I am using ClamXav on OSX 10.9.5. After accidentally unzipping the 1.6 FairPhone-update (/FP1_Fairphone_OS_1G13G_v1_6_OTA_2014-07-31) it got scanned by ClamXav and the following warning was produced:
/FP1_Fairphone_OS_1G13G_v1_6_OTA_2014-07-31/system/bin/vold: Andr.Exploit.Ratc FOUND
The zipped version of the updater gets scanned without warning.
Is this a false positive or or should I be concerned that this malware has found its way into the installer?
Yes and no… FP contains a ‘danger of exploit’ simply because the phone is rooted by default. So its both a positive and a ‘false’ one. Thus no need to worry, at least not if this thread, and FPs developer team, are trustworthy: http://forum.xda-developers.com/showthread.php?t=2791343
Thx for the answer and for pointing me to that thread.
I have since scanned some older versions of the FP OS and got the same warning. Interesting how one persons’ phone-freedom can be another persons exploit