Yesterday we reported on a new folder action which checks for correspondence between a filename's extension and the type/kind in order to find files that may be indicative to the Mac OS X type/creator, .extension "trojan horse"
First, several users have reported that the compressed folder action file is flagged by Symantec's Norton AntiVirus as possibly containing a virus. This is because the .sit file contains a non-harmful variant of the MP3Concept flaw for example purposes. Symantec recently provided a new virus definition through its LiveUpdate system that will catch this type of file.
MacFixIt reader Rainer Udelhoven notes some other limitations of the folder action:
- It won't recognize the trojan if nested into more than one folder category, as in 'Mismatch/virus.mp3 folder/virus.mp3', dragging the whole folder "Mismatch" into an enabled folder no alert occurs
- It seems to be language dependent and only works for me with (American) English as system language. When using my default German setting, no alert occurs
The folder action can be downloaded from http://home.comcast.net/~c0ugar/files/Mismatch.sit.