About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Security Consulting
Feedback Form

SecureMac Software


Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing

Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry Security Resources
Marketing Macintosh Security Programs

Agax (Antivirus)
Developer: Agax Site

info, views, download, rating, security, insecure
Agax version 1.3 added 7/12/99

Agax is an extensible free Mac anti-virus program. It offers both standard virus-scanning facilities and more advanced background protection - so you don't get infected in the first place. Click on one of the links below to download Agax.

Excellent free program. Protects against SevenDust, Autostart, and CODE9811. So this isn't a full blown virus protection program yet; they are definitely adding the most current virus definitions!

Download Version:
You can download Agax 1.3 from:
SecureMac - 1.3 version
Or try Downloading From:
Agax's Website


This is a snippet from the manual:
Agax is an anti-virus application. It scans your disks and files for viruses. It also contains Defender, which is an anti-virus extension. Both products use Additives to discover and (with Agax) repair infected files. Additives are stored in the folder 'Additives' in the same folder as Agax. The main window of Agax has the title 'Log'. It records Agax's anti-virus activity - in particular reporting the discovery of infected files, and the success it has in repairing them. You can perform operations on the log with the File menu. Agax has two menus with identical contents but different titles - the 'Examine' and 'Repair' menus. These both do the same thing (scan for viruses), except that 'Repair' will attempt to remove viruses from infected files, whereas 'Examine' will just report the infection. Some files cannot be repaired, and you are given the option of deleting these (if the Additive responsible considers the file a threat) at the end of the scan. Agax displays a progress bar during its scan of a volume. To stop the scan, click the close box of the progress bar. The 'Nasties' menu contains a list of the currently installed Additives. You can view more information about an Additive by selecting it from this menu. You can change when this Additive is used from the window which results. There are three checkboxes: 'Examine files for this virus' uses this Additive when it is examining; 'Repair files with this virus' uses this Additive when repairing; 'Pro-actively repel this virus' uses this Additive in Defender. Changes to the last checkbox will only take effect on restart. These options as recorded in the preferences. When Agax starts up, it checks to see how the list of Additives has changed from last time. If any are missing, it will warn you of the fact, and if there are any new ones, it will ask you what you want to do with them (enable all or disable all). You can change this later through the information boxes described above. If Agax can't find its preferences, it tells you and enables all Additives.


The only available option in the Edit menu is 'Preferences'. Currently, this controls only the preferences for Defender. Any changes made here won't take effect until restart. The first checkbox 'Enable Defender' controls whether or not the Defender extension is installed. If the status of this checkbox has changed when you close the preferences, Agax will take the appropriate action (i.e. create or delete Defender in the Extensions folder). When Defender is enabled, you can choose how it protects your computer. There are currently three types of protection: - 'Examine volumes when mounted'. When a volume is mounted, it is examined. If a virus is found you are asked to run Agax on the volume. There is a further option under this: 'Simple examination' or 'Thorough examination'. 'Simple examination' is quick and will find viruses which always live in the same place on a volume (such as AutoStart worms ... not that there's an Additive for these yet). 'Thorough examination' does a complete scan of the volume, as if it was selected from the 'Examine' menu, but without the progress bar. As you can imagine this is very slow, so I don't recommend it. (Note: After startup, all volumes except the system volume will be scanned in the method indicated if volume examination is enabled) - 'Examine applications when launched'. When an application or desk accessory is launched, it is examined. If a virus is found, the launch is prevented and you are told that the application is infected. Control Panels are not examined, as they execute inside the Finder. To catch infected control panels (not that I know of any) you would have to use the next type of protection. - 'Examine resource forks when opened'. When a resource fork is opened, it is examined. If the file is infected, the open is prevented and you are told that the file is infected. If this type is on as well as the examining launches type, clean applications will be examined twice (but it doesn't take long, so don't worry about it too much). When this type is selected, even the Finder's 'Get Info' command will warn you of infection (for applications at any rate). Alongside all of these types of protection there is the option to log when the checks occur. Even if these boxes are unchecked, infections will still be logged - unchecking them just cuts out the 'Started...'/'Completed ...' log entries. Warning: Turning this option on for resource forks is a bad idea - resource forks are opened and closed all the time. It will significantly slow down your computer, and make the log huge (too big for SimpleText) very quickly. The log is also useful for determining the virus causing the infection (without running Agax), as the notification message does not tell you this information. Defender's log is called 'Defender Log' and stored inside the System folder. Defender too keeps track of which Additives are around - newly discovered additives are disabled. The Additives which Defender uses are those beside the last Agax which was run - so make sure you don't use Agax on a server (actually, I haven't tested this - it might actually mount the server during startup).

