One of my users has been using clamxav for years, and is now being asked to upgrade to the new version which is now a subscription model like other anti-malware things.
I’m inclined to have him switch to one of the others that scans for more things since the security climate has changed over the last few years. Sophos is free and the officially sanctioned choice, but at least as configured by the university, takes up a lot of resources (and the config can’t be changed by mere mortals). In principle I like Malwarebytes, but some of features are windows only with Mac having the same price. I haven’t found any reviews I trust that cover the newer always-on version.
This user probably needs something, since in addition to the usual phish emails which are getting harder to spot these days, he collaborates with PC users via Office, has been fooled once by a browser javascript tech support scam, and has ended up with adware once or twice, too. I’ve told him to get 1Blocker for Safari, which he’ll probably eventually do, and that should take care of many of the browser based attacks, but not stuff that comes in via email.
I’m curious as to what you consider to be “more things?” ClamXAV v3 is currently configured to scan for all known types of macOS malware, especially that which most commonly threatens Mac users today. As of this moment, there are over 1.18 million macOS unique signatures used. Checking for Windows and other platform malware has been disabled, for now.
I should also point out that current paid users of ClamXAV v2 can either continue to use it or upgrade to v3 for up to a year, depending on when they purchased it, and are given a 50% reduction in annual subscription costs after the free period. So there should not be any rush to find something new.
With that said, I do suggest you and he take a look at Malwarebytes for Mac and DetectX. The former is still in the process of rolling out new premium features, so expect it to have external disk and a Safari extension soon.
I do have the old Sophos Home Edition installed, but only allow it to keep definitions and the app up-to-date and use it for testing. I’ve had it go crazy a couple to times over the years which requited total uninstall/reinstall to recover and it does take longer to update than any other AV I’ve ever had.
I just got a computer today infected with search.yahoo thingy. Just Safari. Chrome is okay. Malwarebytes says that computer is clean. I removed Safari’s caches, prefs, cookies, disabled extensions. No change. I am now running Avast scan but it takes forever. Is ClamXAV really better?
“Better” is a purely subjective thing. They are somewhat different in their approaches to detecting and cleaning malware, but both are generally equally effective in addressing today’s threats to macOS and it’s applications.
But before I jump into great detail about all that, lets make sure you have done everything necessary. You didn’t mention whether Malwarebytes found anything before you removed those Safari files, so I don’t know whether it would have given us clues or not, but there are almost always additional steps necessary after a cleanup that should be done to get things back to normal. In such cases, ClamXAV will not be able to correct these problems either. Malwarebytes makes these suggestions:
Thanks Al for the link but it does not help in this case. Internet works fine. Browsers work fine (otherwise). I ran Malwarebytes scan first and it found nothing, hence I tried other things. This is Safari 11 on El Capitan. As I said, only Safari seems to be infected. The new page loads google search page. When search is run, I see results from Google for a second, then some URL pops with do-search or sth in it and the browser switches to yahoo. The settings of Safari were not affected. No new extension. I disabled all extensions to see if sth is hiding there to no avail. I checked that there are no stray apps in the applications.
I’ve been dealing with a similar situation this weekend with a couple of other users, but both of them involve the Bing search engine and at least one of them appears to be a new Trovi infection, so this might be related to all that. Neither Malwarebytes nor ClamXAV has uncovered the root cause and if this is related, then we may not solve it today.