Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1746 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New threat found in old application

Jeremy511

I've been using a free app called Free Ruler for OS X ever since I've had my iMac (summer 2011). Just yesterday, the Sophos Anti-Virus program (I'm using 8.0.6C) identified a "Mac/Cowhand B" threat associated with Free Ruler; the application was removed in the process of cleaning up the threat. I tried to go back and re-download/install the program but Sophos immediately claimed the same threat was present as soon as I had downloaded it. So, I cleaned it up again and have left it alone. But I would really like to be able to use this program still, and it's been operating all this time without any trouble. Anyone know anything about this? Note that this is the first time Sophos has detected anything on my machine.

:1009850


This thread was automatically locked due to age.
  • 0

    The Cowhand-B threat was updated a few days ago to handle a classic Mac threat found in certain copies of Free Ruler.  This malware is benign on OS X, and so wouldn't affect you -- but I'll investigate further, as it's a possible False Positive (FP) if it's firing on more modern copies.  I should have the detection cleared in a few hours if it does turn out to be an FP issue.

    Thank you for bringing this to our attention!

    [edit] In the mean time, you could upgrade from FreeRuler 1.6 to FreeRuler 1.7b5, which is Lion compatible and built for x86 as well as PPC.  I've found some odd stuff in FreeRuler 1.6 which likely caused the detection (it opens a socket to listen for connections and attempts to access passwords from the system keychain; not something you normally see in a ruler), but this could just be an artefact of some RealBasic library the author was using.

    :1009852
  • 0

    There's nothing actually linked into the runtime binary logic that would do anything remotely cowhandish; this detection will be pulled in the next data update (sometime in the next 4 hours).

    :1009854
  • 0

    Thanks, Andrew, for the fast response. I just downloaded 1.7b5, and am good to go.

    :1009856