I did a ClamXav scan this morning and got this result in the top window:
Filename Infection Name Status
/Users/myname/Desktop/Quarantine/install-pear-nozlib.phar PHP.Exploit.CVE_2011_4153-2 Quarantined
In the lower window I got:
Starting scan…
ERROR: Can't unlink '/usr/lib/php/install-pear-nozlib.phar': Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 1315949
Engine version: 0.97.5
Scanned directories: 179553
Scanned files: 579428
Infected files: 1
Total errors: 307
Data scanned: 57953.32 MB
Data read: 69575.40 MB (ratio 0.83:1)
Time: 6095.328 sec (101 m 35 s)
One or more infected files were found and were moved into your quarantine folder.
I then did a Get Info on the quarantined document, and got:
Created: July 31, 2012 6:42 PM
Modified: July 31, 2012 6:42 PM
I've looked around and, although I don't know what Pear is, it appears to be something that the system wants, but that PHP.Exploit.CVE_2011_4153-2 is not desirable.
So, I assume I should trash the install-pear-nozlib.phar document in the Quarantine folder. However, I'm not sure how to perform the "unlink" that the ERROR message seems to want.
What are my best steps at this point?
If Pear is something the system wants, how would I get an infected copy?
Last edited by ryck; 10/16/12 02:08 PM.