Scheduled virus scanning with Clamav

Rationale

ClamXav is the pre-eminent free virus scanner for OS X. It utilises the open source Clamav scanning engine, which it installs for you. There are however issues with using ClamXav to do scheduled virus scanning (go search the ClamXav forums if you'd like details), plus it does not take advantage of clamd/clamdscan, clamav's daemon-based scanning solution that offers HUGE performance gains. This guide aims to solve all this by utilising the clamav installation directly.

Resources

Procedure

  1. Optionally set up clamd (see my HOWTO here). This step is not a pre-requisite, but you will see SIGNIFICANT performance improvements if you follow it.
  2. Throughout this HOWTO, wherever you see ***** you must subsitute your short username (the name that's used for your folder in Finder).
  3. Create two new folders in your Documents folder; "VirusScanningScripts" and "Quarantine". Ensure there are no spaces in the folder names.
  4. Download the scanning script from the Resources section above, and place it in the new folder. You may wish to review the script notes at this point.
  5. Open the script in a text editor of your choice; substitute your short username wherever you see ***** in the file. Save and exit.
  6. Set the script's file permissons to make it executable. I'm afraid this is beyond Finder's capabilities, so you'll need to do the following in Terminal:
    • cd /Users/*****/Documents/VirusScanningScripts
    • chmod 755 clamscan.sh
  7. Test that this works by executing it from the commandline. Note that this may take several hours to complete, depending upon how much stuff you have on disk. You'll know it has finished when a new file appears on your desktop - this is the scan log. To run the script:
    • cd /Users/*****/Documents/VirusScanningScripts
    • ./clamscan.sh
  8. Now we need to set up the automated scheduled script execution. This will be done using the cron daemon - a feature built into OS X for just this purpose. It has built-in daily, weekly and monthly runs, which are stored in /etc. Let's say you'd like the virus check to run every month:
    • Open /etc/monthly.local in a text editor. It is probably empty right now.
    • Add this line to the file: sh /Users/*****/Documents/VirusScanningScripts/clamscan.sh
  9. You're done.

 

Script Notes

  • If you'd like to have finer-grained control over when the script runs, download and install Cronnix - a GUI tool for configuring individual cron jobs.
  • Lines starting with # in the script are comments (hence as it stands the script does not exclude VirtualPC drives from scanning).
  • The script scans only /Users and /Library, and explicitly excludes my Mail folder. This is because I scan all incoming mail anyway. Modify the script to suit yourself in this regard.
  • The scripts copies rather than moves infected files to the Quarantine folder.