Scripts for Migrating From Symantec to ClamXav
Note: This topic is intended for system administrators managing the migration of Mac OS X computers from Symantec to ClamXav, using a management tool such as Apple Remote Desktop. Individuals who manage their own computers should refer to Uninstalling Symantec and Installing ClamXav: Mac OS X 10.4 and 10.5.
Uninstalling Symantec
ITS has modified and repackaged the RemoveSymantecMacFiles.zip utility from Symantec. The package removes all Symantec products from all drives without any user prompts. You can run this package as the root user from Apple Remote Desktop or another management system.
Download the uninstall package.
Installing ClamXav
Working with the College of Fine Arts, ITS has packaged the ClamXav engine so that it can be installed on a per-machine basis and configured with the appropriate settings. This way, a single installation then runs for each user on the machine, whereas the default ClamXav build must be configured for each user. ITS will provide future updates when a new version of the engine is provided.
The package performs the following actions:
Installs the engine
Installs up-to-date anti-virus definitions
Sets the scanning and update schedule
Sets up the ClamXav Sentry
Defines default settings
Reboots the computer when the installation is complete
To install:
Mount the image.
Install or deploy the .pkg files via Apple Remote Desktop (ARD) as the root user.
Scanning and updates
The package installs launchd tasks to:
Perform weekly scans at 10 p.m. Friday
Perform definition updates at login and every 8 hours thereafter
The weekly scan:
Scans all of /Users, /Applications, /Library, and /System. If the computer is asleep or powered off during the scheduled time, it should initiate the scan at the next available user login event.
Excludes several types of files that clamav can't do anything useful with to speed things up (encrypted FileVault images, VMware disk files, string localizations).
Alerts the user if a virus was found and presents a full list of infected files.
launchd will now keep clamd alive if the process terminates for any reason (except on 10.4).
Folder Sentry ignores .plist files to avoid nearly constant scanning.
Since this installer uses scheduled launchd tasks instead of cron, the weekly scans and daily updates do not display in the ClamXav preferences window. If the user configures a scheduled scan in ClamXav, it writes an entry into the user's crontab and does not modify the launchd scan task. To prevent the possibility of two simultaneous, resource-intensive scans, the launchd scan task first checks for any lines containing "clamscan" in the current user's crontab and aborts immediately if it finds one. There is no conflict if the user configures their own update schedule.
Customizing scanning and update schedules
You can customize the files containing the scan and update schedules. If you customize these files, installing future updates from ITS will likely overwrite any customizations you make. Files are located at:
/Library/LaunchAgents/edu.utexas.ClamXav.ScanLauncher.plist
/Library/LaunchAgents/edu.utexas.ClamXav.UpdateLauncher.plist
You can use any .plist or plain text editor to manually edit them.
Customizing scanned folders
You can customize the script listing which folders get scanned for viruses during the weekly scan. If you customize these files, installing future updates from ITS will likely overwrite any customizations you make. The script is located at /usr/local/bin/edu.utexas.ClamXav.ScanLauncher.sh.
Last updated September 14, 2011 @ 11:07 am
