moved to 
> '/Users/Reg/Documents/ClamXav Qurarantine Files/igPT0upO.dmg.part'
> 
> /Users/Reg/Library/Application 
> Support/Wine/p

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Severin Crisp 
I have never had any problems with Virus Barrier (or Net Barrier, which I have 
used on several computers four several years (currently on my iMac, my wives 
MacBook with Lion and my iPad mini) and it certainly notifies suspicious 
incoming emails etc but seemingly misses some.  I have the latest version with 
Mavericks on the iMac.
Sorry to hear others are not so happy with it.  
Severin


On 25 Feb 2014, at 10:35 pm, Julie Bedford  wrote:

> Stephen,
> Just jumping in here.  I have the latest Virus Barrier which has so far 
> caused me a pain and now I am unable to open Safari at all.
> I am not sure if I uninstall Virus Barrier it will make any difference.  I 
> would personally not recommend this program. I am on OS 10.7.5
> 
> Jewels
> On 25/02/2014, at 9:54 PM, Stephen Chape wrote:
> 
>> Flaming amazing isn’t it.
>> You pay for the reputed good quality product.
>> Then find that the free one does more (or so it seems).
>> Do you have the latest version of Virus Barrier Severin ?
>> 
>> On 25 Feb 2014, at 2:21 pm, Severin Crisp  wrote:
>> 
>>> Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
>>> which is protected by Intego Virus Barrier etc.  Lo and behold, a list of 
>>> about 15 nasties came up, all Windows like and all related to unopened 
>>> attachments on filed emails.   
>>> Thanks Reg, a bit of housekeeping called for!
>>> Severin Crisp
>>> On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:
>>> 
 Hi all
 
 I've renamed this email to reflect its discussion contents.
 
 After a considerable length of time (especially as the MBP went to sleep 
 overnight and interrupted the scan, this is what my clamXav found today: 
 three files quarantined.
 
 One is a .dmg from my Downloads folder. Don't know what it was for but 
 ClamXav identified it as Osx.Trojan.Genieo
 The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
 Library/App Support/Wine/ folder which does "heaven-knows-what".
 The third was in my Mail inbox. an .emlx file, identified as 
 Heuristics.Phishing.Email.SpoofedDomain
 
 The log suggests the last time I scanned was Jan 8th 2014, where I recall 
 a similar number were found, including .exe files from my TomTom Home 
 folder, presumably downloaded when I last updated my TomTom gps.
 
 What does this all suggest? I'm not sure really. 
 
 The .dmg trojan is a little worrying. You can read about it here 
 http://www.protectmac.com/support/malware.html (my Google search) and 
 clicking on the Osx.Trojan.Genieo link. Quote in part:
 "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player update. 
 The software uses the (legitimate) Genieo* engine to customise the user's 
 web browser to display adware, redirect Internet searches that the user 
 has made via Google and Yahoo and gather and report analytical information 
 about the user's computer and Internet usage. While browsing the Internet 
 users will see a Flash Player alert on websites containing the threat, the 
 alerts are triggered by JavaScript within the web page."
 
 The Trojan.6968321 is .exe so cannot affect OS X but I can't find out much 
 more about it, searching the web.
 
 The Mail  Heuristics.Phishing.Email.SpoofedDomain 
 https://discussions.apple.com/thread/3916707 generates interesting 
 discussion here https://discussions.apple.com/thread/3916707, with a 
 caution of the risk of clamXav shifting things out of Mail folders, 
 however as this is a message, I see no problem deleting it.
 
 Here are the details of the scan, for your interest.
 
 Regards, Reg
 
 --- SCAN SUMMARY ---
 Known viruses: 3131695
 Engine version: 0.97.5
 Scanned directories: 150953
 Scanned files: 523033
 Infected files: 3
 Total errors: 109
 Data scanned: 246386.79 MB
 Data read: 379118.09 MB (ratio 0.65:1)
 Time: 44540.014 sec (742 m 20 s)
 
 One or more infected files were found and were moved into your quarantine 
 folder.
 