Warnings, bugs, etc.

Warning: Both Defender and Agax make an attempt to guard against themselves being infected. Thus you shouldn't fiddle with them - in particular, don't unlock Agax, and don't change its memory allocation. This will likely be improved and extended to Additives in the near future. Agax replaces Antigax and GAx Defender - you should delete these and use Agax and Defender instead.

System Requirements

Theoretically, Agax should work from System 7.0 up, however Defender only works from System 7.5 up. The current version has only been tested on System 8.0 and 8.1 (that should probably be MacOS 8.0 ... ), so I really don't know about anything other than those.

Special Help Sections (FAQs)

I just expanded Agax and ran it, and it says it's been tampered with! I sure didn't touch it - what gives?

This error usually results when Agax itself has become infected. It will refuse to run if that happens, because the virus might re-infect files as fast as Agax repaired them. If it was something you did (e.g. modified it with ResEdit, changed its memory requirements, etc.) then you should replace the modified Agax with a freshly expanded version. If it was due to a virus however, then it is more than likely that this virus is in RAM (and therefore practically impossible to remove without restarting), and would infect Agax again if you re-expanded it straight away. So I suggest you do the following:

  • Delete the Agax application, but keep the Stuffit archive handy.
  • Restart your computer from your System CD (e.g. the Mac OS 8 CD), or some other guaranteed virus free System Folder.
  • Expand Agax.
  • Launch Agax.

If this still doesn't work (very unlikely), then try repeating the procedure, but locking the Agax application after you expand it and before you launch it. If Agax does not find any viruses, then it is probable that it was infected by a previously unknown virus. If this happens, then please get in touch with me! Originally I intended to keep Agax locked, so viruses would have more difficulty infecting it, but in the initial release I neglected to do this. This turned out to be far better for everyone, because Agax inadvertently found some new viruses when they infected it - so I've decided to keep it unlocked by default. If you wish to lock it however, then by all means go ahead, but you will forgo that extra level of protection.

I just installed a new Additive, and choose the 'Verify over Internet' option, and this huge dialogue came up with three lists in it. What does it all mean, and should I worry?

OK, this is new in Agax v1.2. The list on the left shows the latest versions of Additives that the Agax web server knows about. Anyone is free to write their own Additive, but it won't appear on that list unless they tell me about it. Also, new Additives will appear in this list when they are released, so you can check here for updates instead of going to the web page if you want to. The other two lists contain Additives sitting in the Additives folder on your computer that Agax is currently using. If the server knows about the Additive (of that version), then it goes into the list on the left (i.e. the middle of three). If the server doesn't know about it then it goes into the list on the right. In addition to this each Additive has a tick or a cross in front of it. This only indicates whether or not you've currently got it enabled - nothing more. You can enable or disable all the Additives in either list by using the radio buttons alone. 'Leave' means they are left as they appear in the list. All of my Additives will appear in the Master List and be verified in the middle list. It's only Additives written by other people that could legitimately end up in the third list. You should be very suspicious of any Additives unexpectedly turning up in that list, especially if they claim to have come from me. All of this is to ensure that someone won't make an Agax Additive that is a virus, especially if they claim that I've written it. In general you should need a good reason for trusting an Additive that the server doesn't.'

Version History:
Agax v1.3 released, with bug fixes, drag and drop, improved progress bars, and more.
AutoStart Additive now at v1.0. It's been made more robust, and taken out of beta.

Enter Email Address:

Enter your message:

Select Either of These Two Buttons

Security + OS
PowerBook Security Control Panel
Empower Pro
Deus Lock Master
Keys Off
MacOS Algorithm
Modem Security
Password Key
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro

Macintosh Viruses
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security

Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
Norton Personal Firewall

Mac Spyware & Privacy
NetShred - Delete Files Safely

Network Security
Oyabun Tools

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
Outlook Express 4.5 Password Flaw
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
My Secret
PGP Personal
PGP Freeware
Private File
Quick Encrypt
SubRosa Utilities

Deleting Files
Eraser Pro


Apple Hardware

Mac Attack

All material (c) 2014 and respected owners