Second opinion requested! Does anyone else get a warning? (was -

On 11/06/2020 08:57, Apd wrote:
"David_B" wrote:
On 10/06/2020 20:35, Paul wrote:
David_B wrote:
On my old iMac, I downloaded and installed the 'Trial' version of
ClamXav. I then uninstalled it with the official uninstaller. I then
used the AppCleaner software - and it found all manner of 'stuff'
which ClamXav had left still installed.

My concern is that what is 'left behind' MAY be doing malicious things
- with the user of that computer being completely unaware of anything
untoward happening. The product developer refused to discuss this
possibility with me. :-(

It is common industry practice ("code of the hills") to not
discuss the details of AV implementations. You could, for example,
be a Black Hat who is looking for a MacOSX vulnerability idea, and
whatever the developer had jammed into the OS, might be suggestive
of an API a Black Hat could attack.

Ah! Thank you, Paul. :-) That's not something I have ever considered,
nor has anyone else ever mentioned such a thing!

Because I don't think it applies in this situation. The software was
supposed to be uninstalled. The leftovers you had were a marker (so it
would know about a reinstall) and possibly log files and other
ephemeral stuff.

Did you carry out exactly the same procedure?

It would be interesting to review the "marker" and "ephemeral stuff".

Or are you simply guessing?


--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On Thu, 11 Jun 2020 08:55:44 +0100, "Apd" wrote:

"Eric Stevens" wrote:
On Sun, 7 Jun 2020 07:24:32 +0100, David_B wrote:
Please will you type out here the full name of the link being shown By
Kaspersky?

You know as much as I do. As you can see it's truncated.

It was alerting on a script from cdn.siteswithcontent.com. That domain
has apparently been associated with adware. The script is OK so it's a
false positive.

Even so, I don't expect that David either knew or intended that it be
there.
--

Regards,

Eric Stevens

"Anonymous" (one-in-the-eye-for-dustin) wrote:
On 11/06/2020 08:57, Apd wrote:
"David_B" wrote:
On 10/06/2020 20:35, Paul wrote:
It is common industry practice ("code of the hills") to not
discuss the details of AV implementations. You could, for example,
be a Black Hat who is looking for a MacOSX vulnerability idea, and
whatever the developer had jammed into the OS, might be suggestive
of an API a Black Hat could attack.

Ah! Thank you, Paul. :-) That's not something I have ever considered,
nor has anyone else ever mentioned such a thing!

Because I don't think it applies in this situation. The software was
supposed to be uninstalled. The leftovers you had were a marker (so it
would know about a reinstall) and possibly log files and other
ephemeral stuff.

Did you carry out exactly the same procedure?

It would be interesting to review the "marker" and "ephemeral stuff".

Or are you simply guessing?

I'd appreciate you not use socks with me, BD.

Perhaps you'd like to explain why an AV program would leave behind
files to do with it's implementation after an uninstall, by which I
mean those containing the mechanism whereby it detects threats. That
would be part of the program code. Ok, a signature database might be
left behind as it could be a separate install but that's no big deal.

The marker was noted by Snit, I believe. If you make a list of those
files and show me the content I'll endeavour to explain their purpose.

In article , David_B
wrote:

Win10 group removed; Mac stuff doesn't belong there

With the greatest of respect, Mike, it is for ME to choose with which
groups to share. I have, and do use, a Windows 10 computer and am well
aware that there are good and honest folk there who give great advice.

as usual, you chose wrong.

with rare exception, mac stuff does *not* belong in windows groups and
vice versa.

David_B wrote:

I was introduced to AppCleaner by another Usenet poster.

On my old iMac, I downloaded and installed the 'Trial' version of
ClamXav. I then uninstalled it with the official uninstaller. I then
used the AppCleaner software - and it found all manner of 'stuff'
which ClamXav had left still installed.

AppCleaner and other such cleaners are popular because it is very common
for uninstalled programs to leave stuff behind.* AppCleaner and other
such ware need to/ can/ be used for 'thousands' of other mac programs
which leave harmless stuff behind which takes up some hdd space.

Are there OTHER folk who are concerned about 'stuff' being left behind?

no, since unlike you, they are not paranoid lunatics who are obsessed
over one particular piece of software, who also goes well out of his
way to attack it and its author at every turn and malign it on usenet
and web forums.

How would an average user recognise that such 'stuff' is "harmless" as
you claim?