 Filename   Infection Name  Status
 igPT0upO.dmg.part  Osx.Trojan.Genieo   Quarantined
 reader_sl.exe  Win.Trojan.6968321  Quarantined
 35571.emlx Heuristics.Phishing.Email.SpoofedDomain  Quarantined
 
 /Users/Reg/Downloads/igPT0upO.dmg.part: moved to 
 '/Users/Reg/Documents/ClamXav Qurarantine Files/igPT0upO.dmg.part'
 
 /Users/Reg/Library/Application 
 Support/Wine/prefixes/QuestAtlantis/drive_c/Program Files/Adobe/Reader 
 9.0/Reader/reader_sl.exe: moved to '/Users/Reg/Documents/ClamXav 
 Qurarantine Files/reader_sl.exe'
 
 /Users/Reg/Library/Mail/V2/pop-rwhit...@internode.on.net@mail.internode.on.net/INBOX.mbox/5C79EA5D-E978-473A-A3EE-FEE97ACB8CD2/Data/5/3/Messages/35571.emlx:
  moved to '/Users/Reg/Documents/ClamXav Qurarantine Files/35

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Julie Bedford 
Stephen,
Just jumping in here.  I have the latest Virus Barrier which has so far caused 
me a pain and now I am unable to open Safari at all.
I am not sure if I uninstall Virus Barrier it will make any difference.  I 
would personally not recommend this program. I am on OS 10.7.5

Jewels
On 25/02/2014, at 9:54 PM, Stephen Chape wrote:

> Flaming amazing isn’t it.
> You pay for the reputed good quality product.
> Then find that the free one does more (or so it seems).
> Do you have the latest version of Virus Barrier Severin ?
> 
> On 25 Feb 2014, at 2:21 pm, Severin Crisp  wrote:
> 
>> Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
>> which is protected by Intego Virus Barrier etc.  Lo and behold, a list of 
>> about 15 nasties came up, all Windows like and all related to unopened 
>> attachments on filed emails.   
>> Thanks Reg, a bit of housekeeping called for!
>> Severin Crisp
>> On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:
>> 
>>> Hi all
>>> 
>>> I've renamed this email to reflect its discussion contents.
>>> 
>>> After a considerable length of time (especially as the MBP went to sleep 
>>> overnight and interrupted the scan, this is what my clamXav found today: 
>>> three files quarantined.
>>> 
>>> One is a .dmg from my Downloads folder. Don't know what it was for but 
>>> ClamXav identified it as Osx.Trojan.Genieo
>>> The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
>>> Library/App Support/Wine/ folder which does "heaven-knows-what".
>>> The third was in my Mail inbox. an .emlx file, identified as 
>>> Heuristics.Phishing.Email.SpoofedDomain
>>> 
>>> The log suggests the last time I scanned was Jan 8th 2014, where I recall a 
>>> similar number were found, including .exe files from my TomTom Home folder, 
>>> presumably downloaded when I last updated my TomTom gps.
>>> 
>>> What does this all suggest? I'm not sure really. 
>>> 
>>> The .dmg trojan is a little worrying. You can read about it here 
>>> http://www.protectmac.com/support/malware.html (my Google search) and 
>>> clicking on the Osx.Trojan.Genieo link. Quote in part:
>>> "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player update. 
>>> The software uses the (legitimate) Genieo* engine to customise the user's 
>>> web browser to display adware, redirect Internet searches that the user has 
>>> made via Google and Yahoo and gather and report analytical information 
>>> about the user's computer and Internet usage. While browsing the Internet 
>>> users will see a Flash Player alert on websites containing the threat, the 
>>> alerts are triggered by JavaScript within the web page."
>>> 
>>> The Trojan.6968321 is .exe so cannot affect OS X but I can't find out much 
>>> more about it, searching the web.
>>> 
>>> The Mail  Heuristics.Phishing.Email.SpoofedDomain 
>>> https://discussions.apple.com/thread/3916707 generates interesting 
>>> discussion here https://discussions.apple.com/thread/3916707, with a 
>>> caution of the risk of clamXav shifting things out of Mail folders, however 
>>> as this is a message, I see no problem deleting it.
>>> 
>>> Here are the details of the scan, for your interest.
>>> 
>>> Regards, Reg
>>> 
>>> --- SCAN SUMMARY ---
>>> Known viruses: 3131695
>>> Engine version: 0.97.5
>>> Scanned directories: 150953
>>> Scanned files: 523033
>>> Infected files: 3
>>> Total errors: 109
>>> Data scanned: 246386.79 MB
>>> Data read: 379118.09 MB (ratio 0.65:1)
>>> Time: 44540.014 sec (742 m 20 s)
>>> 
>>> One or more infected files were found and were moved into your quarantine 
>>> folder.
>>> 
>>> FilenameInfection Name  Status
>>> igPT0upO.dmg.part   Osx.Trojan.Genieo   Quarantined
>>> reader_sl.exe   Win.Trojan.6968321  Quarantined
>>> 35571.emlx  Heuristics.Phishing.Email.SpoofedDomain  Quarantined
>>> 
>>> /Users/Reg/Downloads/igPT0upO.dmg.part: moved to 
>>> '/Users/Reg/Documents/ClamXav Qurarantine Files/igPT0upO.dmg.part'
>>> 
>>> /Users/Reg/Library/Application 
>>> Support/Wine/prefixes/QuestAtlantis/drive_c/Program Files/Adobe/Reader 
>>> 9.0/Reader/reader_sl.exe: moved to '/Users/Reg/Documents/ClamXav 
>>> Qurarantine Files/reader_sl.exe'
>>> 
>>> /Users/Reg/Library/Mail/V2/pop-rwhit...@internode.on.net@mail.internode.on.net/INBOX.mbox/5C79EA5D-E978-473A-A3EE-FEE97ACB8CD2/Data/5/3/Messages/35571.emlx:
>>>  moved to '/Users/Reg/Documents/ClamXav Qurarantine Files/35571.emlx'
>>> On 24 Feb 2014, at 7:52 pm, Reg Whitely  wrote:
>>> 
 Hi all
 
