ClamAV for OS X

ClamAV is a free anti-virus package for OS X. This page will get you started.

Reviewed by Bil Hays 04/29/2014

Getting Clamav

Clamav is an opensource antivirus application that is available for most operating systems, and it is what we recommend for OS X and Linux. An alternative is the MS Security Endpoint product distributed by ITS at shareware.unc.edu

The clamav software is readily installable via fink or darwinports, but the best solution for most users is ClamXav, a free graphical front end that includes the clamav software.

Download the ClamXav package and start the application after moving it to the application’s folder.

clamxav_install

If you are using 10.6 or later, that’s all you need to do. Users of earlier versions should also install the plugin.

Manual Scans

To run a manual scan, just select the directory you’d like to scan. Scanning your entire home directory can take a fairly long time. If any viruses are found, you can ctrl-click on them and choose delete to get rid of them.

clamxav_scan

Setting Up Automated Protection

In the General Preferences, enable Update virus definitions on launch. This will make sure that when you start the application you’ll have the most up to date definitions. One thing to be aware of, if you use an imap client that keep copies of attachments locally for offline reading, if clamav finds malware in those files, it will quarantine them, but then find them and quarantine them again after your imap client resyncs the local copies from the imap server. In that case it may be best to not scan mail.

clamxav_general

You should set up a regular scan. For desktop systems that are left on overnight, scanning early in the morning is the best option for most users. If you’re on a laptop or shutdown your machine, pick a time that the machine is likely to be running and your work load is likely to be light, since scanning for viruses can load your machine down a bit. The scans may cause a laptop to get warm. If you enable Sentry (below), full scans are less critical.

clamxav_schedule

You should also enable Sentry, as this will enable live scans of files as they are modified. In this example, I am scanning the Users directory, Applications, and Library folders.

 

clamxav_sentry_dir

One thing to keep in mind about this option is that if any directories on your machine sync to other directories, you may wind up quarantining the same files over and over.

Finally, none of this will do anything about infected files. If you are like most people, you probably don’t check your logs every day, so we’ll want to setup an quarantine folder and move any infected files there. Do not enable this option until after you’ve run a few manual scans, however, as you’ll want to see what the program will find before allowing it to do anything.

clamxav_quarantine

If you’d like to test this or other anti-virus software you can get a fake malware sample from eicar.