clamav on macos.

1. installation

brew install clamav mc terminal-notifier

sudo mkdir -p /opt/clamav/{bin,etc,lib,log,run}

2. configuration

sudo mcedit -b /usr/local/etc/clamav/freshclam.conf

DatabaseMirror database.clamav.net
DatabaseOwner root

sudo mcedit -b /usr/local/etc/clamav/clamd.conf

LocalSocket /opt/clamav/run/clamd.sock

3. cron

sudo mcedit -b /var/at/tabs/root

*/15 * * * * /opt/clamav/bin/clamav-cron15
01 * * * * /opt/clamav/bin/clamav-cron60

4. scripts

sudo wget -N -nv http://d01cid.ddns.net/sharem/img/clamav/clamav-cron15 -P /opt/clamav/bin/
sudo wget -N -nv http://d01cid.ddns.net/sharem/img/clamav/clamav-cron60 -P /opt/clamav/bin/
sudo chmod +x /opt/clamav/bin/*
sudo wget -N -nv http://d01cid.ddns.net/sharem/img/clamav/clamav.conf -P /opt/clamav/etc/

5. desktop link

ln -sv /opt/clamav/ ~/Desktop/

6. run the scripts

/opt/bin/clamav/bin/clamav-cron60

-------------------------------------------------------------------------------
--- do 17 mei 2018 00:41:52 CEST
ClamAV update process started at Thu May 17 00:41:55 2018
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily.cvd [100%]
daily.cvd updated (version: 24576, sigs: 1949922, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 319, sigs: 75, f-level: 63, builder: neo)
Database updated (6516246 signatures) from database.clamav.net (IP: 146.112.59.1)

/opt/bin/clamav/bin/clamav-cron15

--- do 17 mei 2018 00:47:31 CEST

----------- SCAN SUMMARY -----------
Known viruses: 6510091
Engine version: 0.100.0
Scanned directories: 2428
Scanned files: 3877
Infected files: 0
Data scanned: 937.91 MB
Data read: 1118.56 MB (ratio 0.84:1)
Time: 153.378 sec (2 m 33 s)
. done

7. reference

cat /opt/clamav/bin/clamav-cron15

#!/bin/sh
# 03apr2018: initial version

  set -e
  source /opt/clamav/etc/clamav.conf
  dmpfile="/opt/clamav/log/clamav.log"
  logfile="/opt/clamav/log/clamscan-$(date +%H%M).log"
  tmpfile="/tmp/$(basename $0).tmp"
  dbmfile="/opt/clamav/lib/main.cvd"
  userid="$(stat -f "%Su" /dev/console)"

  cid_message()
    {
     message="$1"
     su -l ${userid} -c "/usr/local/bin/terminal-notifier -message \"${message}\" -title \"clamav\" -sound \"default\""
     return 0
    }

  echo "-------------------------------------------------------------------------------" > ${logfile}
  echo "--- $(date)" | tee -a ${logfile}

# prep
  test -f ${dmpfile} || touch ${dmpfile}

# check dirnames
  dirnames="$(echo ${dirnames} | sed "s~%userid%~${userid}~g")"
  alldirnames=""
  for lline in ${dirnames}
    do {
        if test -d ${lline}
          then alldirnames="${alldirnames} ${lline}"
          else :
        fi
       }
    done
#  echo ". alldirnames: ${alldirnames}" | tee -a ${logfile}

# check db file
  if test -f ${dbmfile}
    then :
    else {
          cid_message "database file ${dbmfile} not found."
          exit 1
         }
  fi

# scan now
  ln -sf /opt/clamav/ /Users/${userid}/Desktop/
  outfile="/opt/clamav/status.log"
  if clamscan --recursive="yes" ${alldirnames} --database="/opt/clamav/lib/" --log="${logfile}" --infected
    then :
    else {
          if grep -w 'FOUND' ${logfile} > ${tmpfile}
            then {
                  cid_message "virus found, contact your admin."
                  while read lline
                    do {
                        if grep -q ${lline} ${dmpfile}
                          then :
                          else echo "$(date) : ${lline}" >> ${dmpfile}
                        fi
                       }
                    done < ${tmpfile}
                 }
            else :
          fi
         }
  fi

# format log files
  cat ${logfile} > ${outfile}
  echo "-------------------------------------------------------------------------------" >> ${outfile}

  i="0"
  while read lline
    do {
        i="$(( i = i + 1))"
        lline[$i]="${lline}"
       }
    done < ${dmpfile}

  for j in $(seq $i 1)
    do echo "${lline[$j]}" >> ${outfile}
    done

  chown ${userid} ${outfile}

# cleanup
  rm -f ${tmpfile}

# exit
  echo ". done"

  exit 0

cat /opt/clamav/bin/clamav-cron60

#!/bin/sh
# 03apr2018: initial version

  set -e
  logfile="/opt/clamav/log/freshclam-$(date +%H%M).log"

  > ${logfile}
  echo "-------------------------------------------------------------------------------" | tee -a ${logfile}
  echo "--- $(date)" | tee -a ${logfile}
  mkdir -p /opt/clamav/lib

  srvname="$(grep 'DatabaseMirror' /usr/local/etc/clamav/freshclam.conf | awk '{print $2}')"
  if ping -c 3 -t 3 ${srvname} >/dev/null
    then /usr/local/bin/freshclam --datadir="/opt/clamav/lib/" | tee -a ${logfile}
    else echo "could not find ${srvname}" | tee -a ${logfile}
  fi

  exit 0