A Non-Graphical ClamAV Antivirus Solution for Mac OS X
I forked and updated this repository for the most recent Brew downloads as a free alternative to ClamXav. clamav-mac sets up real-time directory monitoring and schedules periodic scans. The scripts use ClamAV as an AntiVirus engine and fswatch to actively monitor directories for new or changed files, which are then sent to clamd for scanning.
Frankly, it is debatable whether antivirus software is helpful on MacOS after 10.15 with the advent of built-in controls. See Apple's implementation
This work is provided as is without any expressed or implied warranties. Use this software at your own risk only after reading and understanding the effects of the configuration scripts.
All prerequisites will be automatically installed with Brew. I have tested clamav-mac on Mojave and Ventura ,but it may also work in other versions of OS X.
clamav-mac performs two types of scans:
When a file is changed or created, it will be scanned immediately. By default, the /Users directories are monitored. Scheduled scanning: clamav-ma will perform recursive scans of directories at scheduled times. By default, the entire /Users direectoriesn are scanned once a week. In all cases, when a virus is found, it is moved to the quarantine folder and an email is send to the administrator.
Important Note - the scripts overwrite previous repository configuration files including those for Clamv. If you need to retain any changes in those files, make copies before running the script.
git clone https://github.com/cayossarian/clamav-mac.git
chmod 700 install.sh configuration.sh
./install.sh
In order for clamv to scan your files it needs full disk access which is set in macos settings->Privacy and Sercurity->Full Disk Access. Open the settings and drag clamdscan and clamscan from a finder window into the dialog and enable their access by toggling them on. Use a terminal to find their locations easily.
which clamdscan
which clamscan
This configuration will bootstrap clamav-mac by installing the lastest versions of ClamAV and fswatch from brew. It will schedule a full file system scan once a week and update signatures once a day. It also sets up live monitoring for the $HOME directories. Each of these things can be configured by modifying script variables.
By default, the installation directory is ~/clamav-mac.
Contains all logs of the program: /var/log/clamav
Contains all configuration files:
Cron files: `/var/root/.clamav/`<br/>
Launch Deamon files: `/Library/LaunchDaemons (plists)`<br/>
Clamav configuration files: `/opt/homebrew/etc/clamav`
Contains all the malware: /var/jail
Contain the script launch by launchd: /var/root/.clamav/
sudo launchctl unload -w /Library/LaunchDaemons/com.clamav_cron.plist
sudo launchctl unload -w /Library/LaunchDaemons/com.clamav_tr.plist
The script provides basic Postfix email configuration that works for local machine mailbox addresses but if you need to map from a local machine mailbox address (like somebody@machine.local) to a domain (like somebody@me.com) you'll need to do a bit more configuration:
-
Ensure this generic mapping line is present in
/etc/postfix/main.cf
smtp_generic_maps=hash:/etc/postfix/generic -
Edit
/etc/postfix/generic
, adding mapping lines similar to the examples the email authentication is expecting for the external domain user, (rewrites the FROM header so emails appear to be from the correct user@domain address):somebody@machine.local somebodyd@me.com
root@machine.local somebody@me.com
-
Run:
sudo postmap /etc/postfix/generic
-
Run:
sudo postfix reload
-
Edit /etc/aliases
# Put your local aliases here.
root: somebody@me.com
-
Run:
sudo newaliases
-
Run:
sudo postfix reload
Test your email configuration by sending an email to root and see if it is forwarded to your own external email:
In one terminal window Monitor the postfix log:
log stream --predicate '(process == "smtpd") || (process == "smtp")' --info
In a second terminal Send an email:
echo "Testing my new postfix setup" | mail -s "Test email from `hostname`" root
Watch for email authentication errors or other problems in the log output. If you have an authentication error check your email name and application specific password in /etc/postfix/sasl_passwd. Remember if you change the passwords in sasl_passwd, rerun the command:
sudo postmap /etc/postfix/sasl_passwd
Create a test file Within a ~/Downloads directory
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > clamav-testfile
The file should be moved to /var/jail and you should receive an email regarding the test "virus"
- cayossarian, forked from coldnfire
This project is licensed under the MIT License - see the LICENSE file for details
$ coldnfire/clamav-mac