 I cannot comment on Virus Barrier but have used ClamXav for many years 
 http://www.clamxav.com/ as good quality free virus protection, and I think 
 it is great. Indeed I wold recommend it.
 
 It's not set on my MacBook Pro to automatically check and scan for viruses 
 etc but when I release it to do its thing it does it well, as far as I'm 
 concerned. Generally it will locate random .exe files that have been 
 downloaded fro

Re: ClamXav: was Re: Little snitch

2014-02-25 Thread Stephen Chape 
Flaming amazing isn’t it.
You pay for the reputed good quality product.
Then find that the free one does more (or so it seems).
Do you have the latest version of Virus Barrier Severin ?

On 25 Feb 2014, at 2:21 pm, Severin Crisp  wrote:

> Following Reg’s comments I downloaded ClamXav and checked my hard drive, 
> which is protected by Intego Virus Barrier etc.  Lo and behold, a list of 
> about 15 nasties came up, all Windows like and all related to unopened 
> attachments on filed emails.   
> Thanks Reg, a bit of housekeeping called for!
> Severin Crisp
> On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:
> 
>> Hi all
>> 
>> I've renamed this email to reflect its discussion contents.
>> 
>> After a considerable length of time (especially as the MBP went to sleep 
>> overnight and interrupted the scan, this is what my clamXav found today: 
>> three files quarantined.
>> 
>> One is a .dmg from my Downloads folder. Don't know what it was for but 
>> ClamXav identified it as Osx.Trojan.Genieo
>> The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
>> Library/App Support/Wine/ folder which does "heaven-knows-what".
>> The third was in my Mail inbox. an .emlx file, identified as 
>> Heuristics.Phishing.Email.SpoofedDomain
>> 
>> The log suggests the last time I scanned was Jan 8th 2014, where I recall a 
>> similar number were found, including .exe files from my TomTom Home folder, 
>> presumably downloaded when I last updated my TomTom gps.
>> 
>> What does this all suggest? I'm not sure really. 
>> 
>> The .dmg trojan is a little worrying. You can read about it here 
>> http://www.protectmac.com/support/malware.html (my Google search) and 
>> clicking on the Osx.Trojan.Genieo link. Quote in part:
>> "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player update. 
>> The software uses the (legitimate) Genieo* engine to customise the user's 
>> web browser to display adware, redirect Internet searches that the user has 
>> made via Google and Yahoo and gather and report analytical information about 
>> the user's computer and Internet usage. While browsing the Internet users 
>> will see a Flash Player alert on websites containing the threat, the alerts 
>> are triggered by JavaScript within the web page."
>> 
>> The Trojan.6968321 is .exe so cannot affect OS X but I can't find out much 
>> more about it, searching the web.
>> 
>> The Mail  Heuristics.Phishing.Email.SpoofedDomain 
