MacDevCenter    
 Published on MacDevCenter (http://www.macdevcenter.com/)
 See this if you're having trouble printing code examples


What Is ClamXav (and do Mac users really need antivirus)

by FJ de Kermadec
08/19/2005
ClamXav
ClamXav is a free virus checker for Mac OS X. It uses the very popular ClamAV open source antivirus engine to scan mail and attachments. As a testament to its effectiveness, Apple now bundles ClamAV with Mac OS X Server 10.4. Unfortunately for those who are not system administrators, ClamAV is a command line tool, so it isn't user-friendly for the average Mac owner. That's why Mark Allan developed ClamXav. It uses the powerful ClamAV engine and definitions, but adds a more accessible user interface. This article explains how to use ClamXav, and it includes an interview with its developer, Mark Allan.

In this article:

  1. Introducing ClamXav
  2. Downloading and Installing ClamXav
  3. Updating ClamXav
  4. Setting up ClamXav
  5. Setting up the ClamXav Sentry
  6. Testing ClamXav and the Sentry
  7. An Interview with Mark Allan, ClamXav Developer

The open source ClamAV project has enjoyed great success over the years and is relied upon by many large and small companies. This antivirus application is robust and its definitions are regularly updated. Plus, it's free.

Run Windows on your Intel Mac

So, why not put ClamAV to use on your desktop? After all, anything good enough to clean thousands of emails daily without crashing should prove helpful on a home computer. This is exactly what we are going to do, with a little help from independent developer Mark Allan.

Introducing ClamXav

Since ClamAV is essentially a command-line application, it's not the easiest beast to tame. This is why I'm introducing you to ClamXav, a GUI (Graphical User Interface) built around ClamAV and its scanning engine.

ClamXav is written by Mark Allan, an independent software consultant who wanted to tap into ClamAV's power but didn't like having to work with the command line to do so. While more options are available through the ClamAV command line interface, installing the ClamXav application and relying on its default configuration should provide you with a good degree of security right out of the box.

Downloading and Installing ClamXav

Once you download ClamXav, simply drag the Clam icon onto your Applications folder, or the destination of your choice. You might also want to hang on to the manual and extras that are included in the disk image.

To complete the installation procedure, launch ClamXav from your hard drive. The application will check for the presence of an up-to-date Clamav engine and, if it does not detect any--which it shouldn't the first time you launch it or after an upgrade--will launch an engine installer for you to use.

The engine installer relies on Apple's very own Installer and will therefore provide you with a familiar interface. Simply click through the procedure, as you would do with any other installer. Once it quits, you're all set to re-launch the ClamXav application one last time from the Finder and start using it! Easy, huh?

Updating ClamXav

Related Reading

Degunking Your Mac, Tiger Edition
By Joli Ballew

Most commercial products never explain the difference between application updates and engine updates, making ClamXav's options seem slightly more complex at first. The engine is basically what does the actual virus scanning, and the application manages the process and interacts with you. For now, unless you have decided to download and compile your own engine, you can let the software guide you as to what to do. Simply update whenever you're asked to; the procedure is always the same.

The ClamAV project updates its engine, along with the definitions, on a regular basis, both for security and functionality reasons. It's up to you to decide whether you want to download and compile your own engine or wait for ClamXav to be updated with the new engine. If you decide to rely on ClamAV for your work computers, it is a good idea to subscribe to a security mailing list to stay current with the updates.

Setting up ClamXav

By default, ClamXav specializes in on-demand scanning, a wise move that provides you with the assurance the application will not start altering your files without your consent. The default mode isn't as comprehensive security-wise as a custom configuration. Therefore, you might want to take a short trip to the preferences window.

The General preferences are mostly self explanatory. I recommend enabling logging, so that you can keep track of what's happening. Also, keep quarantine disabled, as this option can lead to unexpected movements of data. The choice to scan mail in .mbox files is up to you and will depend on the mail client you use. The new Tiger Mail, for example, no longer relies on this format but such files may be left over from your Panther installation if you performed a simple upgrade. Monitoring the scan with a progress bar will make for a more visually appealing experience, but unfortunately slows the process down.

While the Proxy settings in the Internet tab depend on your network configuration, I recommend that you update all definitions at launch and check for new versions of both ClamAV and its engine. This will help you stay up-to-date and safe, by not skipping potentially important security updates.

As a side remark, note that ClamXav does not update virus definitions securely--in other words, it does not check the signature of the files--which, in the unlikely event it reaches a poisoned or corrupted server, might cause it to disfunction. If you want to enable that layer of security, you will need to compile your own engine, as explained on the application's website.

Schedule preferences will mostly appeal to those who leave their computers on overnight. As they rely on a cron job to do their work, this pane requires that you authenticate, allowing ClamXav to modify the necessary system files.

Setting up the ClamXav Sentry

While the ClamXav Sentry looks like just another tab in a preferences sheet, it's actually an amazing part of this application. Indeed, the Sentry brings background scanning capabilities to ClamAV on Mac OS X, but does so while staying remarkably lightweight and transparent--something most background-scanning competitors cannot do.

To start using the Sentry, simply add folders to its watch list by dropping them onto the window. Be careful not to add folders containing heavily nested folders, as this can eventually lead to slowdowns. It's better instead to create a long list of single entities--good candidates are your Public folder, Mail downloads, and the computer's Shared folder. Once the Sentry is activated, it will wake up and silently scan any file created in these locations.

Setting the Sentry to automatically start when you log into your Mac is obviously something you want--not doing so would negate the whole point of background scanning. Scanning removable media, on the other hand, can lead to serious slowdowns if you decide to mount a slow server or insert a DVD in your optical drive.

