[vsurfer]

Anyone any idea why this virus made its way to this location on my other machine

/private/var/vm/swapfile3

The virus appeared to be a visual basic script

VBS/Loveletter.h@MM.

[Detrius]

If it was an e-mail that had been received, it's entirely possible that it would have been swapped to disk at some point.

[vsurfer]

Originally posted by Detrius:
If it was an e-mail that had been received, it's entirely possible that it would have been swapped to disk at some point.

Thanks. Wasn't sure what the purpose of that location was.

[Angus_D]

Dear god, what Virus scanner are you using that scans the swapfiles?

[__^^__]

Is this even a valid Mac Virus?

[[APi]TheMan]

Originally posted by __^^__:
Is this even a valid Mac Virus?

"VBS/Loveletter.h@MM" is a Visual Basic Script for the Windows platform. The "Loveletter" virus was big in 2000. A simple google search will tell you all about it, as will this article: http://www.newsflash.org/2000/05/hl/hl012106.htm

Nope, not a Macintosh virus. Most Macintosh anti-virus applications will identify PC viruses. As a matter of fact, I think the latest Norton uses the same virus definitions as their PC client.

[Rainy Day]

Originally posted by [APi]TheMan:
Most Macintosh anti-virus applications will identify PC viruses. As a matter of fact, I think the latest Norton uses the same virus definitions as their PC client.

Yes, well if it weren't for PC viruses, what would they have to scan for?

[[APi]TheMan]

Originally posted by Rainy Day:
Yes, well if it weren't for PC viruses, what would they have to scan for?

Word Macros viruses? Mac OS 9 viruses? Haha, but yeah, you're pretty much right.

[Geobunny]

Originally posted by Angus_D:
Dear god, what Virus scanner are you using that scans the swapfiles?

Surely the very existence of this thread demonstrates why it's not as unnecessary as you may think.

[SSharon]

Just to state the obvious the reason apps search for PC viruses is so we can remove them before passing them along through e-mail or whatever. That being said I don't use a virus protection app because I think PC users should know how to delete their own viruses without my helping them.

[[APi]TheMan]

Originally posted by SSharon:
Just to state the obvious the reason apps search for PC viruses is so we can remove them before passing them along through e-mail or whatever. That being said I don't use a virus protection app because I think PC users should know how to delete their own viruses without my helping them.

One reason for Macintosh anti-virus software is so when there finally is a Mac OS X virus, we're not part of the epidemic.

[PBG4 User]

Originally posted by [APi]TheMan:
One reason for Macintosh anti-virus software is so when there finally is a Mac OS X virus, we're not part of the epidemic.

Well, there will be a period of time between release, infection, detection & cure. Anti-virus programs can't stop viruses they don't know about (the biggest weakness in anti-virus programs IMHO).

[[APi]TheMan]

Originally posted by PBG4 User:
Well, there will be a period of time between release, infection, detection & cure. Anti-virus programs can't stop viruses they don't know about (the biggest weakness in anti-virus programs IMHO).

I manage about 300 Macintoshes for faculty, staff, and students at my University, and there's also a period of time between virus release and time I can go out into the field to update all my clients. It's a nice feeling to know that I don't have a bunch of sitting ducks out there.

[Geobunny]

Originally posted by [APi]TheMan:
I manage about 300 Macintoshes for faculty, staff, and students at my University, and there's also a period of time between virus release and time I can go out into the field to update all my clients. It's a nice feeling to know that I don't have a bunch of sitting ducks out there.

In that case, clamXav (or at the very least ClamAV [ http://www.clamav.net ] ) is your friend. The virus definitions are updated almost daily. Set a cron task to schedule downloading new definitions, scan your clients, and then email the output to yourself. Use email filters to get rid of all the messages containing "Viruses found: 0" then all you need to do is make a trip to the infected machines and deal with them.

