Tuesday, May 26, 2009

Hope For ClamAV For Mac

As you recall from our last episode, ClamAV was essentially worthless for detecting and removing the current 11 malware for Mac OS X. However, hope appeared last week thanks to the persistence of Mark Allan, the developer of the ClamXav GUI application, and myself.

I wrote a series of posts over at the ClamXav Forum last week that revved up some interest in sorting out the problem with ClamAV. I found out that a number of people, including Mark Allan himself, had submitted MOSX malware to the ClamAV project, using the official protocol, and had been entirely ignored. From my experience, there are a number of plain old dickheads over at the ClamAV project who resist any improvement in MOSX support. You have to wonder what goes on in some people's heads.

However, Mark Allan and I chatted about the situation and he was inspired to try once again to contact someone sane over at the ClamAV group. And he SUCCEEDED. I could not be more pleased.

Mark is now working with the ClamAV project to provide them with Mac OS X malware. The resulting malware definitions will then be integrated into ClamAV. If this relationship works out, and Mark is able to continue his freely given dedication to Mac OS X security, we should soon see and continue to see ClamAV as a free useful tool for Mac OS X users.

You can read about and download ClamXav, Mark Allan's free Mac OS X GUI version of ClamAV, HERE. Donations are welcome. You can join in on the ClamXav Forum discussions THERE.


  1. Quote: "From my experience, there are a number of plain old dickheads over at the ClamAV project who resist any improvement in MOSX support..."

    I have to take objection to that. The people on the project are most definitely NOT dickheads, and name-calling probably isn't going to help the cause. Like me, they provide their time and support for free, and if it weren't for them, ClamAV wouldn't even exist. Having seen the quality and sheer volume of user-submitted content being sent in via their virus submission form, I can say with some confidence that they are simply too busy with the amount of Windows malware to spend the time weeding out and dealing with any Mac stuff.

    As you say, I am now going to be taking the samples submitted to them and will be providing signatures purely for the Mac related uploads. It's not that they didn't care in the past, I think I just hadn't found the right person who was high enough up in their organisation to let me get involved.

    As for resisting improvement for OS X support, that's also not really fair. They have a few items in their bug tracker which they're actively working on and which were assigned to particular developers before I started making noises at the right people.

    Something you've got to take into consideration is the fact that ClamAV was designed and built by UNIX people with the "malware market majority" in mind, and that, thankfully, is Windows. It's only very recently that any real Mac malware has appeared on the scene. Up until then, it was mostly proof-of-concept stuff. From the ClamAV team's point of view, it's understandable that our small userbase wasn't a priority. That Mac malware is now gaining a higher profile in the press is likely the reason that it's moving up on their priority list.

    It's great that the ClamAV team are sitting up and taking notice of us now, but to be honest, I definitely preferred the situation about 18 months ago when there was nothing to take notice of!


  2. My first thought: I wish contentiousness had nothing to do with the time and work I donate for my blogs. But we're dealing with humans. Emotion is consistently in the way of progress. I don't have a relational personality. I only want to get my work done, and it upsets me when abusive people choose to get in the way of what I consider to be work I donate for the sake of benefitting others.

    Thank you for your reply Mark. I hope you know I was not representing your views in my posts regarding the ClamAV forum and I am sorry if you associate them with your work. If my comments have affected your work, I apologize.

    I originally wrote an elaborate reply justifying my insults toward the abusive people who confronted me at the ClamAV forum. Instead I only want to say this:

    When someone volunteers to provide their own personal time to an aspect of a project, how does that upset the priorities of the project? Creating a malware definition/signature does not actually take away from the volunteer work of others. You're performing all the work yourself and simply providing the finished code to be packaged with the next definition/signature update. That's a matter of copy and paste. Offering one's help to a worthwhile project does not deserve derision, contention, insult and resistance. But the abuse happened, I'm deliberately pointing it out to hopefully stop it from happening to other people offering their assistance to the project.

    That having now been stated, I look forward to the good people at the project assisting the Mac community. Each moment is change. Expecting each new moment to be progress beyond the past moment is what drives us to improve our lives and those of others.

    Despite the nonsense inherent in many people, I will continue the work I put into the blog to help others, until such time as someone more capable takes over the niche. I hope you will do the same Mark and that the ClamAV project will prosper from a good working relationship with the Mac OS X community.