Wednesday, February 22, 2006

Mac Virus False Positive

Yesterday, we had a couple of Macs in our office turn up positive for the Inqtana worm. This is the first time we've ever dealt with a virus on a Mac.

Sort of.

It turns out we didn't have a virus at all. The vulnerability that the Inqtana worm exploits was patched back in mid-2005, and we're pretty good at keeping our software up-to-date around here, so we did a little poking around. Apparently, Sophos (the company that makes our anti-virus software) released a virus definition file that causes "false positives" for this worm when looking for viruses. So, it thought clean files were infected.

So we still haven't had a Mac virus yet (knock on wood!), but we had something pretty close. Since Sophos was set to delete infected files, a lot of files got deleted, which may as well have been like the behavior of a virus. Heh.

No comments: