-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Cross-post to alt.computer.workshop and alt.computer.workshop dropped]
On Saturday, 06 January 2024 19:58 -0000,
in article <
kvtpni...@mid.individual.net>,
David, your paranoid delusions appear based, at least in this thread,
on Kaspersky's promotional material.
To answer your ever so unimportant question, I have never personally
thought any of my Macs had a virus. Why should I?
I am not personally impressed by any AV product, although I recommend
them for Windows users.
While I do not run the ClamXAV GUI, I have the open source CLI engine,
which it is built upon, clamav, installed on my computers and have for
many years. Neither is malicious in any respect.
Here, the only malice appears to be your spreading your libelous,
irrational misinformation about ClamXAV, but you already know this.
I've used and abandoned several AV products, usually due to their
being expensive resource hogs of dubious benefit.
All AV products require malware fingerprint and software updating.
These are fetched from the vendor. This includes clamav (and
ClamXAV.) There was a time software updates required purchased floppy
disks, but these days are past. Updates are provided over the
Internet. If you don't want your software connecting to the net,
perhaps you shouldn't install it.
Personally, I prefer the clamav CLI software package, as it gives the
user complete control over what the pieces are and are not doing.
I'm using the Home Brew package manager:
\ $ brew info clamav
\ ==> clamav: stable 1.2.1 (bottled), HEAD
\ Anti-virus software
\
https://www.clamav.net/
\ /opt/homebrew/Cellar/clamav/1.2.1 (180 files, 26.9MB) *
\ Poured from bottle using the
formulae.brew.sh API on 2023-10-29 at 02:16:19
\ From:
https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/c/clamav.rb
\ License: GPL-2.0-or-later
\ ==> Dependencies
\ Build: cmake ✔, pkg-config ✔, rust ✔
\ Required: json-c ✔, openssl@3 ✔, pcre2 ✔, yara ✔
\ ==> Options
\ --HEAD
\ Install HEAD version
\ ==> Caveats
\ To finish installation & run clamav you will need to edit
\ the example conf files at /opt/homebrew/etc/clamav/
\
\ To start clamav now and restart at startup:
\ sudo brew services start clamav
\ Or, if you don't want/need a background service you can just run:
\ /opt/homebrew/opt/clamav/sbin/clamd --foreground
\ ==> Analytics
\ install: 816 (30 days), 3,872 (90 days), 12,992 (365 days)
\ install-on-request: 810 (30 days), 3,859 (90 days), 12,952 (365 days)
\ build-error: 0 (30 days)
As I have yet to run into anything more dangerous than one item of adware,
I am not compelled to run any of the background processes, although
definitions and hashes are updated on a cron job, every couple of hours.
Now, you may ask yourself, "Why should this person be given any more
credence, than my own over-inflated self-value?"
Well, unlike you, I am an experienced network abuse investigator, which
includes stumbling upon all sorts of nastiness, including loads of
malware. These I regularly download to my Apple Macs, for closer
examination and reporting. When completed, files are deleted ($ rm).
Typically, I'll check the file information ($ file [target]), sha256
hash ($ openssl sha256 [target]) and manually run a scan ($ clamscan
[target]).
<aside>
clamav misses classes of file, which other vendors do not, including
.zip files and some Microsoft Office file types.
</aside>
Although I myself do not deconstruct such malware, I do pass samples
on to these who do. While my numbers have been running a little low,
over the past year or so, submitting a dozen or so samples daily, has
been common place, at times. My personal favo(u)rites are those, not
previously been seen by sites like Virus Total, where observations are
shared among upwards of sixty AV vendors.
(
https://www.virustotal.com/)
Searching VirusTotal for matches of the sha256 hash often precludes
the necessity of even uploading the sample file. I save uploads for
samples which have not already been seen and reported.
While what I see largely targets Windows boxes, I do rarely encounter
malware targeting Linux, as well. To date and out of thousands of
samples, I have yet to download anything which can run on a Mac.
Rather than depending blindly upon one or more software packages, to allay
my unease, I tend to look for better wetware solutions. To date, this has
served me well.
Before you click, think.
- --
David Ritz <
dr...@mindspring.com>
Never underestimate the gullibility of the average user.
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCZZnRhwAKCRBSvCmZGhLe
688vAJsFK0rk/xzuPAc+vQQPWMLwujBIyACg67vbrp8g95uOl1bHPaU1G6jXLCw=
=xk/4
-----END PGP SIGNATURE-----