If the Apple computer user does NOT use AV software (as is
recommended by Apple) how on earth would someone know that something
malicious was left lurking on their machine?

common sense, something you lack.

My concern is that what is 'left behind' MAY be doing malicious things
- with the user of that computer being completely unaware of anything
untoward happening. The product developer refused to discuss this
possibility with me. :-(

Others who have investigated your concern have provided reassurances to
you, but you remain an adversary of the clamxav dev all the same.

I'm not an 'adversary' - I seek only the truth.

bull****. you've been told the truth, which you refuse to accept.

as noted above, you go well out of your way to attack only one app
along with attacking its author, who has ceased all communication with
you and may end up suing you for libel. you've also been banned on
numerous web forums, some of them multiple times after returning with a
different username.

that's exactly what an 'adversary' would do.

There are articles which you might benefit from reading about the
psychology of those who harbor grudges as you do and how it fits into a
personality type.

Neither am I harbouring "grudges". I knew EXACTLY what I was doing when
I purchased the product - digging deeper, looking for clues.

bull****. not only do you hold a grudge against clamxav and its author
because they won't play your games, but you also have no idea what to
even look for to find anything unusual.

The dev has no obligation to converse w/ some excessively critical
adversary like you who does not deserve or require 'support' for use of
the software.

You use that "adversary" word again. I paid for the product and was
ENTITLED to the Product Support.

also false. you intentionally circumvented the free trial and then
bragged about it. that's illegal.

you also have a lengthy history of attacking the product and developer,
which voids any support for which you might think you are entitled.

Also, while AppCleaner has fairly good reviews, your paranoid/hinky
streak might have concern over the fact that it is NOT blessed by the
applestore.* There are other such cleaners which ARE authorized by
Apple, and which also have some advantages over appcleaner.

The AppCleaner product was recommended to me by a university graduate
friend with many more years of experience of Apple software than I have.
I had/have no reason to question the validity of his advice.

what a huge pile of bull****. that's not at all what happened.

Which alternative(s) do you suggest I try?

contacting a mental health professional.

other options are far more effective, but of questionable legality.

On 11/06/2020 13:07, Apd wrote:
"Anonymous" (one-in-the-eye-for-dustin) wrote:
On 11/06/2020 08:57, Apd wrote:
"David_B" wrote:
On 10/06/2020 20:35, Paul wrote:
It is common industry practice ("code of the hills") to not
discuss the details of AV implementations. You could, for example,
be a Black Hat who is looking for a MacOSX vulnerability idea, and
whatever the developer had jammed into the OS, might be suggestive
of an API a Black Hat could attack.

Ah! Thank you, Paul. :-) That's not something I have ever considered,
nor has anyone else ever mentioned such a thing!

Because I don't think it applies in this situation. The software was
supposed to be uninstalled. The leftovers you had were a marker (so it
would know about a reinstall) and possibly log files and other
ephemeral stuff.

Did you carry out exactly the same procedure?

It would be interesting to review the "marker" and "ephemeral stuff".

Or are you simply guessing?

I'd appreciate you not use socks with me, BD.

Oops! Sorry about that. :-( I posted from my laptop, which I've been
updating to the most recent version of Windows - 2004.

Perhaps you'd like to explain why an AV program would leave behind
files to do with it's implementation after an uninstall, by which I
mean those containing the mechanism whereby it detects threats. That
would be part of the program code. Ok, a signature database might be
left behind as it could be a separate install but that's no big deal.

I'm not talking about *ANY* AV software - I'm referring to ClamXav.

The marker was noted by Snit, I believe. If you make a list of those
files and show me the content I'll endeavour to explain their purpose.

You have a Mac. Why can't you test for yourself? Then there could be no
doubt of the result. The 'Trial' is free - all it will cost is a little
bit of your time.

You are an experienced Internet user. Please explain why you think the
current opening Website page starts out talking about an old version of
ClamXav http://www.markallan.co.uk/

It changed in August 2018 https://www.clamxav.com/clamxav-3-is-here/

--
David

David_B wrote:

The marker was noted by Snit, I believe. If you make a list of those
files and show me the content I'll endeavour to explain their purpose.

https://cdn.clamxav.com/ClamXAVdownl..._Installer.pkg

You can open the file with 7ZIP on Windows and open some
of the .plist files with Wordpad and see potential Mac paths
where stuff could be stored. It's not really a surprise it
runs a service. The OS is probably a bit picky about "getting
too close". I don't know what it takes to inject a .ko and
maybe that wouldn't have the right semantics anyway.

