This article is from the Viruses and the Mac FAQ, by David Harley D.Harley@icrf.icnet.uk with numerous contributions by others.
Commercial packages include NAV (Norton AntiVirus for Macintosh)
[NAV supersedes SAM (Symantec Antivirus for Macintosh)], Virex for
Macintosh, Rival, and Sophos Anti-Virus for Macintosh (SAV).
Virex, NAV, and SAM [obsolete] all address a full range of threats,
including Trojans and macro viruses, and can do scheduled scanning
as well as on-access (memory-resident) scanning.
Sophos Anti-Virus for Macintosh (SAV) was upgraded in January 1999
to include the SWEEP on-demand scanner. The shipping version can be
downloaded for free evaluation. English and Japanese are supported.
<http://www.sophos.com/downloads/eval/> Stand-alone on-access scanning
is now available in the release version. Server-based on-access scanning
has long been available for Mac clients on NT or NetWare networks.
The program offers customizable reporting and notification from an
attractive interface. So far, compressed archives must be
decompressed before scanning; I am assured that archive scanning
will be in future versions. Complete documentation is in PDF format.
+ Sophos combines an intercept driver (InterCheck) and a scanner
application (SWEEP). Sales are not retail, but direct or through
the Sophos Distributor network. Free technical support is all-year
round, any time of day. Virus identity updates are available from
the Web between monthly CD-ROMs. Major developments in the Sophos
product are expected, including smooth large-scale deployment and
ease of updating over networks.[SL]
[This section is overdue for serious refurbishment. Next FAQ release, maybe. There
may be an issue with the Sophos control panel and some USB drives - not formally
tested to date.]
Norton AntiVirus for Macintosh (NAV) launched May 18, 1998. New
features included LiveUpdate virus definition updates over the
Internet, enhanced macro virus protection, automatic file repair, a
bootable CD-ROM for emergencies, faster scanning for PPC, and a
NAV, SAM, and Virex offer checksumming/integrity checking
(detecting possible infection by unknown viruses, by monitoring
changes in infectable files) - the correct checksums or
fingerprints for individual files are kept in a database file. All
three applications check files compressed with StuffIt.
NAV, formerly SAM, is particularly oriented towards behaviour
blocking: the Intercept tool can be configured to raise an alert at
the slightest whiff of a 'suspicious' operation. Unfortunately,
this can be counterproductive in real life, since an over-stringent
alert policy is apt to result in the facility being turned off
altogether. However, configuration is very flexible.
SAM (Symantec AntiVirus for Macintosh) support was discontinued
May 1; the last update is for July '99. From Symantec's advice:
"In order to maintain the safety and security of your data
from viruses without interruption, we recommend that you
upgrade to NAVM 5.0.3 before May 1st. For presales and
upgrade questions, please contact customer service. They
can be reached at 800-441-7234 or online at:"
[SAM 4.5.x needs the 4.5->4.5.1 application patch to run current
definitions, and the 4.5.3 Intercept patch to resolve a compatibility
issue with Microsoft Office 98, and Segment Loader errors when
SAM application Minimum and Preferred memory allocations must be
increased from their shipping defaults to 5000K or greater. The
(May 1998) SAM definitions files included a Read Me with
instructions. More information may be available from Symantec SAM
support on the Web.]
Symantec issued a Norton AntiVirus 5.x->5.0.3 patch for Mac OS 8.5,
fixing the problem with copying files on AppleShare networks.
Virex offers very fast scanning is easy to update, and includes
checksumming for the detection of unknown viruses. It's also
possible to buy an administration package. The basic package
includes a control panel for scanning on file or diskette access
which can be locked independently of the administration package.
Installation and interface are easy and efficient. Virex 5.8 scans
ZIP archives, has a contextual menu plug-in module, and interface
Virex 5.9.1 was released on 18-Jan-99, for compatibility with
Mac OS 8.5 and Virex Administrator 1.4, and can be downloaded.
<http://www.drsolomon.com/download/home/>. Registered users who
bought McAfee VirusScan during the past six months or so, and
registered users of Virex 5.8 and 5.9 could still upgrade:
Virex Administrator version 1.4 was released by NAI on 23-Dec-98.
Virex and Virex Administrator had these home pages:
Current Virex release is 6.0. Licensed 5.9x users can obtain an
upgrade. OS 9 users will need the beta control panel available from
www.nai.com, to overcome compatibility problems.
Dr Solomon's Software acquired Virex and netOctopus from Datawatch
Corp. on 10-Oct-97. Network Associates (NAI) acquired Dr Solomon's
on 13-Aug-98. Netopia, Inc., acquired what is now named Timbuktu
netOctopus in late '98 or early '99.
VirusScan 3.0.1 is the final version for Macintosh, and may be
updated for macro viruses into 1999, but will never have AutoStart
worm definitions or definitions for the new System viruses like
SevenDust E. VirusScan customers need to take advantage of a free
upgrade to Virex as soon as possible.
Dr. Solomon's for Macintosh went through various stages of neglect
through late 1998 and support appears to have vanished altogether in
1999, when customers started to receive Virex disks instead of Dr.
Rival 3.0.4 is available from Intego. [Probably obsolete info.]
F-Secure for Macintosh is one of the best-kept secrets in anti-virus.
The last time I saw it, it detected macro viruses only. You might be
lucky and find some reference to it at:
It features on datafellows evaluation CDs.