While I was scanning with clamXav, avast popped up and said it had blocked two infections, which I deleted in the virus chest. The ClamXav scan didn’t find anything and I then tried scanning the Library folder with clamXav again and then avast popped up again with the JS:ScriptIP-inf [Trj]. Below is the popup and the avast virus chest.
http://i.imgur.com/Ma7qfGl.png
http://i.imgur.com/5Fphymj.png
It looks kinda weird to me, can anyone tell me what to do and why it wasn’t removed the first time?
JS:ScriptIP-inf[Trj] is the detection of <script referring to page which avast blocks.
Maybe an Avast Team Member can say whether this is a genuine detection or a FP,
when considering the link tothe page where it was reported by avast.
Here that kind of detection is also being discussed at Serverfault Stack Exchange:
https://serverfault.com/questions/tagged/anti-virus
polonus
Thank you for the reply. As I understand it, it didn’t pop up because of a page I was on, but popped up when avast detected clamxav or something.
Running 2 AV’s as above link talks about. This not an issue here because ClamAV is an on-demand scanner. It is perfectly fine to run an on-demand scanner with an on-access scanner as Avast for Mac is. What you found here was ClamAV “touched” the file or script and doing so Avast being a on-access scanner was scanning ClamAV scanning and had the definitions and caught it. Not a problem in my book. Same as scanning with Malwarebytes for Mac or Malwarebytes for PC Free version that is ONLY an on-demand scanner IF it is not in 14 day Premium DEMO mode.