Clamav Antivirus For Mac

The Non-Graphical ClamAV Antivirus Solution for Mac OS X

Clam AntiVirus (ClamAV) is a free software, cross-platform and open-source antivirus software. Immunet Mac Internet Security K7 Total Security Kaspersky Anti-Virus Kaspersky Internet Security Malwarebytes McAfee VirusScan.

Parallax downloads programming software. I wrote this as a free alternative to the excellent ClamXav. MacClamsets up real-time directory monitoring and schedules periodic scans.It uses ClamAV asan AntiVirus engine and fswatch to actively monitor directories for new orchanged files, which are then sent to clamd for scanning. Periodicfull scans are scheduled with cron. It also provides a way to scanindividual files or directories on demand from the command line.

I have tested MacClam on Mojave (macOS 10.14). but it may also workin other versions of macOS.

Prerequisites

You will need to have Apple's Xcodecommand line tools which can be installed with

Then click 'Install'. After you have installed the command line tools,if you are on Mojave, you will also need to install the macOS headerspackage with

Installation

Installation is very simple. After installing prerequisite tools, type the following in a terminal.

This will bootstrap MacClam by building the lastest versions of ClamAVand fswatch from source. It will schedule a full file system scanonce a week and update signatures once a day. It also sets up livemonitoring for the $HOME and /Applications directories. Each of thesethings can be configured by modifying script variables and re-runningthe script.

By default, the installation directory is ~/MacClam. This directorycontains all the source, binaries, log files, and quarantine folder.The only artifact of the installation outside this directory is thecrontab and the MacClam.sh script itself, which is required forMacClam to function. If you want to move the MacClam.sh script toanother location, just re-run it from the new location and the crontabreferences will be updated. It can be totally uninstalled byrunning ./MacClam.sh uninstall.

Clamav Antivirus For Mac

Usage

./MacClam.sh does the following:

  • Builds clamd and fswatch from source if needed
  • Sets up regular signature updates and full scans in crontab
  • Updates clamd signatures
  • Starts active monitoring services clamd and fswatch if not already running
  • Sets active monitoring to run on startup (also done in crontab)
  • If run from a terminal, it will show any current scanning activity

The following command

does everything previously listed, and then runs clamscan on the filesor directories. Multiple files or directories can be specified.

Opens the quarantine folder in Finder. By default, this is~/MacClam/quarantine

Displays a help message.

Uninstalls MacClam. More specifically, it stops clamd and fswatch.It removes MacClam entries from the crontab. It moves the quarantinedirectory from the MacClam installation directory to~/MacClam_quarantine, just in case there's something in there youwant. It deletes the MacClam installation directory which containsclamav and fswatch. It does not delete the MacClam.sh file, and youcan reinstall MacClam by running it again.

Customization

Scheduled scans, monitoring and installation location can beconfigured by editing configuration variables at the beginning of thescript, and then running the script again to apply your changes.

Design Principle

MacClam.sh is designed to have a very simple interface -- one commandto do everything. It is idempotent, meaning that re-runningMacClam.sh will do nothing if everything is set up correctly andservices are running. If there are changes in the configurationvariables, it will make sure they are applied, and restart services asnecessary.

Virus Scans

MacClam performs three types of scans:

  1. Active monitoring: MacClam will monitor any directories you specifyfor activity. When a file is changed or created, it will bescanned immediately. By default, the $HOME and Applicationsdirectories are monitored.
  2. Scheduled scanning: MacClam will perform recursive scans ofdirectories at scheduled times. By default, the entire hard driveis scanned once a week. Scheduling is done with cron.
  3. On-demand scanning: Running MacClam.sh with one or more file ordirectory arguments will scan the files or directories specified.

In all cases, when a virus is found, it is moved to the quarantinefolder. For active monitoring, when a virus is identified, a briefgraphical notification is shown in the top-right corner.