Installing and Configuring ClamXav Anti-Virus	Printer Friendly
Computing Services Information Document	Apple/Mac OS

General Information

This web page contains information on configuring the ClamXav anti-virus software for Macintosh OS X v10.4.x (Tiger) or above. A version of ClamXav is available for v10.3.x (Panther), but is no longer supported by the developer (and uses outdated virus scanners). Users of older versions of Mac OS X (or Mac OS) should upgrade to a newer version of Mac OS X and/or consider a commercial anti-virus alternative.
Windows users (and Mac users running Windows) should download and install "RADS," available free to the Rutgers community.
NOTE: Users with a dedicated UCS/IT support staff should always consult with same before installing/upgrading/using any software, particularly anti-virus software.

WARNING: As of June 30th, 2006, Rutgers University's contract with McAfee expired. If you are using a Rutgers copy of McAfee Virex, then you MUST uninstall it. The uninstaller is found in the same disk image (.dmg) file as the McAfee installer. You can find more information here, which also provides a link for a v7.5 uninstaller, but if you have v7.7.x, then you can instead use the Virex 7.7.x Uninstaller.

ClamXav is the only free Mac OS X anti-virus product available, but you may instead wish to consider purchasing a commercial anti-virus solution. Some commercial suggestions can be found in a past MacWorld magazine review and a more recent MacWorld security article, although Rutgers does not officially endorse the information and/or products discussed. Other periodicals and/or web sites may have additional information to aid you in making any decision(s). If considering a commercial product, please be sure to inquire about any educational discount pricing, be it direct or through an educational reseller.
NOTE: ClamXav is a legitimate solution, and the only free one available for Macintosh. You may wish to purchase commercial grade software instead, if possible. If this is not possible for you or your department, or you opt to use ClamXav anyway, please be sure that you understand that ClamXav will require some added and regular responsibility and vigilance, and it has a few drawbacks (compared to commercial software), as noted/warned in the instructions below.

Getting Started

You should be sure to use the latest version of ClamXav software, available directly from the developer's site. You should avoid the "Piecemeal Download," if available.

In order to install ClamXav, you must be logged-in as an administrator (or user with administrator control) of your Macintosh system.

If you are already using an earlier version of ClamXav, you should uninstall the older version(s) first. You can do this by running the uninstaller that can also be found in the .dmg installer file ("REMOVE_engine.command"). If you no longer have this file, you can follow the instructions here.
If it is running, make sure to disable the ClamXav Folder Sentry by clicking its top menu bar icon () to select "Quit ClamXav Sentry" from the menu. Next, download, expand and run the "clamavEngineREMOVER.command" file and then move the old ClamXav program from the Applications folder to the trash.

Installing ClamXav

1. Once you have downloaded the latest version of ClamXav, you should have a "disk image" (.dmg) file.
2. Double click on that .dmg file and a "virtual disk" will mount on your desktop and open the "ClamXav" window.
3. Drag the ClamXav application from the mounted disk image to the /Applications (or /Applications/Utilities) folder.
4. You can optionally create a Dock shortcut by dragging the ClamXav application to the Dock after you copy it to /Applications (or /Applications/Utilities).
5. You can optionally add the ability to control-click (right-click) a file/folder and scan it by installing the "ScanWithClamXav.plugin" file to the /Library/Contextual Menu Items folder (if the folder does not exist, create it and then copy the file to same), as follows:

Here's a sample screenshot:

6. Double-click ClamXav in its new location (or single-click it in the Dock).
7. When ClamXav starts, it will prompt you to "install the Clam Anti-Virus engine."

Here's a sample screenshot:

8. Click the Install button.
9. Follow the prompts to install the ClamAV engine to your system.
10. You will need to relaunch ClamXav after installing the ClamAV engine.
11. Immediately update the virus definitions by clicking on the Update virus definitions button.
    NOTE: This requires a working internet connection.

Here's a sample screenshot:

NOTE: Now that ClamXav is installed, it will not protect against anything until you configure it, and run a full scan of your system.

Scanning (First Scan and Manual Scans)

1. Click on the Choose what to scan button.

Here's a sample screenshot:

2. Choose the folder or file to scan.
   NOTE: Although you are not allowed to choose a disk volume itself, you can "select all" files/folders in a disk volume by first selecting a disk and then using the "Edit" menu to "Select All" (or also use the SHIFT or APPLE keys to select more than one item).

Here's a sample screenshot:

3. Click the Open button after making your selection(s).
4. Click the Start Scan button in the ClamXav main window.

Here's a sample screenshot:

NOTE: After performing your first scan and knowing how to manually scan, you should setup ClamXav to automatically scan for viruses.

Automatic Updating/Scanning

Automatic Updates and Scheduled Scans

1. Click on the Preferences button in the ClamXav window.

Here's a sample screenshot:

2. In the Preferences window, select the General tab, and configure as follows:
1. Check the Log the scan results to file box.
2. Check the Log the update results to file box.
3. DO NOT CHECK the "Quarantine infected files to:" box.
   NOTE: If you are using a mail program other than Apple Mail under Tiger/v10.4.x (or newer), then using the "Quarantine Infected Files" box may misplace your mail file, causing you to lose valuable email.
4. Check the Monitor scan with progress bar box.
5. Check the Alert on virus detection box.
6. Check the Scan e-mail files box.
7. Do not check the "Do NOT scan if file name contains:" box.
8. Do not check the "Only scan if file name contains:" box.
9. Leave the "Additional command line arguments:" line blank.

