"avSetup.pkg" will damage your computer. You should move it to the Trash. Safari downloaded this file today at <time> from <site>. It contains the "OSX.MacDefender.B" malware.An image of this alert can be seen below.
When Apple released information about this update, it was widely said that there was no way that Apple was going to be able to update their definitions in a timely manner so that the OS X would be protected against new variants as they are released. In my opinion, properly protecting a computer is the job of a third-party security software that can quickly release new definitions rather than a OS controlled definition update that must pass through what are typically much more rigorous quality control steps before it is released. This delay would provide a good window of opportunity for this infection to defraud end-users.
As part of the new security update, Apple has enabled a new option by default in the Security preferences screen labeled Automatically update safe downloads list. The safe downloads list is the definition files that OS X will use to protect the operating system from known threats. Enabling this option will allow OS X to query for new updates to the safe downloads list and automatically download it when it has become updated. Historically, Apple has not been quick to update the safe download list when new threats were released. Hopefully this will change.
To bypass this new update, the Mac rogue developers have already released a new version of the Mac Guard downloader. Instead of using the old installer called avSetup.pkg and the downloader app called avRunner, it instead installs a different installer called mdInstall.pkg and a download application named mdDownloader. This new version of the downloader is not detected by Security Update 2011-03 and allows the program to be easily installed.
My advice to Mac owners is to get an anti-virus software installed. These rogue programs are not going away and will only get worse.
For those who may get infected, the BleepingComputer Mac Rogue Remover tool continues to be able to remove this infection.
Updated to include new Security preferences option - 06/01/11 01:26PM EST