Everything Macintosh

Identify and Delete Viruses with ClamXav

While it’s true that Macs have been free of viruses, worms, trojans, and spyware, there is no guarantee that won’t change in the future.

We’ve seen a few Macs infected by phishing scripts. Phishing scripts run in the background, without your knowledge, sending out thousands of legitimate-looking email message that appear to come from banks, auction sites like eBay, payment processing companies like PayPal, social web sites, or IT or email administrators. Your address book provides the “mailing list” to the phishing script.

The goal of a phishing message is identify theft. The messages tries to fool the recipient into entering personal information like bank account numbers, credit card numbers, pin numbers, names, dates, and social security numbers at a fake website whose look and feel are almost identical to the legitimate one.

We haven’t seen a phishing script that does any damage to a Mac or its files, but an infected Mac may be noticeably slower than normal because it’s splitting its attention between the work that you’re doing and sending out the phishing messages.

Antivirus software will identify and delete phishing scripts. Our favorite is ClamXav, a free virus scanner for Mac OS X. It uses the very popular ClamAV open source antivirus engine as a back end and has the ability to detect both Windows and Mac threats.

Here are instructions for downloading, installing, and running ClamXav.

Download ClamXav

Download ClamXav at http://www.clamxav.com/download.php.

Install and Set Up ClamXav

When the download is done, the following window should appear on your screen.

Drag the ClamXav icon from the window to the Applications folder on your hard disk. Then double-click the ClamXav icon in the Applications folder.

The first time you run ClamXav, an alert box tells you that you must first install the Clam Anti-Virus scanning engine. Click the Install button.

The Installer will launch, and you’ll see the following window. Click the Continue button.

Next is the “license” window. Click the Continue button.

Next is another window asking you to specifically agree to the license. Click the Agree button.

Next is a window for choosing the standard installation or changing the installation location. Simply click the Install button.

Finally you’ll see the window for entering your user name and password. The user name should already be entered for you…just enter your password and click the OK button.

The installation will take place, after which ClamXav will open and display the following window. You’ll now install the latest virus definitions. Click the Update Now button in the Alert window.

ClamXav downloads the latest virus definitions from the ClamXav web site. When it’s done, the window looks like this:

Finally, click on your startup disk icon on the desktop and drag it into the blue Source List at the left side of the ClamXav window. This adds the startup disk to the selections that can be quickly scanned with ClamXav. Installation and setup is done.

Run a Virus Check

Launch ClamXav (by double-clicking its icon in the Applications folder). The main window appears. Click the Update Definitions button at the top of the window to be sure you have the very latest virus definitions.

To run a scan of your entire hard disk (recommended, especially if you’ve been having peformance issues), click to highlight your startup disk in the blue Source List at the left side of the ClamXav window, then click the Start Scan button.

You can also click on any of the other folders in the source list to run a virus check that’s limited to that folder. You can also drag additional folders or disks into the Source List to check them.

The virus scan will take a while…the bigger the folder or disk being scanned, and the more files within it, the longer it takes.

Any viruses, worms, trojans, and other malware files that are found will be listed in the upper pane of the ClamXav window. To get rid of them, click on one of them to highlight it, then click Select All in the Edit menu…which highlights the entire list. Finally, click the Delete File button at the top of the ClamXav window.