ClamXAV_3.0.15_8328_Installer.pkg\Payload~\.\Libra ry\LaunchDaemons\
uk.co.canimaansoftware.ClamXAV.Engine.plist

/usr/local/ClamXAV3/sbin/clamd
/Library/Application Support/ClamXAV/Logs/clamd_err.log

But that's hardly a good method.

There are also materials that look similar in function
to registry entries (for recording things like license
information).

Paul

On Thu, 11 Jun 2020 11:23:38 -0400, Paul
wrote:

David_B wrote:

obvious_stalking_and_sliming_snitted

The marker was noted by Snit, I believe. If you make a list of those
files and show me the content I'll endeavour to explain their purpose.

He's just playing you ....
He's already examined the software by installing it while
running a third party install monitor, so he knows EXACTLY what is
installed, including the date marker for the TRIAL version:

Message-ID:

Which he deleted, so he could carry on using it without
paying.

He's copying and pasting parts of your reply(the ones that
interest him) into messages to other newsgroups to make the product
look "bad".
Sliming commercial products is one of his "hobbies".

PS Notice he completely ignored the statement that Adobe
tracks users in the MSG above? And later completely removed the text.
He's never had the slightest interest in helping anyone avoid tracking
or otherwise malicious software.
HTH
[]'s

OT up with the follow ups maintained so another one of BD's
victims can see the post.
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On 11/06/2020 11:16, Eric Stevens wrote:
On Thu, 11 Jun 2020 08:55:44 +0100, "Apd" wrote:

"Eric Stevens" wrote:
On Sun, 7 Jun 2020 07:24:32 +0100, David_B wrote:
Please will you type out here the full name of the link being shown By
Kaspersky?

You know as much as I do. As you can see it's truncated.

It was alerting on a script from cdn.siteswithcontent.com. That domain
has apparently been associated with adware. The script is OK so it's a
false positive.

Even so, I don't expect that David either knew or intended that it be
there.

Thanks, Eric. :-)

I had absolutely no idea it was there. :-(

I wonder if Apd knows from whence the script originated.

On 11/06/2020 02:52, nospam wrote:
In article , Eric Stevens
wrote:


Malicious link is blocked ... Kaspersky

Please post a screenshot, Eric.

Perhaps Kaspersky is mistaken?

Wasn't a problem at all.

The malicious link most likely not in David's image but bundled with
the compressed image downloaded with David's image.

unlike most of david's links, this one was surprisingly not malicious.

*FOUL*

I have never knowingly posted a malicious link. *EVER*

McAfee never used to find these by Kaspersky has warned me of several.

just because it warned you doesn't mean it's actually a problem.

it's clearly a false positive.

Apd has also suggested that it's a 'false positive'
MID

On 11/06/2020 16:23, Paul wrote:
David_B wrote:

The marker was noted by Snit, I believe. If you make a list of those
files and show me the content I'll endeavour to explain their purpose.

https://cdn.clamxav.com/ClamXAVdownl..._Installer.pkg

You can open the file with 7ZIP on Windows and open some
of the .plist files with Wordpad and see potential Mac paths
where stuff could be stored. It's not really a surprise it
runs a service. The OS is probably a bit picky about "getting
too close". I don't know what it takes to inject a .ko and
maybe that wouldn't have the right semantics anyway.

Â*Â* ClamXAV_3.0.15_8328_Installer.pkg\Payload~\.\Libra ry\LaunchDaemons\
Â*Â*Â*Â*Â* uk.co.canimaansoftware.ClamXAV.Engine.plist

Â*Â*Â*Â*Â*Â*Â*Â* /usr/local/ClamXAV3/sbin/clamd
Â*Â*Â*Â*Â*Â*Â*Â* /Library/Application Support/ClamXAV/Logs/clamd_err.log

But that's hardly a good method.

There are also materials that look similar in function
to registry entries (for recording things like license
information).

Â*Â* Paul

Oh dear! I had to look up that type of file :-(

https://fileinfo.com/extension/ko

Some folk (Shadow for one) seem to be going out of their way to stop me
from trying to verify that ClamXav is a bona fide software programme.

I think you know by now, Paul, that I'm simply trying my best to expose
any bad actors I might find online. I've always respected you honesty
and integrity and I thank you for helping me with my enquiries!

Stay safe!
Stay well!

