Page 2 of 2

Re: facebook became transparent

Posted: Fri Jan 22, 2016 12:50 pm
by barbaz
Thank you for reporting your findings and glad you got it resolved! :D
mrspooky wrote:(even if Ffox seems not happy to let me install this addons. I have had to say "go ahead. I trust them").
Oops, sorry I forgot about that :oops:
Install from this link if you want Fx to be OK with it.
mrspooky wrote:p.s.
I cannot use malwarebyte because my mac (both of them actually) are too old (2006 ... but still doing their job perfectly) and I am still running 10.6.8
OK then do a search for ClamXav 2.7.5 (that is the last free version of ClamXav - the more recent versions are commercial), and see if you can find a .dmg download with this sha256 checksum:

Code: Select all

33c6c76cb3e6f8ec9c23b521135b320ea5300910d9e929eaa0556e2bed15cbfe
If the checksum does not match that then DO NOT USE THAT DOWNLOAD because it's probably compromised.

Re: [RESOLVED] facebook became transparent

Posted: Fri Jan 22, 2016 4:04 pm
by mrspooky
Yep
I am still using the old clamxav version ( 2.7.5 (522)), the free version. Once I realized that after the standard update it wasn't free anymore, I just downloaded an older version and blocked both the automatic update and internet tracking (little snitch).
Strange enough I am still allowed to update the so-called "definitions", therefore it should be still working. I say "should" because I have never detected a single malware over the last 2 decades since I started using the mac.

BTW, do you know if I can check for "sha256" in my already-installed clamxav? I am used to download this kind of apps from the developer site, but ... I can't be totally sure of what I did more than 6 months ago :oops:
thanks

Re: [RESOLVED] facebook became transparent

Posted: Fri Jan 22, 2016 7:47 pm
by barbaz
mrspooky wrote:Strange enough I am still allowed to update the so-called "definitions",
Because the underlying software/backend (ClamAV) is freeware and (I think) always will be - it's licensed under the GNU GPL. And most of the definitions files are just the ClamAV definitions (although there are some ClamXav own definitions.. I actually don't have any idea if those continued to update after ClamXav went commercial).

ClamXav is just a GUI and a "Sentry", it comes with a custom Mac OS X build of ClamAV but IIRC it is theoretically possible to run it with *any* build of ClamAV (though I've never done that). So if your installed ClamXav works fine for you, then (if you don't want to buy the commercial version) I suggest, keep that as-is and if you want upgrade, get a newer ClamAV and point ClamXav to that instead of its own ClamAV.
mrspooky wrote:BTW, do you know if I can check for "sha256" in my already-installed clamxav?
You can check sha256 of a file with openssl, like so:
open Terminal.app, enter

Code: Select all

openssl dgst -sha256 <file>
where <file> is the actual file (you can drag it into Terminal.app to paste its full path).

The checksum I gave is only for the .dmg, so no it does not apply to your installed ClamXav, sorry.
(I don't know how to get checksum of an entire installation! Note that a .app is actually an entire folder, not a single file; and that the ClamAV is installed in the system as a package - which in this context basically means scattered about ;) .)

Re: [RESOLVED] facebook became transparent

Posted: Sat Jan 23, 2016 12:37 pm
by mrspooky
ok

Code: Select all

openssl dgst -sha256 /Applications/Clamxav.app
Read Error in /Applications/Clamxav.app
1777:error:0200B015:system library:fread:Is a directory:/SourceCache/OpenSSL098/OpenSSL098-35.3/src/crypto/bio/bss_file.c:202:
1777:error:20082002:BIO routines:FILE_READ:system lib:/SourceCache/OpenSSL098/OpenSSL098-35.3/src/crypto/bio/bss_file.c:203:
as you said, it would have worked on the dmg only.

I'd not care to pay few euro for the app but ... actually ... I've never detected anything. So I don't even know if the app really works. Well, on the other side I hope I'll NEVER find anything in the files (mostly pdf) I handle ;)