DVDPedia and Antivirus Triggered; Probably Nothing

Report your bugs here - if someone else has already mentioned the same bug, just add on to their post with as much info as possible to make the hunting easier.
Post Reply
RWalker
Junior Member
Junior Member
Posts: 4
Joined: Wed May 06, 2020 12:17 pm

DVDPedia and Antivirus Triggered; Probably Nothing

Post by RWalker »

macOS 10.14.6; DVDPedia 6.2.1.

I downloaded DVDPedia 7.0 from the website, mounted the DMG, and copied the app to applications.

When I launched DVDPedia 7.0, the free Avira antivirus app was triggered: "Antivirus alert for file: XProtect.yara"

The log entries were:
May 10 20:51:10 avguard.bin[364] <Info>: Virus alert for file "/System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.yara":
Details: OSX/GM.Adload.TA ; virus ; Contains detection pattern of the OSX/GM.Adload.TA virus
May 10 20:51:10 avguard.bin[364] <Warning>: Quarantine error for /System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.yara:
Unable to quarantine file. Reason: the source file could not be deleted
May 10 20:51:10 avguard.bin[364] <Notice>: the alert in file /System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.yara was handled.
Action(s) taken: access denied, condition logged

I put DVDPedia 6.0 back into place and within the app I upgraded to 7.0. However, this time there were no alerts. But, I thought you should know.
User avatar
FineWine
Site Admin
Posts: 904
Joined: Wed May 28, 2008 2:41 am
Location: Tauranga, New Zealand

Re: DVDPedia and Antivirus Triggered; Probably Nothing

Post by FineWine »

Thanks for the report. I have let Conor know.

I did some research on this and looks like Apples own inbuilt security xprotect.yara and its associated YARA signatures was triggered https://support.apple.com/en-nz/guide/s ... d47bd8/web when it detected the GM.Adload.TA virus. Adload is its base name and is nasty with several variants of it out there.

NOTE: xprotect.yara is NOT the problem it is part of the solution.

Hopefully your Avira antivirus app has quarantined this virus and you are then able to safely remove it and all its components. Get your Avira antivirus app to do a complete manual scan and when you have cleaned out any nasties do a complete backup of your machine.
User avatar
Conor
Top Dog
Posts: 5346
Joined: Sat Jul 03, 2004 12:58 pm
Contact:

Re: DVDPedia and Antivirus Triggered; Probably Nothing

Post by Conor »

Thanks you for the security update.

I can confirm that the latest DVDpedia does not have a GM.Adload.TA virus. It gets built on my computer and scanned and code signed so it can't be altered. Afterwards it gets sent to Apple and scanned by them and code signed by them for my developer account, so that GateKeeper will let it open on your computer.

As Finewine mentioned the file that popup is part of the Apple core library, that DVDpedia links to and uses but does not include code for.

You likely have an Apple Silicon computer with an M1,M2 or M3 chip, and DVDpedia 7 is built for Apple native code. Hence it links to newer libraries that will have the base signature for the virus in them, instead of DVDpedia 6 that links to older libraries built for Intel chips.
RWalker
Junior Member
Junior Member
Posts: 4
Joined: Wed May 06, 2020 12:17 pm

Re: DVDPedia and Antivirus Triggered; Probably Nothing

Post by RWalker »

I appreciate you checking it out. Better safe than sorry.

Actually, this was on a Mid-2012 Mac Pro (pre-cylinder) running Mojave 10.14.6. I've been waiting for a worthy Mac Pro replacement. I don't think it's going to happen.
Post Reply