Installing and automating ClamAV on macOS
Homebrew is a package managing tool. It’s more popular on Linux but is also used extensively on macOS. In fact, for apps that install as packages, Homebrew is the easiest way to remove them. Here’s how you can install Homebrew on macOS Catalina. In order to install Homebrew on macOS Catalina, you must have Xcode installed. Note: if you are upgrading from previous ROS distro try this before installing: $ brew untap ros/DISTRO. In general it is not recommended to try and install multiple ROS versions at the same time on OS X due to conflicting system dependencies. Get from the download website the setup file: installer-mac.zip To install LogicalDOC unpack the zip archive, open a terminal window and execute the command from command line: $ java -jar logicaldoc-installer.jar. The MacPorts Project is an open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on the Mac OS X operating system. MariaDB Server is available for installation on macOS (formerly Mac OS X) via the Homebrew package manager. MariaDB Server is available as a Homebrew 'bottle', a pre-compiled package. This means you can install it without having to build from source yourself. This saves time. After installing Homebrew, MariaDB Server can be installed with this.
18 August 2017
What’s going down
ClamAV is anti-virus software developed by Cisco.It runs on macOS, the BSDs, Linux, Windows etc.
Even though you’re obviously exercising caution in your daily computing, sometimes it’s worth scanning for software to see if you’ve picked up any malware, even if it hasn’t been able to affect you.
All of the ClamAV setup can be found in the manual.
Throughout, the macOS directory Users can be substituted by home on BSD or Linux and use of $ means that you type what follows.
Manual
To view the manual at any time, just man clamscan or use the link above.
Install
Installation is easier with Homebrew.
Clamav Windows Download
Create and edit configuration files
Comment/Uncomment the following lines, so they look like this:
Update database
If the output is OK, create a log file in /var/log (owned by clamav or another user freshclam will be running as):
Then run the following to start the freshclam daemon:
However, we may find that we get the error:
In which case, we need to edit the following file and comment out the lines so they appear as indicated:
We need to make a similar edit to clamd.conf, but first we need to make it from the provided sample:
This will run the daemon in the background – until shutdown.To make it persist, it’s suggested to use cron and have it run 2+ times per hour.This is fine for BSD and Linux environments but, seeing as cron’s deprecated in macOS, we ought to be using launchd.To run under cron, you have to add the following to the crontab of either root or the user clamav, where ‘N’ is the minutes past the hour at which you want the task to run:
The launchd approach is to paste the following into a LaunchDaemon located at /Library/LaunchDaemons, named something like com.personal.freshclam.plist:
This will run every 30 minutes and check for updates to the database.
Now start the freshclam service:
To check if it’s launched:
There should be an item listed as follows, which indicates that: the job is loaded; the pid (currently ‘-‘ as it’s not running) and the exit code (0 is successful, positive is an error, negative means it was terminated after a termination signal):
And to check that it’s actually updated the av database:
The file should have been updated in the last minute, or when you loaded the LaunchDaemon.
Scanning
Running a full system scan uses the familiar layout of command flags target, flags -r is recursive, –bell shows a Terminal bell when an infection is found and -i will only print the infected files.
The output will show you any infected files, with their locations.
Other options are available, such as the flag --move=/Users/[username]/quarantine which moves viruses to a specified location.
Dealing with infections
When an infection is found, the options depend on which flags you used previously.ClamAV’s --remove flag should remove any infections during the scan.This can be dangerous (and even carries a warning in the manual) as it can/will remove files that an infection is part of.It re-runs the scan and deals with the infections as it finds them.
Alternatively, if you used the --move flag then you could go straight to the specified folder and remove them manually.Lastly, you can just read the locations from the output.
Automated daily scans
The next thing to do is make sure all this is automated so it runs in the background without input.We’ll write a script, courtesy of centosblog.
The script needs to be executable:
Finally, since we told it to write a logfile in /var/log we need to make sure it can be written, so create the file and set the permissions on it to match the user who will be running the script:
Now, for BSD/Linux we just need to install it to crontab and make sure it runs regularly:
Or, for macOS, it’s back to launchd:
And paste:
Finally, let’s just make sure we get system emails telling us if there’s anything found.First, we write a simple script named clam-mail located at ~/Scripts:
This will send an email to root using the postfix setup process that we’ve already been through.Then we create the LaunchDaemon:
What this last daemon does is watches the directory specified under WatchPaths and as soon as there’s any modification of that directory it will send an email to root.Test it, to make sure it’s all working (you should receive an email warning you of infections):
Sources
My preferred anti-virus system is ClamAV and I had trouble getting itrunning on macOS recently. Here’s how I got it going so if you’rerunning to the same issue, this should solve your problem.
I will go through the steps I took and problems encountered. Thisarticle will take you less than three minutes to read.
To get ClamAV running on macOS, run: brew install clamav
Thanks to brew, open source software like ClamAV can run on multipleplatforms.
Normally, I would just run the application directly, in this case:clamav, but that does not exist. The main application is: clamscan
Hmm. What is going on here?
After looking up the man page, man clamscan, one related package isfreshclam, that has a description:
freshclam - update virus databases
Aah - let’s run freshclam to update the definition!
Well, there’s no such file, or where do I get it? Is there a sample somewhere?
Well, it turns out I missed a critical line in the brew install, which was:
To finish installation & run clamav you will need to editthe example conf files at /usr/local/etc/clamav/
🤦♂️ whoops! I didn’t even look (and only when writing up this article,I noticed it).
Let’s make the freshclam.conf file by running command:
Change the following in the file from:
Clamav For Mac
To:
Running the freshclam application again results in:
Great! Now macOS can scan virus too!
I can’t take credit for everything, I found this githubcommentthat basically describes the solution I presented.
I have this article as a way for me to remember but also remind myselfof apps that are better on Linux than macOS.
Getting ClamAV running on macOS isn’t that hard, but I was close togiving up!.
I love using open source software and macOS. As macOS is UNIX based,almost all open source software works on macOS.
There are times where just using Linux to run open source software isa better experience than macOS. ClamAV is one of those times.
Clamav Mac Os Homebrew Bootable
Hopefully, this post has helped you from giving up on open sourcesoftware!