To save the Sentry settings, use the special "Save Settings and Launch ClamXav Sentry" button that will take care of all the file writing and daemon restarting involved in the operation for you.

Notice the new menu that appeared in your bar? This is the ClamXav Sentry menu, that will discretely flash every time Clamav is at work behind the scenes. If the application detects a virus, it will immediately pop up an alert window informing you of the fact.

Testing ClamXav and the Sentry

The best way to test ClamXav and its Sentry feature is to simply download a file called the EICAR test file. This file, actually a harmless text file, is an industry-standard test designed to activate antivirus applications. If your antivirus protection reacts to it, chances are that it is configured properly and working as expected.

To get it, go to this page and download the files listed at the bottom, from the left to the right. These are basically the same file but it is increasingly disguised, zipped, and stealthed to make it harder for your antivirus to detect it. Clamav should detect all the files in a flash and warn you about them.

Once you confirm that ClamXav passed the test, you can safely delete the file and go back to work.

An Interview with Mark Allan, ClamXav Developer

By now, you should be up and running with ClamXav and enjoying a new layer of protection on your Mac. As usual, I encourage you to read the ClamXav manual and website to get a complete idea of what that application can do for you. The ClamXav website also contains great community-powered forums that should assist you if you encounter any problems with the application.

For now, however, let's kick back and relax with a brief conversation with Mark Allan, ClamXav developer.

FJ: ClamXav has recently reached version 1--1.0.1 at time of writing--which seems to indicate it has reached a level of maturity. How long did it take you to get it to this point?

MA: ClamXav was a project I started during the summer of last year [2004]. At the start, it was incredibly basic consisting of a window with only three elements: a text input field to type the path of a directory to be scanned, a button to initiate the scan, and a large text box where the output of the scan would appear. As you can see from its appearance and functionality today, we've come quite a long way in the space of a year!

FJ: Indeed. I must say ClamXav is one of the most elegant Aqua-conforming antivirus applications I have seen since I started using Mac OS X. Did you get any special input from users while you were designing it?

MA: Well, to be honest, that's about the first positive comment I've had regarding the interface. Thanks! As for the rest, "special" would certainly be one word you could use to describe the feedback I've had. They range from the mildly constructive "horrible flagrant use of brushed metal" to the just plain rude.

FJ: Whoops… You followed your heart, then!

MA: I've been a Mac user for 13 years, and I have a pretty good idea of what feels "right" and "Mac-like" to me, so that's how I designed ClamXav. It looks very wrong in the non-brushed-metal theme, so I've stuck with it. If any designers out there would like to take a shot at redesigning the interface, please drop me a line.

FJ: Were you already familiar with ClamAV before starting your work?

MA: Yes I was, but not for long. I was looking for a low cost or free antivirus program for my computer, as I had just forwarded an infected Word document to a friend of mine who used Windows at the time. He's now been converted but that's another story. I came across ClamAV which was an open-source virus scanner for UNIX and its variants. When I downloaded, built and ran it, I was amazed that not only did it work, but that it also picked up the infected file I had sent to my friend.

I used it for about two weeks before getting fed up with the command line interface as is common in open-source tools. I still wanted to use the software, but needed to make it easier to use. As a result, ClamXav was born.

FJ: That sounds like one of the success stories you see on the ADC website. As the father of ClamXav, what would you say are its strong points?

MA: I think the main advantages of ClamXav are that it's free, the scanning engine is supported and maintained by a large international community of excellent programmers and, with ClamXav being written by only one person, when people have problems, questions or suggestions for new features, they get to speak directly to the programmer--me. I try my best to answer emails as soon as I can and will always endeavor to add requested features.

FJ: Excellent points. And, ClamXav being a security application, I'm sure you get plenty of e-mails! Since we're talking about requested features, the ClamXav Sentry brings elegant background scanning back to antivirus applications on the Mac. I assume this was a heavily requested addition. Was developing it particularly challenging?

MA: The ClamXav Sentry feature was the single most difficult feature I've added to ClamXav to date. Not only did it involve months investigating how to monitor folders properly for changes (i.e., not just crudely comparing the contents at specific intervals), I had to go back to my grass roots and brush up my C programming skills--a language I've not used in about 5 years.

On top of that, procedures in C/C++ cannot be used in Java, which is what ClamXav is written in. The only option was then to learn an entirely new language, Objective-C, and to program ClamXav Sentry as a completely separate entity. That, in turn, brought its own issues of how to keep ClamXav and Sentry separate but make it appear as one in the same package. I've still got some distance to go in that regard, but I think it's getting there.

FJ: You touch on the topic of security on your website. Do you feel the Mac community at large has become lenient with regard to viruses?

MA: In a way, yes, but I'm not convinced complacency when it comes to viruses is a trait unique to Mac users. If it were, then that implies that all those people on the non-Mac side of the fence have up-to-date antivirus software and are adequately protected. I very much doubt that is the case and in my opinion, the greater issue which needs to be addressed is a lack of knowledge about computer security in all computer users.

Antivirus software and other security tools (firewall, rootkit scanners etc) need to ship with all computers and come pre-configured to update themselves automatically. Until that happens, viruses and security issues will continue to crop up time and time again.

FJ: That's a great point to close with. Thanks so much for your time, Mark.

FJ de Kermadec is an author, stylist and entrepreneur in Paris, France.


Return to the Mac DevCenter

Copyright © 2009 O'Reilly Media, Inc.