On 11/06/2020 00:19, geoff wrote:
On 10/06/2020 6:02 pm, David_B wrote:
On 10/06/2020 00:16, geoff wrote:
On 10/06/2020 7:39 am, David_B wrote:


I'm puzzled as to why THIS product hasn't found its way onto the
list of the best in the business though:-

https://www.clamxav.com

Any thoughts as to why it doesn't feature in the listing?


Sounds like a medicinal vaginal treatment. Possibly could be
better-named.


That's upside-down thinking for sure, geoff! :-)

Not many folk here like the product either:-

https://www.facebook.com/clamxav/

Less than 400 the last time I looked.

It could also be audio-visual systems for the bearded-clamÂ* (!)


Indeed, geoff (but I have no idea what you mean!)

When will your website be finished?

In article , David_B
wrote:


Some folk (Shadow for one) seem to be going out of their way to stop me
from trying to verify that ClamXav is a bona fide software programme.

more of your lies.

what you're actually doing is going out of your way to single out and
attack everything about clamxav, going so far to even dox the
developer.

On 11/06/2020 21:31, nospam wrote:
In article , David_B
wrote:


Some folk (Shadow for one) seem to be going out of their way to stop me
from trying to verify that ClamXav is a bona fide software programme.

more of your lies.

what you're actually doing is going out of your way to single out and
attack everything about clamxav, going so far to even dox the
developer.

Whatever are you talking about?

There's no hiding bona fide companies in the UK. Information is plain to
see for anyone who cares to look! https://ibb.co/dQwpBvD

Interesting to note that Mr Allan was *born* exactly three years before
I retired from the Royal Navy!

"David_B" wrote:
On 11/06/2020 13:07, Apd wrote:
"Anonymous" (one-in-the-eye-for-dustin) wrote:
On 11/06/2020 08:57, Apd wrote:
"David_B" wrote:
On 10/06/2020 20:35, Paul wrote:
It is common industry practice ("code of the hills") to not
discuss the details of AV implementations. You could, for example,
be a Black Hat who is looking for a MacOSX vulnerability idea, and
whatever the developer had jammed into the OS, might be suggestive
of an API a Black Hat could attack.

Ah! Thank you, Paul. :-) That's not something I have ever considered,
nor has anyone else ever mentioned such a thing!

Because I don't think it applies in this situation. The software was
supposed to be uninstalled. The leftovers you had were a marker (so it
would know about a reinstall) and possibly log files and other
ephemeral stuff.

Did you carry out exactly the same procedure?

It would be interesting to review the "marker" and "ephemeral stuff".

Or are you simply guessing?

I'd appreciate you not use socks with me, BD.

Oops! Sorry about that. :-( I posted from my laptop, which I've been
updating to the most recent version of Windows - 2004.

Perhaps you'd like to explain why an AV program would leave behind
files to do with it's implementation after an uninstall, by which I
mean those containing the mechanism whereby it detects threats. That
would be part of the program code. Ok, a signature database might be
left behind as it could be a separate install but that's no big deal.

I'm not talking about *ANY* AV software - I'm referring to ClamXav.

I know. I was responding to why Paul's reason, about not discussing
details of implementation, was never mentioned as should be clear from
the quoted context.

The marker was noted by Snit, I believe. If you make a list of those
files and show me the content I'll endeavour to explain their purpose.

You have a Mac. Why can't you test for yourself? Then there could be no
doubt of the result. The 'Trial' is free - all it will cost is a little
bit of your time.

I can't run the current version - my system is too old. Anyway, the
onus is on you to do the legwork.

You are an experienced Internet user. Please explain why you think the
current opening Website page starts out talking about an old version of
ClamXav http://www.markallan.co.uk/

I don't see that. There's a link to clamxav.com.

In article , David_B
wrote:

Some folk (Shadow for one) seem to be going out of their way to stop me
from trying to verify that ClamXav is a bona fide software programme.

more of your lies.

what you're actually doing is going out of your way to single out and
attack everything about clamxav, going so far to even dox the
developer.

Whatever are you talking about?

There's no hiding bona fide companies in the UK. Information is plain to
see for anyone who cares to look! https://ibb.co/dQwpBvD

which you of course did, along with doing quite a bit more, including
digging up his family and financial information, which you then posted
to usenet and no doubt to many other places.

Interesting to note that Mr Allan was *born* exactly three years before
I retired from the Royal Navy!

no, that's not interesting at all.