>> https://discussions.apple.com/thread/3916707 generates interesting 
>> discussion here https://discussions.apple.com/thread/3916707, with a caution 
>> of the risk of clamXav shifting things out of Mail folders, however as this 
>> is a message, I see no problem deleting it.
>> 
>> Here are the details of the scan, for your interest.
>> 
>> Regards, Reg
>> 
>> --- SCAN SUMMARY ---
>> Known viruses: 3131695
>> Engine version: 0.97.5
>> Scanned directories: 150953
>> Scanned files: 523033
>> Infected files: 3
>> Total errors: 109
>> Data scanned: 246386.79 MB
>> Data read: 379118.09 MB (ratio 0.65:1)
>> Time: 44540.014 sec (742 m 20 s)
>> 
>> One or more infected files were found and were moved into your quarantine 
>> folder.
>> 
>> Filename Infection Name  Status
>> igPT0upO.dmg.partOsx.Trojan.Genieo   Quarantined
>> reader_sl.exeWin.Trojan.6968321  Quarantined
>> 35571.emlx   Heuristics.Phishing.Email.SpoofedDomain  Quarantined
>> 
>> /Users/Reg/Downloads/igPT0upO.dmg.part: moved to 
>> '/Users/Reg/Documents/ClamXav Qurarantine Files/igPT0upO.dmg.part'
>> 
>> /Users/Reg/Library/Application 
>> Support/Wine/prefixes/QuestAtlantis/drive_c/Program Files/Adobe/Reader 
>> 9.0/Reader/reader_sl.exe: moved to '/Users/Reg/Documents/ClamXav Qurarantine 
>> Files/reader_sl.exe'
>> 
>> /Users/Reg/Library/Mail/V2/pop-rwhit...@internode.on.net@mail.internode.on.net/INBOX.mbox/5C79EA5D-E978-473A-A3EE-FEE97ACB8CD2/Data/5/3/Messages/35571.emlx:
>>  moved to '/Users/Reg/Documents/ClamXav Qurarantine Files/35571.emlx'
>> On 24 Feb 2014, at 7:52 pm, Reg Whitely  wrote:
>> 
>>> Hi all
>>> 
>>> I cannot comment on Virus Barrier but have used ClamXav for many years 
>>> http://www.clamxav.com/ as good quality free virus protection, and I think 
>>> it is great. Indeed I wold recommend it.
>>> 
>>> It's not set on my MacBook Pro to automatically check and scan for viruses 
>>> etc but when I release it to do its thing it does it well, as far as I'm 
>>> concerned. Generally it will locate random .exe files that have been 
>>> downloaded from such trustworthy folk as TomTom (my sat nav crew) but 
>>> sometimes it finds other things. I'll let it loose tonight and tell you 
>>> what it finds; maybe interesting after our recent trip to Hong Kong and 
>>> China.
>>> 
>>> Regards, Reg
>>> 
>>> On 24 Feb 2014, at 4:53 pm, Ronda Brown  wrote:
>> 
>> Reg Whitely
>> 
>> Home: 08 9921 7272
>> Mob: 04 8899 7313
>> Email: rwhit...@internode.on.net
>> 
>> -- The WA Macintosh User Group M

Re: ClamXav: was Re: Little snitch

2014-02-24 Thread Severin Crisp 
Following Reg’s comments I downloaded ClamXav and checked my hard drive, which 
is protected by Intego Virus Barrier etc.  Lo and behold, a list of about 15 
nasties came up, all Windows like and all related to unopened attachments on 
filed emails.   
Thanks Reg, a bit of housekeeping called for!
Severin Crisp
On 25 Feb 2014, at 9:22 am, Reg Whitely  wrote:

