Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 4166 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AMaViS Daemon?

Tarmer

Hi All,

I have something strange going on. Under 10.7.2 my user account's permission got changed to read only on my boot drive this past Friday (Oct 28, 2001). Even creating a new user with adimn rights didn't not work, still read only. After repairing permissions, rebuilding the directory, nothing worked. The only ways I can get write access is by putting my user account directly into the admin group or by giving everyone write accss to the boot disk. I've done the former. This evening I checked Lion's Directory Utility and discovered that the staff group contains one member which resolves out to be a user named AMaVis Dameon.  Any clues? I'm wondering if I've gotten a unknown virus on the Mac, only info on the web points a mail virsus called AMaViSd. BTW I tried running Sophos last night it stopped about 2/3rds the way into it before I went to bed, still there when I got up this morning. It did not detect any threats when it was running and it was installed and updated last night.

Thanks for any help anyone can provide. Take Care!

Toby

:1004323


This thread was automatically locked due to age.
  • 0

    This isn't a virus, but it does point to the fact that you've got two AV packages running on your system, which is likely to cause all sorts of problems.

    http://www.amavis.org/

    Amavis is commonly used to run all mail transport traffic through ClamAV -- basicly, to scan all messages going through a mail server with the product.  You'll notice that the user does not have a shell associated (or at least it shouldn't) -- this account is actually there to sandbox the amavisd process so that even if someone DOES find an exploit for it, they don't get access to the rest of your computer.

    However, the presence of amavisd implies that you're currently running a mail server on your home mac, as well as ClamAV.  If you didn't install all of this yourself, then you're going to need to do a very thorough analysis of the state of your computer, as somebody is likely using it to send direct mail.

    Dropping a mail server on a home user subscriber line is not a good idea... the reverse-dns lookup will point to a subscriber range domain, not the one your email purports to come from -- and this discrepancy will cause most anti-spam filters to block email coming from your mail server.

    :1004329
  • 0

    Hi, i also have this AMaVis Daemon on my computer.

    How does one create a mail server on the laptop? I don't remember ever attempting to do such thing...

    How could i ckeck if i have a malware or virus something on my laptop?

    Many thanks

    Sue 

    :1010934