Macs, Viruses and Time Machine

Since I switched to Macs over a decade ago, I have never used anti-virus software and have never seen any signs or issues that compelled me to. However, I’m a web developer who has a local backup of a client’s website that recently has shown signs of having been compromised. Since the suspected files were on my filesystem, this event seemed alarming enough that it warranted investigation. So I researched a bit and decided on ClamXAV, which I used to scan my local drive. Strangely, no malware was found in any of the client’s files, however, ClamXAV did indicate some files in my Time Machine backup (an external drive), and promptly quarantined/deleted them.

Shortly thereafter, I’m getting this notice that my TimeMachine backups are hosed and TimeMachine has to start all over.

After this experience, I have a couple of questions for the community.

  1. Is it possible the TimeMachine event and the ClamXAV scanning are related? (Did the Clam software hose my backups?)
  2. Is it possible to fix my TimeMachine backups or are they a lost cause? I keep clicking “Backup Later” with the hopes of finding a solution.
  3. What Mac anti-virus software have you found to be the best?

Thanks in advance for your feedback!

  1. Depending on what happened, almost certainly.

  2. I don’t think so, but others may know differently. For my part, if a backup has ever shown any sign of being less than perfect, I no longer trust it at all.

  3. I don’t. My workplace is getting Sophos for our Macs, so I may play with that a bit, but I dislike A/V software for pretty much exactly the reason you gave in your post. I have yet to be convinced that the risks incurred by running the stuff are less than just being careful and having good backups.

1 Like

I can’t really speak to whether ClamXAV caused this, but I have had this same error a few times over the years. Seemingly just out of the blue. I’ve always relinquished and let it start a new backup. I would have zero confidence in a broken backup that was repaired.

I would recommend the 3-2-1 backup system, at a minimum.
I would also periodically create a bootable clone using Carbon Copy Cloner. I do this and backup to an SSD once a month.

My backup strategy (for iMac Pro and MacBook Pro)

  • Time Machine to a NAS
  • Time Machine to an external drive
  • Backblaze
  • monthly clone to bootable SSD
  • laptop backup to external drive at school
  • research data every two weeks to an SSD

The iMac Pro is always backing up to those locations, the MacBook Pro is always too Backblaze, NAS and external at home, external at school.

This gives me backups in a few locations, in the cloud, at home, and a large subset at school. I also have the three SSDs in my backpack, so at times they are vulnerable to being in the same location as other backups.
I’ve been thinking about getting a safe-deposit box lately.

It sounds like you’re still in a good place, as you don’t seem to have lost anything current.

I installed Sophos on my and my girlfriend’s machine. I found it slowed mine down, I suppose because I work with giant neuroimaging files. Doesn’t bother my girlfriend who uses Office and surfs the web.

1 Like

Luckily, I do use the 3-2-1 system with both Backblaze and Carbon Copy Cloner, so this is not even close to being my only backup.

That’s a good point about not wanting to trust even a potentially faulty backup…I guess I’ll just bite the bullet and start over with Time Machine…

ClamXAV doesn’t feel like it’s slowing me down at all, but very discouraged about using it, if it’s going to continue to mess up my TM.

1 Like

FWIW, Time Machine uses “Apple-proprietary filesystem devices” that I doubt any anti-virus would know how to handle.

While I personally do not run AV on my Mac, I did install Sophos on a couple of “high risk” users where I used to work. (The type of person that never received a file or link that they wouldn’t click on)

IMO, if ClamXAV doesn’t slow you down, I see no problem using it. Just make sure you exclude your Time Machine drive.

1 Like

Yeah, I would never ever let anything that isn’t made by Apple touch your Time Machine backups, and definitely not anti-virus programs, which are (IMO) far worse on the Mac than the problem they claim to cure.

If I was really determined to use something, I’d probably use MalwareBytes.

That said, I have a free¹ subscription to MalwareBytes, and I still don’t use it.

¹ it’s part of my Eero Plus package, but I only use the 1Password and EncryptMe features.

1 Like
  1. Anything is possible, and in this case it seems likely.
  2. I’ve seen these several times over the years, and those backups were lost. No way to get them back. It usually happens to network backups, have never seen this on a time machine backup on a local disk (or USB connected HD)
  3. I use Sophos, but in “on demand” mode. I’ve only ever seen windows virusses on my machine in email attachments, never anything mac related.
1 Like