Howdy Ronni, The ClamX forum is across most of your worries.
There is a sticky thread that covers how to convert the hexadecimal stuff into ASCII, so you can ferret out those naughty emails - - - -which **of course** you haven't opened, but which still have the naughty code in them. Rob Howells speaks good advice, as always.
Out of interest, I installed the engine and ran a scan and lo! a phishing virus - 246 whatchamacally! In my camino cache! How did it get there!?
Answer: because I downloaded the sticky article in the ClamX forum, which used that as an example. The code was in the page, so I got the code. It is a wording for a phishing kind of email, not any code that will run itself or anything scary. It always pays to remember that antivirus companies have to justify their existence by making everything sound as dire as possible. And to remember that for every sensible user like yourself, there are a hundred who will download and click on anything if it says "click". Those are the ones for whom there have to be virus definitions of the kinds of sentences used in phishing emails.
I second the advice to have a phone-home alert running as your first line of defence. Little Snitch is robust and it even reports on its own reconfiguration when it gets involved in a backup clone. The teething problems with Tiger are, I read in their mailing list, very much finished now.
Nancy M
