Frequently Asked Questions

1. What is the difference between malware, viruses, and trojans?

A virus is a self-replicating, self-propagating, malicious piece of software designed to destroy files and folders on a computer system. A trojan is a piece of software which pretends to be legitimate and useful but does in fact install other software (unbeknownst to you) which opens up a "back door" to your computer. This back door allows a hacker to have access to your files and theoretically your entire computer system. A computer infected by a trojan typically becomes part of a botnet. Malware is just a generic term to cover both types of threat.

2. What is phishing?

Phishing is the term given primarily to email which is designed to fool you into believing it's legitimate so that you will follow links to their websites and enter private information. The websites are typically made to look like those of banks and prompt you to provide personal information such as usernames, passwords, credit card numbers etc. Legitimate emails from a bank or financial institution will almost never ask you to click links to their website; they will usually use words like "go to our website and log in". They can be very convincing at times, especially if you actually do have an account with the company being spoofed. Don't be fooled. If in doubt, call them using a phone number you already hold on file and know is correct.

3. What is the best way to update ClamXav when a new version is available?

The best way is simply to launch ClamXav, go to the ClamXav menu and select "Check for ClamXav updates...". That's it. Everything else is taken care of automatically.

4. What if that doesn't work?

Download the new version from the Downloads page. Then, if you use ClamXav Sentry, you must quit it before attempting to replace the ClamXav app. Do this by going to the Sentry menu in your menu bar () and selecting "Quit". If you don't quit it, the update process will fail and you may or may not get an unhelpful error message.

5. The scan summary at the end of each scan tells me there are "Known viruses: 857101". Are these viruses on my machine and how do I dispose of them?

No, these are not infected files on your computer. That number only tells you how many infections the underlying ClamAV scanning engine knows to look for.

6. I've seen this in the update log. What does it mean and should I worry about it?

WARNING: Your ClamAV installation is OUTDATED - please update immediately!
WARNING: Current functionality level = xxx, required = yyy

This happens when the folks who develop the ClamAV scanning engine release a more up-to-date version. If you start seeing this, it's a safe bet that there'll be a new version of ClamXav on its way soon. I suggest you use the built-in update check feature of ClamXav to keep on top of new versions of both ClamXav and the scanning engine backend.

7. How can I scan my entire hard drive?

Scanning your entire hard drive is not advised as there are some situations which can cause ClamXav to enter a never-ending loop. This happens usually when a symlink (a.k.a "alias" in Mac speak) inside the hard drive actually points back to the hard drive itself or somewhere higher up in the folder structure. When ClamXav hits the symlink during its scan, it dutifully follows it...right back until it comes across the symlink again....which it follows until.... I presume you're seeing a pattern here! We have a never-ending loop.

8. But I want to! So, how should I scan my entire hard drive?

If you attempt to start a scan with nothing highlighted in the source list, you will be presented with an open-file dialog box, prompting you to choose what to scan. In this window, open your hard drive but don't click "OK" yet. What you have to do is hold down the Command (⌘) key and then select everything you see in there. Then click "OK" and continue as normal.

9. Will ClamXav cause conflicts with other antivirus scanners?

No conflicts have as yet been reported, however, having two different scanners checking the same files/folders is a recipe for disaster if one or other of them is set to move infected files into quarantine. If neither is set to move files about, then I don't see there being a problem. That said, I do not possess a copy of any virus checker other than ClamXav so I can't really comment on this from experience. If you're worried about it, you should ask in the forums to see if anyone else has succeeded in running more than one scanner at once.

10. Should I get rid of my other virus scanner and just use ClamXav from now on?

Have you paid good money for it? If so, and you have no pressing reason to dump your other scanner, then I would honestly have to say "no". You've paid, so you may as well get your money's worth from it! I can not offer anywhere near the same level of user support as the bigger companies. In fact, this is one of the primary reasons why I'm not charging for ClamXav.

