I'm not sure what solution you are seeking here. DetectX will record each and 
every time a key file is added or removed to/from selected locations, which 
includes all LaunchAgents, LaunchDaemons, Applications and a few other places 
where malware is often installed. When you see such a notice, if it's something 
you recall having allowed, then no further action is required. If it's a file 
that you cannot associated with an action on your part, then check the latest 
DetectX scan to see if that file or files are detected as malware. If not, then 
you should spend some time as you have here determining where it came from. 

At this point, you have solved the mystery and should simply go back to work 
and forget about it. DetectX did it's job and so have you.


On Nov 3, 2019, at 02:19, Michael Newman via macports-users 
<macports-users@lists.macports.org <mailto:macports-users@lists.macports.org>> 
> Thank you.
> Locate did not find this plist on the boot volume. It did find it in a Carbon 
> Copy Cloner SafetyNet directory on a backup drive.
> MrMuscle:home mnewman$ locate org.macports.postgresql83-server.plist
> /Volumes/Clorox2/_CCC SafetyNet/2019-10-30 (October 30) 
> 01-00-52/Library/LaunchDaemons/org.macports.postgresql83-server.plist
> /Volumes/Clorox2/_CCC SafetyNet/2019-10-30 (October 30) 
> 01-00-52/opt/local/etc/LaunchDaemons/org.macports.postgresql83-server/org.macports.postgresql83-server.plist
> I think the first one is a symbolic link to the second.
> So, I’m stuck. I can tell DetectX to ignore this, but that seems more like a 
> coverup than a solution.
>> On Nov 3, 2019, at 16:51, Ryan Schmidt <ryandes...@macports.org 
>> <mailto:ryandes...@macports.org>> wrote:
>> MacPorts creates plists for ports that are meant to act as servers when you 
>> install those ports. The plists are removed, along with all of the port's 
>> other files, when the port is uninstalled.
>> You can use find or locate to try to determine whether a 
>> org.macports.postgresql83-server.plist file still exists even after you have 
>> uninstalled the port.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to