> Hi all
> 
> I've renamed this email to reflect its discussion contents.
> 
> After a considerable length of time (especially as the MBP went to sleep 
> overnight and interrupted the scan, this is what my clamXav found today: 
> three files quarantined.
> 
> One is a .dmg from my Downloads folder. Don't know what it was for but 
> ClamXav identified it as Osx.Trojan.Genieo
> The second is a Windows-type .exe file (Win.Trojan.6968321) from my 
> Library/App Support/Wine/ folder which does "heaven-knows-what".
> The third was in my Mail inbox. an .emlx file, identified as 
> Heuristics.Phishing.Email.SpoofedDomain
> 
> The log suggests the last time I scanned was Jan 8th 2014, where I recall a 
> similar number were found, including .exe files from my TomTom Home folder, 
> presumably downloaded when I last updated my TomTom gps.
> 
> What does this all suggest? I'm not sure really. 
> 
> The .dmg trojan is a little worrying. You can read about it here 
> http://www.protectmac.com/support/malware.html (my Google search) and 
> clicking on the Osx.Trojan.Genieo link. Quote in part:
> "OSX.Genieo is an Adware Trojan that pretends to be a Flash Player update. 
> The software uses the (legitimate) Genieo* engine to customise the user's web 
> browser to display adware, redirect Internet searches that the user has made 
> via Google and Yahoo and gather and report analytical information about the 
> user's computer and Internet usage. While browsing the Internet users will 
> see a Flash Player alert on websites containing the threat, the alerts are 
> triggered by JavaScript within the web page."
> 
> The Trojan.6968321 is .exe so cannot affect OS X but I can't find out much 
> more about it, searching the web.
> 
> The Mail  Heuristics.Phishing.Email.SpoofedDomain 
> https://discussions.apple.com/thread/3916707 generates interesting discussion 
> here https://discussions.apple.com/thread/3916707, with a caution of the risk 
> of clamXav shifting things out of Mail folders, however as this is a message, 
> I see no problem deleting it.
> 
> Here are the details of the scan, for your interest.
> 
> Regards, Reg
> 
> --- SCAN SUMMARY ---
> Known viruses: 3131695
> Engine version: 0.97.5
> Scanned directories: 150953
> Scanned files: 523033
> Infected files: 3
> Total errors: 109
> Data scanned: 246386.79 MB
> Data read: 379118.09 MB (ratio 0.65:1)
> Time: 44540.014 sec (742 m 20 s)
> 
> One or more infected files were found and were moved into your quarantine 
> folder.
> 
> Filename  Infection Name  Status
> igPT0upO.dmg.part Osx.Trojan.Genieo   Quarantined
> reader_sl.exe Win.Trojan.6968321  Quarantined
> 35571.emlxHeuristics.Phishing.Email.SpoofedDomain  Quarantined
> 
> /Users/Reg/Downloads/igPT0upO.dmg.part: moved to 
> '/Users/Reg/Documents/ClamXav Qurarantine Files/igPT0upO.dmg.part'
> 
> /Users/Reg/Library/Application 
> Support/Wine/prefixes/QuestAtlantis/drive_c/Program Files/Adobe/Reader 
> 9.0/Reader/reader_sl.exe: moved to '/Users/Reg/Documents/ClamXav Qurarantine 
> Files/reader_sl.exe'
> 
> /Users/Reg/Library/Mail/V2/pop-rwhit...@internode.on.net@mail.internode.on.net/INBOX.mbox/5C79EA5D-E978-473A-A3EE-FEE97ACB8CD2/Data/5/3/Messages/35571.emlx:
>  moved to '/Users/Reg/Documents/ClamXav Qurarantine Files/35571.emlx'
> On 24 Feb 2014, at 7:52 pm, Reg Whitely  wrote:
> 
>> Hi all
>> 
>> I cannot comment on Virus Barrier but have used ClamXav for many years 
>> http://www.clamxav.com/ as good quality free virus protection, and I think 
>> it is great. Indeed I wold recommend it.
>> 
>> It's not set on my MacBook Pro to automatically check and scan for viruses 
>> etc but when I release it to do its thing it does it well, as far as I'm 
>> concerned. Generally it will locate random .exe files that have been 
>> downloaded from such trustworthy folk as TomTom (my sat nav crew) but 
>> sometimes it finds other things. I'll let it loose tonight and tell you what 
>> it finds; maybe interesting after our recent trip to Hong Kong and China.
>> 
>> Regards, Reg
>> 
>> On 24 Feb 2014, at 4:53 pm, Ronda Brown  wrote:
> 
> Reg Whitely
> 
> Home: 08 9921 7272
> Mob: 04 8899 7313
> Email: rwhit...@internode.on.net
> 
> -- The WA Macintosh User Group Mailing List --
> Archives - 
> Guidelines - 
> Settings & Unsubscribe - 
> 



 Assoc Prof R Severin Crisp, FAIP, FIP, CPhys
15 Thomas St,