[[APi]TheMan]

Originally posted by Geobunny:
In that case, clamXav (or at the very least ClamAV [ http://www.clamav.net ] ) is your friend. The virus definitions are updated almost daily. Set a cron task to schedule downloading new definitions, scan your clients, and then email the output to yourself. Use email filters to get rid of all the messages containing "Viruses found: 0" then all you need to do is make a trip to the infected machines and deal with them.

Yeah, ClamAV's sweet, I have used it for my personal machine, but I don't know how management would react if I proposed an open-source, community-supported solution for something as serious as security (and security is such a big thing these days). See, I've tested ClamAV in the past, but on Macintoshes there's really nothing to check against. I guess I could go an infect all my Macintosh users on campus with the EICAR test virus, but that's not very practical. How quickly would the community be to react if a Mac OS X virus were to start propagating?

By the way, we currently use Virex and it's a piece of junk as far as I'm concerned. I guess management is comforted by the fact that it's backed by a large corporation. I think it sucks.

[Geobunny]

Originally posted by [APi]TheMan:
Yeah, ClamAV's sweet, I have used it for my personal machine, but I don't know how management would react if I proposed an open-source, community-supported solution for something as serious as security

There's only one way to find out!

Originally posted by [APi]TheMan:
See, I've tested ClamAV in the past, but on Macintoshes there's really nothing to check against. I guess I could go an infect all my Macintosh users on campus with the EICAR test virus, but that's not very practical. How quickly would the community be to react if a Mac OS X virus were to start propagating?

I think that would depend almost entirely on how widely and quickly the virus propagates. If a lot of people get it, there's a good chance that someone could extract the virus signature quite quickly which would mean an update to the definitions database on that same day. If you get hold of an infected file, it's actually fairly easy to get the virus signature. I was assured a while ago that it wouldn't make any difference if the virus were for the Mac or not, as long as ClamAV could detect it, the signature would be added to the standard definitions database.

[[APi]TheMan]

Originally posted by Geobunny:
There's only one way to find out!

Yeah, this conversation has piqued my interest. I've gone and installed ClamAV. The Mac OS X documentation included with the distribution is fantastic, by the way. I'll start playing with scripting some cron stuff up. Thanks for the tip.

[Rainy Day]

Originally posted by [APi]TheMan:
I don't know how management would react if I proposed an open-source, community-supported solution for something as serious as security (and security is such a big thing these days).

Ironic, isn't it, that the most secure OS on the planet, OpenBSD, is open-source, community-supported, while the least secure OS on the planet is a commerical OS used by 90-something percent of PC users.

I think your management must have a few screws loose if they think commerical -> quality.

See, I've tested ClamAV in the past, but on Macintoshes there's really nothing to check against.

And this is a problem?

How quickly would the community be to react if a Mac OS X virus were to start propagating?

Might be very fast indeed. Some open-source projects are very good in this regard, some are not. Same can be said about commercial products too though, eh?

I guess management is comforted by the fact that it's backed by a large corporation.

Yeah well Windoze is backed by one of the largest corporations on the planet. Nothing to comfort anyone there!

[Rainy Day]

Originally posted by SSharon:
Just to state the obvious the reason apps search for PC viruses is so we can remove them before passing them along through e-mail or whatever. That being said I don't use a virus protection app because I think PC users should know how to delete their own viruses without my helping them.

I don't see why i should waste any CPU cycles to help out folks who choose to use Windoze. It's a performance tax i'm not willing to pay on their behalf. They made their bed; they can sleep in it. I'm not about to fluff their pillows!

[[APi]TheMan]

Originally posted by Rainy Day:
Ironic, isn't it, that the most secure OS on the planet, OpenBSD, is open-source, community-supported, while the least secure OS on the planet is a commerical OS used by 90-something percent of PC users.

I guess my point was that there is nothing holding the community responsible for producing virus updates, whereas with <insert big name anti-virus company>, it's their job. I guess that doesn't mean that they are any more (or less) competent, or that there will be faster response times to virus threats, but some assurance does come with having a responsible party.

Having said that, I generally prefer community to corporation, and I've always liked ClamAV. I'll be playing with some possible configuration options in the next few weeks.