Trojan.OSX.Eleanor [false positive detected by ClamXav 2.9 Public Beta]
ClamXav is reporting that the 1Password6.app is infected by the Trojan.OSX.Eleanor worm. Thoughts? Comments? Solutions? TIA.
1Password Version: 6.5.BETA-7 (650007)
Extension Version: 4.5.7b3
OS Version: 10.11.6 Beta (15G24b)
Sync Type: iCloud
Comments
-
hi @HFTobeason,
thanks for bringing this to our attention; what path does ClamXAV indicate is the suspect file?
Rudy
0 -
Two places:
/Applications/1Password/1Password 6.app
/Applications/1Password/1Password 6.app/Contents/Library/LoginItems/2BUA8C4S2C.com.agilebits.onepassword4-helper.app/Contents/MacOS/2BUA8C4S2C.com.agilebits.onepassword4-helper
0 -
Hi @HFTobeason,
I would recommend quitting 1Password & mini , and deleting /Applications/1Password/1Password 6.app and re-downloading it from our website.
It looks like you're running the latest beta from https://cache.agilebits.com/dist/1P/mac4/1Password-6.5.BETA-7.zip, we just scanned that binary with ClamXAV and it indicates it has no infection.
Rudy
0 -
Done. But, I'm still getting the same two infection alerts!
0 -
Note that I'm running ClamXav v2.9/0.99.2 (2367).
0 -
Hi @HFTobeason,
It looks like the ClamXav 2.9 public beta is incorrectly identifying them as being Trojan.OSX.Elanor. The current release version of clamxav, 2.8.9.4, which is what we were checking with correctly detects no issues with the binary.
We'll start a conversation with them about the false positive they're detecting with their public beta.
Thanks again.
Rudy
0 -
Thanks, Rudy.
0 -
On behalf of Rudy, you're very welcome! Hopefully you're all set now, but if you have more questions about that or need anything else, just let us know. :)
0 -
I just heard back from the ClamXav developers, they've resolved the false positive!
If you update your virus definitions under ClamXav 2.9 it should now correctly recognize that 1Password isn't Trojan.OSX.Elanor.
Rudy
0 -
Hello!
I'm also having this issue -- I was running Version 2.9/0.99.2 (2367) of ClamAVx and got hit with the issue. I've since deleted 1Password and downgraded to the latest version of ClamAVx that's stable (2.8) and still get the problem.
I think I might just have the newer ClamAVx scanner installed, so, it's possible that might be causing the problem still -- but thought I'd mention it.
Ex: http://i.imgur.com/b2381BN.jpg
Thanks for all the help!
0 -
Confirmed - the latest definitions update resolves the alert. Thanks!
0 -
Hi @HFTobeason ,
Thanks so much for taking the time to report it to us. I'm glad they were able to resolve it so quickly.
Cheers,
Kevin0