Service Alerts (1 New)

Anti-Virus Software

Scripts for migrating from Symantec to ClamXav

Note: This topic is intended for system administrators managing the migration of Mac OS X computers from Symantec to ClamXav, using a management tool such as Apple Remote Desktop. Individuals who manage their own computers should refer to Uninstalling Symantec and Installing ClamXav: Mac OS X 10.4 and 10.5.

Uninstalling Symantec

ITS has modified and repackaged the RemoveSymantecMacFiles.zip utility from Symantec. The package removes all Symantec products from all drives without any user prompts. You can run this package as the root user from Apple Remote Desktop or another management system.

Download the uninstall package.

Installing ClamXav

Working with the College of Fine Arts, ITS has packaged the ClamXav engine so that it can be installed on a per-machine basis and configured with the appropriate settings. This way, a single installation then runs for each user on the machine, whereas the default ClamXav build must be configured for each user. ITS will provide future updates when a new version of the engine is provided.

The package performs the following actions:

  • Installs the engine
  • Installs up-to-date anti-virus definitions
  • Sets the scanning and update schedule
  • Sets up the ClamXav Sentry
  • Defines default settings
  • Reboots the computer when the installation is complete

Download the install package

To install:

  1. Mount the image.
  2. Install or deploy the .pkg files via Apple Remote Desktop (ARD) as the root user.

Scanning and updates

The package installs launchd tasks to:

  • Perform weekly scans at 10 p.m. Friday
  • Perform definition updates at login and every 8 hours thereafter

The weekly scan:

  • Scans all of /Users, /Applications, /Library, and /System. If the computer is asleep or powered off during the scheduled time, it should initiate the scan at the next available user login event.
  • Excludes several types of files that clamav can’t do anything useful with to speed things up (encrypted FileVault images, VMware disk files, string localizations).
  • Alerts the user if a virus was found and presents a full list of infected files.
  • launchd will now keep clamd alive if the process terminates for any reason (except on 10.4).

Folder Sentry ignores .plist files to avoid nearly constant scanning.

Since this installer uses scheduled launchd tasks instead of cron, the weekly scans and daily updates do not display in the ClamXav preferences window. If the user configures a scheduled scan in ClamXav, it writes an entry into the user's crontab and does not modify the launchd scan task. To prevent the possibility of two simultaneous, resource-intensive scans, the launchd scan task first checks for any lines containing "clamscan" in the current user's crontab and aborts immediately if it finds one. There is no conflict if the user configures their own update schedule.

Customizing scanning and update schedules

You can customize the files containing the scan and update schedules. If you customize these files, installing future updates from ITS will likely overwrite any customizations you make. Files are located at:

  • /Library/LaunchAgents/edu.utexas.ClamXav.ScanLauncher.plist
  • /Library/LaunchAgents/edu.utexas.ClamXav.UpdateLauncher.plist

You can use any .plist or plain text editor to manually edit them.

Customizing scanned folders

You can customize the script listing which folders get scanned for viruses during the weekly scan. If you customize these files, installing future updates from ITS will likely overwrite any customizations you make. The script is located at /usr/local/bin/edu.utexas.ClamXav.ScanLauncher.sh.