Here's a sample screenshot:

3. Select the Internet tab, and configure as follows:
1. You should be able to leave the "Connection requires proxy" box unchecked and the fields blank.
2. Check the Check for new version of ClamXav box.
3. Check the Check for new version of ClamXav engine box.
4. Check the Update virus definitions box.

Here's a sample screenshot:

4. Select the Schedule tab (you may need to click the "lock" icon and enter your administrator password to change these settings), and configure the Scan sub-tab as follows:
1. Check the box to the left of each day of the week.
2. Use the sliders to set a convenient time for each scan.
3. Checking the "Open scan log automatically after scheduled scan" box is optional.
4. Be sure to click the Save Schedule Settings button (you may again need to enter your administrator password)!
   NOTE: If your computer is not on at the scheduled time, then the full scan will not take place. If you shutdown during the full scan, then the scan will not complete. Full scans are very intensive and may make your system virtually unusable while scanning. It is best to schedule scans for a time when you can leave your computer on and alone, while the scan completes.

Here's a sample screenshot:

5. Configure the Update sub-tab as follows:
1. Check the box to the left of each day of the week.
2. Use the sliders to set a convenient time for each scan.
3. Checking the "Open update log automatically after scheduled update" box is optional.
4. Be sure to click the Save Schedule Settings button (you may again need to enter your administrator password)!

Here's a sample screenshot:

NOTE: Be sure to choose a slightly earlier time for updating (relatively quick process) than for scanning (relatively long process), so that you have the latest updates before scanning.

Automatic Scanning (w/ Folder Sentry)

ClamXav's helper program, Folder Sentry, has the ability to "watch" specified folders for newly-added items and scan them as they arrive.
WARNING: Due to the way that Firefox downloads files, the current version of ClamXav does not properly scan any downloads that you may receive via the Firefox web browser. Use caution whenever downloading unknown or unexpected attachments or any files from the internet, and avoid same whenever possible. As a workaround for the Firefox issue (aside from certain file types), you can manually scan a file with ClamXav after it is finished being downloaded and before opening it.
Also, ClamXav scans .dmg files, but does not scan their actual contents. Mount the virtual disk(s) by double-clicking the .dmg file(s) to then manually scan the contents. If you copy any of the contents to a watched folder area, then Folder Sentry will scan same.
One helpful way to manually scan files is with the "Scan with ClamXav" contextual menu plugin (see step #5 of the "Installing ClamXav" section, above).

1. Make sure that you are still in the "Preferences" screen.
2. Select the Folder Sentry tab, and configure as follows:
1. Drag a folder from any Finder window, or the Desktop, into the list of items to be watched. You should be sure to add any/all folders to which you may ever download files into the "Folders Being Watched" list.
   NOTE: As of v1.1.0, Folder Sentry will scan into all subfolders of watched folders (i.e., recursive scanning), so we recommend adding your home directory (aka, /Users/[username] and shown as a tilde, ~, in the watched list). Due to permissions issues, we DO NOT recommend adding the entire /Users folder to the list, and non-admin users may need to adjust their watch list to avoid folders for which they do not have the permissions to scan.
2. Repeat for any other folders you wish to have the Folder Sentry watch.
   NOTE: It is not possible to drag an entire hard drive in the list, but every top level folder of each hard drive can be watched.
   WARNING: Files downloaded and/or copied to any area not within a folder in the list will not be scanned! Some special system folders/files on a hard drive may be "invisible" and therefore not be able to be added to the list (they may be scanned if they are subfolders of a watched folder?), so ClamXav will not provide 100% protection. ClamXav does at least provide a useful amount of protection when configured properly.
3. Check the Scan inserted disks (Beware of network or large volumes) box (but note the warning).
   NOTE: Folder Sentry can be halted during nay unnecessary scan by clicking its menu bar icon () and selecting the "Abort Scans" and then "Really Abort Scans" option.
4. Check the Launch ClamXav Sentry when you log in to this computer box.
5. Leave the "Quarantine Infected Files" and "Delete Infected Files" boxes unchecked to avoid inadvertent problems with some files/programs.
   NOTE: If you are using a mail program other than Apple Mail under Tiger/v10.4.x (or newer), then using the "Quarantine Infected Files" or "Delete Infected Files" box may misplace your mail file, causing you to lose valuable email!
6. Leave the Turn off Spotlight support box unchecked to allow for scanning of folders within watched folders. This is only available in the Tiger (10.4.x)/Leopard (10.5.x) version, not the Panther (10.3.x) version.
7. Be sure to click the Save Settings & Launch ClamXav Sentry button!

NOTE: If you add any additional folder(s) to the list at a later time, be sure to first quit Folder Sentry, using the "Quit ClamXav Sentry" option by clicking on its menu bar icon () and then clicking the "Save Settings & Launch ClamXav Sentry" button after adding any folder(s) to the list.

Here's a sample screenshot:

Handling Virus Alerts

Now that ClamXav is installed and configured, it should display an alert upon finding any virus(es). Reacting to such virus alerts, and handling any suspect file(s), is the user's responsibility. ClamXav is not equipped to "clean" viruses from files, and automatic quarantine (moving) or automatic deletion of files is not recommended. Infected files may be deleted manually, but should not be opened (or passed on to others) at the very least. If a virus is found in an area or file with which you are unfamiliar (i.e., not in a file that you downloaded, received as an attachment or otherwise can safely delete), then you should contact help@camden.rutgers.edu for more information.

Questions/Comments/Concerns

Additional information on configuring and using ClamXav can be found by going to the "Help" menu in ClamXav.

If you have any difficulty with any of the above, please contact help@camden.rutgers.edu for more information.

Additional technical support can be found online, via the ClamXav forum.