11. Are there any known conflicts with ClamXav or ClamXav Sentry?

ClamXav Sentry will not work if you have Unsanity's WindowShadeX installed. You will need to add ClamXav Sentry to the list of excluded applications in the Application Enhancer's excluded apps list.

12. Can Mac viruses which pre-date OS X infect Mac OS X in any way?

Not directly, no. Mac OS X is unlike any Mac operating system which went before it, and as such, all programs (and that includes viruses) need to be rewritten to a certain extent before they will function. As yet, this hasn't happened for any old world Mac viruses. On the other hand, if you are using OS X 10.4 and run OS 9 software inside the classic environment, then you do need to consider older viruses as they can still infect OS 9 applications/documents.

13. Must I use your bundled version of the ClamAV engine?

No, absolutely not. ClamXav should work with any recent version of ClamAV - it works with distributions from Fink and Darwinports and of course, the official source from clamav.net.

14. I think this file is malicious but ClamAV didn't find any malware. How can I be sure?

Please submit the file to VirusTotal where the file will be scanned against 30+ AV scanners.

15. Where can I submit files which are definitely malware but are undetected by ClamXav?

If you think a file should be detected but isn't, you should send it directly to ClamAV database maintainers using this form. You can also upload the file to VirusTotal and the ClamAV maintainers should receive the sample as well as the other AV vendors listed.

16. When ClamXav Sentry is watching a folder, it doesn't scan changes to the contents of folders therein a.k.a nested folders or recursively. Why?

In ClamXav's preferences, switch to the Sentry panel and make sure there is a tick in the checkbox for "Subfolders".

17. The file downloaded from here is corrupt or invalid and will not mount. What do I do?

For whatever reason, your computer has failed to download the entire file. Try it again from the downloads page using either the main link again or try one of the mirrors. For good measure, you may also want to try using a different browser.

18. ClamXav has identified a virus in my Word documents. What can I do about it?

One way to remove the infection is to delete the infected file but this may be unacceptable and may in fact not solve the problem.
What you want to do is quit ALL office programs (Word, Excel, PowerPoint, Entourage etc) and delete Word's "Normal" file which you'll find inside your Home Folder/Documents/Microsoft User Data/Normal. Empty the trash. Open Word and go to the Word menu -> Preferences -> Security and put a tick in the box under "Macro Security". Open each of your Word/infected documents and click Disable Macros when the warning comes up. Then copy and paste the contents into a new document and delete the original.

19. Whilst browsing the web, ClamXav Sentry alerted me to a virus in my browser's cache. Why?

You've probably set ClamXav Sentry to watch your browser's cache and it must have found a scam site there. This means you may have visited a scam/phishing website recently! These sites usually look exactly like banks or PayPal, but end up stealing your personal information. If you get this warning, make absolutely sure the website address is the one you expect eg. if you're wanting PayPal but the address bar says paypall.com (with two Ls or something equally subtle), close the window asap. If you've already given your name/password then I suggest you change it immediately. Please note: ClamXav is not designed to watch which websites you connect to; the absence of a warning does not necessarily indicate a safe website.

20. Sentry will not launch at startup/login. Why?

Quit ClamXav. Go to System Preferences -> Accounts -> Login Items and remove ClamXav Sentry from the list. Go back into ClamXav's preferences and set the "Launch at Login" preference again.

21. I have scanned my Mac and it found 1743 errors. What are these errors and how can I fix them?

These "errors" are not actually errors but are usually files you don't have read access to. They may belong to another user or to the System. Either way they probably aren't anything to be concerned about.

22. ClamXav has identified a virus in my email. How can I find and remove it?

Please see this thread on the support forums.

23. How do I uninstall ClamXav completely?

First thing to do is quit ClamXav Sentry (if you use it) and make sure it's not set to launch at log in. You will then need to find the ClamXav disk image which you downloaded when you installed ClamXav (or download the current one again) as you will find an uninstaller application on that disk.

The uninstaller will remove the engine and any schedules you've got set up. All that's left is to drag ClamXav.app to the trash.